Date: Wed, 09 Aug 2000 09:15:00 -0400 From: Nathan Vidican <webmaster@wmptl.com> To: Thomas Good <tomg@mailhost.nrnet.org> Cc: questions@freebsd.org Subject: Re: Nobody versus FreeBSD Message-ID: <39915954.87BE2324@wmptl.com> References: <Pine.LNX.4.10.10008090825480.21660-100000@mailhost.nrnet.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thomas Good wrote:
>
> Hello!
>
> I have a (postgres) database accessed via apache and perl/CGI.
> Nobody is my default user. The code that works on Linux (boo hiss)
> is failing on FBSD in one minor area: mail delivery.
>
> The perl scripts generate email for diff purposes, however, whilst
> running on an FBSD box, Nobody the postman runs into a problem.
> He is unable to write to /var/spool/mqueue.
>
> Permissions are identical linux to bsd: 755 from /var to .../mqueue
> Ownership is correct (root.daemon for the target dir) although diff
> from Linux (root.mail). Is any of this pertinent?
>
> Also, the entry in /etc/passwd for nobody is similar across systems.
> He is a member of his own (nonexistent ;-) group. Would adding a
> group be advisable or is there a less insecure solution?
>
> Thanks very much!
> Tom Good
>
> --------------------------------------------------------------------
> SVCMC - Center for Behavioral Health
> --------------------------------------------------------------------
> Thomas Good tomg@ { admin | q8 } .nrnet.org
> IS Coordinator / DBA Phone: 718-354-5528
> Fax: 718-354-5056
> --------------------------------------------------------------------
> Powered by: PostgreSQL s l a c k w a r e FreeBSD:
> RDBMS |---------- linux The Power To Serve
> --------------------------------------------------------------------
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
Change the group writeable permissions for /var/mqueue, and add the user
nobody to said group. This is generally not a good idea if you are not
the sole user (or customer) on the box. It should not adversly effect
anything else, but it may allow other services (such as a webserver)
running as nobody to write to said directory. Again, if you have total
control over the machine, that shouldn't be a problem, but if you do
virtual-hosting, or anything like that you may want to make sure your
webserver isn't running as the user 'nobody'.
chmod 775 /var/mqueue
add user nobody to group 'daemon'.
--
Nathan Vidican
webmaster@wmptl.com
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39915954.87BE2324>