netbsd-help: Re: Starting daemons in rc as non-root

Subject: Re: Starting daemons in rc as non-root
To: Paulo Alexandre Pinto Pires <pappires@vortex.del.ufrj.br>
From: matt sommer <mms@f5.com>
List: netbsd-help
Date: 08/12/1996 09:16:16

> This is quick: how do I run daemons at startup as a non-root user,
> so that the daemon keeper can't, by any means, gain root access?

have a look at noshell and chrootuid, both available from
coast.cs.purdue.edu and other security archives. IMHO they
provide a better solution than su...




m.

Matt Sommer, F5 Labs, Inc.				E-mail:	mms@f5.com
1218 3rd Ave., Suite 508				Voice:	206-447-1817
Seattle, WA 98101					Fax:	206-447-9636
1024/384FB37D 1995/07/03 = 40 55 F4 19 D2 A9 6E E7  16 78 BF B1 5B 75 0D 24