Skip site navigation (1)Skip section navigation (2)
Date:      02 Jan 2001 18:27:49 -0500
From:      Chris Shenton <cshenton@OutBounderInc.com>
To:        "Jeffrey D. LaCoursiere" <jeff@jeff.net>
Cc:        freebsd-isp@FreeBSD.ORG
Subject:   Re: FW: Prepaid Internet Service (fwd)
Message-ID:  <lfelyl1qmi.fsf@Samizdat.uucom.com>
In-Reply-To: "Jeffrey D. LaCoursiere"'s message of "Tue, 2 Jan 2001 15:59:09 -0600 (CST)"
References:  <Pine.BSF.4.21.0101021553020.2323-100000@jeffdev.billmax.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Jan 2001 15:59:09 -0600 (CST), "Jeffrey D. LaCoursiere" <jeff@jeff.net> said:

Jeffrey> It is true that most of the BillMax processes run as root.
Jeffrey> This is only a security issue if the machine is accessible to
Jeffrey> the outside world, which generally it is not. [...]

I'll be doing some work for an ISP which just purchased BillMax.  I'm
a bit of a paranoid so running as root may bother me more than most --
even if you've tried to close all the doors you can think of.

I prefer the "principal of least privilege".  While I'm not intimate
with BillMax yet, I have done lots of work with apache, php, perl,
mysql, radius, etc. I can't see that anything in BillMax would require
running as root, since none of the components does.  If not, I'd
certainly prefer it to run as some non-root user, maybe even something
like user "billmax".

Thanks.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lfelyl1qmi.fsf>