Date: Thu, 25 Oct 2001 12:47:02 +0600 From: "Sergey N. Voronkov" <serg@tmn.ru> To: Dave <mudman@R181172.resnet.ucsb.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: lowering uids, startup Message-ID: <20011025124702.A41897@sv.tech.sibitex.tmn.ru> In-Reply-To: <Pine.BSF.4.33.0110242313350.17839-100000@R181172.resnet.ucsb.edu>; from mudman@R181172.resnet.ucsb.edu on Wed, Oct 24, 2001 at 11:36:16PM -0700 References: <Pine.BSF.4.33.0110242313350.17839-100000@R181172.resnet.ucsb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 24, 2001 at 11:36:16PM -0700, Dave wrote:
>
> I am interested in learning how to start up a program (a 3rd party server
> program, a daemon, whatever) automatically from boot up without using
> inetd and without using a root uid.
% man inetd.conf
[skip]
the beginning of a line. There must be an entry for each field. The
fields of the configuration file are as follows:
service name
socket type
protocol
{wait|nowait}[/max-child[/max-connections-per-ip-per-minute]]
user[:group][/login-class]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Exactly what do you need.
server program
server program arguments
> I do know that /usr/local/etc/rc.d/ (mostly from my ports downloads) will
> automatically run packages such as ssh and apache, and really anything you
> put in there. Unfortunately, these things initially run as root, so I'm
> skeptical about using it.
% man su
[skip]
su [-] [-Kflm] [-c class] [login [args]]
DESCRIPTION
Su requests the Kerberos password for login (or for `login.root'', if no
login is provided), and switches to that user and group ID after obtain-
ing a Kerberos ticket granting ticket. A shell is then executed. Su
will resort to the local password file to find the password for login if
there is a Kerberos error. If su is executed by root, no password is
requested and a shell with the appropriate user ID is executed; no addi-
tional Kerberos tickets are obtained.
[skip]
-l Simulate a full login. The environment is discarded except for
HOME, SHELL, PATH, TERM, and USER. HOME and SHELL are modified
as above. USER is set to the target login. PATH is set to
`/bin:/usr/bin''. TERM is imported from your current environ-
ment. Environment variables may be set or overridden from the
login class capabilities database according to the class of the
target login. The invoked shell is the target login's, and su
will change directory to the target login's home directory.
Resource limits and session priority are modified to that for the
target account's login class.
- (no letter) The same as -l.
Example to your usage:
su - www telnetd -debug 2021
Good Luck!
Serg N. Voronkov,
Tyumen, Russia.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011025124702.A41897>