proftpd TLS

perryh at perryh at
Thu May 21 00:17:24 UTC 2009

alexus <alexus at> wrote:
> ... i guess my main concern it not to run it as root now

AFAIK it is normal for a daemon to run as root if it expects to
receive login credentials:

* For any but the most minimal authentication scheme, it must be
  root to authenticate the credentials.  (A scheme which enables an
  untrusted program to authenticate login credentials is vulnerable
  to brute-force attacks.)

* Regardless of the authentication scheme, it must be root in
  order to assume the identity of the newly logged in user.

More information about the freebsd-questions mailing list