Date: Tue, 05 Jan 1999 04:53:19 +0100 From: dirk.meyer@dinoex.sub.org (Dirk Meyer) To: freebsd-isdn@FreeBSD.ORG Subject: Re: regexp program Message-ID: <wvTD8lrVRM@dmeyer.dinoex.sub.org> References: <199901041906.UAA01275@yedi.iaf.nl><m0zx5rP-0000fOC@hcswork.hcs.de><199901041906.UAA01275@yedi.iaf.nl><19990104204911.B5702@hcswork.hcs.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hellmuth Michaelis wrote in reply of Wilko Bulte: > > In that respect I'd say it might make sense to not execute > > the regprog as root. > > It looks like isdnd/exec.c just execs whatever you feed it. > > Maybe a setuid(nobody) > > first? > > Something like that - on the other side: who should be permitted to access > /dev/i4b* and wouldn't it be appropriate at this time to add group "isdn" > to /etc/groups? The regexp program (I dont use any at this time), may want to signal the isdnd/route/natd new information. If this is the case, It can't run as nobody. I see the problem with the answering machine or the similar programs. The have to access the isdn data, but I would not like to run them under root permanently. > I really didn't thought about all this stuff much, what do other people > think about that ? > Thoughts, comments ? first, is there any reason i4b must runs as root, instead as an dedicated user? It might be possible, all i4b devices could be owned by this users. All programs and scripts could be executed under this, root will still have access for administration or emergency. [not full related] BTW, instead of using rc.isdn versus rc.isdn.ppp I start my raw devices with /etc/start.ipr0 and my ppp links with a separate script /usr/local/etc/rc.d/91-isp0.sh (mode 700) which feed the route and accounting data. Where do you put your accounting passwords into? kind regards Dirk -- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany -- Tel. +49-5606-6512 . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wvTD8lrVRM>