Date: Thu, 25 Oct 2001 12:47:02 +0600 From: "Sergey N. Voronkov" <serg@tmn.ru> To: Dave <mudman@R181172.resnet.ucsb.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: lowering uids, startup Message-ID: <20011025124702.A41897@sv.tech.sibitex.tmn.ru> In-Reply-To: <Pine.BSF.4.33.0110242313350.17839-100000@R181172.resnet.ucsb.edu>; from mudman@R181172.resnet.ucsb.edu on Wed, Oct 24, 2001 at 11:36:16PM -0700 References: <Pine.BSF.4.33.0110242313350.17839-100000@R181172.resnet.ucsb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 24, 2001 at 11:36:16PM -0700, Dave wrote: > > I am interested in learning how to start up a program (a 3rd party server > program, a daemon, whatever) automatically from boot up without using > inetd and without using a root uid. % man inetd.conf [skip] the beginning of a line. There must be an entry for each field. The fields of the configuration file are as follows: service name socket type protocol {wait|nowait}[/max-child[/max-connections-per-ip-per-minute]] user[:group][/login-class] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Exactly what do you need. server program server program arguments > I do know that /usr/local/etc/rc.d/ (mostly from my ports downloads) will > automatically run packages such as ssh and apache, and really anything you > put in there. Unfortunately, these things initially run as root, so I'm > skeptical about using it. % man su [skip] su [-] [-Kflm] [-c class] [login [args]] DESCRIPTION Su requests the Kerberos password for login (or for `login.root'', if no login is provided), and switches to that user and group ID after obtain- ing a Kerberos ticket granting ticket. A shell is then executed. Su will resort to the local password file to find the password for login if there is a Kerberos error. If su is executed by root, no password is requested and a shell with the appropriate user ID is executed; no addi- tional Kerberos tickets are obtained. [skip] -l Simulate a full login. The environment is discarded except for HOME, SHELL, PATH, TERM, and USER. HOME and SHELL are modified as above. USER is set to the target login. PATH is set to `/bin:/usr/bin''. TERM is imported from your current environ- ment. Environment variables may be set or overridden from the login class capabilities database according to the class of the target login. The invoked shell is the target login's, and su will change directory to the target login's home directory. Resource limits and session priority are modified to that for the target account's login class. - (no letter) The same as -l. Example to your usage: su - www telnetd -debug 2021 Good Luck! Serg N. Voronkov, Tyumen, Russia. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011025124702.A41897>