proftpd TLS
alexus
alexus at gmail.com
Thu May 21 03:41:13 UTC 2009
On Wed, May 20, 2009 at 5:43 PM, <perryh at pluto.rain.com> wrote:
> alexus <alexus at gmail.com> wrote:
>> ... i guess my main concern it not to run it as root now
>
> AFAIK it is normal for a daemon to run as root if it expects to
> receive login credentials:
>
> * For any but the most minimal authentication scheme, it must be
> root to authenticate the credentials. (A scheme which enables an
> untrusted program to authenticate login credentials is vulnerable
> to brute-force attacks.)
>
> * Regardless of the authentication scheme, it must be root in
> order to assume the identity of the newly logged in user.
>
all my users are virtual users to begin with, so that's not really a
concern, but i'd like to keep it running as non root thats for sure
--
http://alexus.org/
More information about the freebsd-questions
mailing list