proftpd TLS

alexus alexus at
Thu May 21 03:41:13 UTC 2009

On Wed, May 20, 2009 at 5:43 PM,  <perryh at> wrote:
> alexus <alexus at> wrote:
>> ... i guess my main concern it not to run it as root now
> AFAIK it is normal for a daemon to run as root if it expects to
> receive login credentials:
> * For any but the most minimal authentication scheme, it must be
>  root to authenticate the credentials.  (A scheme which enables an
>  untrusted program to authenticate login credentials is vulnerable
>  to brute-force attacks.)
> * Regardless of the authentication scheme, it must be root in
>  order to assume the identity of the newly logged in user.

all my users are virtual users to begin with, so that's not really a
concern, but i'd like to keep it running as non root thats for sure


More information about the freebsd-questions mailing list