quick poppassd question
Wolfpaw - Dale Corse
admin-lists at wolfpaw.net
Mon Jun 2 09:46:09 PDT 2003
I figured that would be a given :P I think we were discussing
default..? (I assumed so.. my bad)
D.
--------------------------------
Dale Corse
System Administrator
Wolfpaw Services Inc.
http://www.wolfpaw.net
(780) 474-4095
> -----Original Message-----
> From: owner-freebsd-isp at freebsd.org
> [mailto:owner-freebsd-isp at freebsd.org]On Behalf Of Scott Lambert
> Sent: Monday, June 02, 2003 10:44 AM
> To: isp at freebsd.org; security at freebsd.org
> Subject: Re: quick poppassd question
>
>
> On Mon, Jun 02, 2003 at 10:50:38AM -0600, Wolfpaw - Dale
> Corse wrote:
> > > Perhaps someone can shed more light on the subject, but it's my
> > > impression that most system process run with a UID/GID
> > > under 100. So a
> > > uid < 100 should deny the change request.
> >
> > Perhaps, though the trend is running most things as non-priv
> > users, because it minimizes the damage to the server if a
> > process is compromised. Generally "non-system" accounts seem
> > to start at 1000 (BSD, and most Linux), or 500 (notably Redhat)
> > so.. you may want to use 500 as the magic number for portability
> > reasons.
>
> Make it configurable!!! Set a default but don't make hard coded
> assumptions about someone else's systems. On FreeBSD, the default
> should probably be 1000.
>
> make NON_SYSTEM_ACCT_START=4321
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to
> "freebsd-isp-unsubscribe at freebsd.org"
>
>
More information about the freebsd-isp
mailing list