Hi all I am not a maintainer, but, as i use mainly Debian, and i am making a program that i hope it will be inside Debian in some time, i need to ask for a suggestion about if i need to create a new user to keep security risks at minimum or can i use the daemon or nobody users. The program has 3 daemons, and it is used to connect IP computers with SMS capable GSM devices. The project web page is at alamin.sourceforge.net. As the program has a spool directory to keep messages while they wait to be sent, i supose that the spool directory (/var/spool/alamin) must be accesible only by the user that runs the daemons. These daemons must be run as other user than root, i supose, to keep bugs far from being running as root. But, i am not sure if the daemon or nobody users must be used to keep people away from spool directories. Must i create a new user (alamin) as other MTAs do? (postfix, etc.). One of the daemons need access to a serial device, so i think is good to set its group uid bit and set its group to dialout. Please, if somebody can suggest me about users policies for daemons, i will be very grateful. Sorry for my poor english. Have a good day. -- Andres Seco Hernandez, MCP ID 445900 AndresSH@ctv.es - http://www.ctv.es/USERS/andressh GnuPG public information: pub 1024D/3A48C934 E61C 08A9 EBC8 12E4 F363 E359 EDAC BE0B 3A48 C934 -------------------------------------------------- Alamin GSM SMS Gateway - http://alamin.sourceforge.net Debian GNU/Linux - http://www.debian.org
Attachment:
pgpxHXZPWbEHa.pgp
Description: PGP signature