[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New user for new package

On Wed, Dec 06, 2000 at 10:40:44AM +0100 , Andres Seco Hernandez wrote:
> El 05 Dec 2000 a las 06:18PM -0900, Ethan Benson escribio:
> > On Wed, Dec 06, 2000 at 02:01:36AM +0100, Andres Seco Hernandez wrote:
> > > One of the daemons need access to a serial device, so i think is good to
> > > set its group uid bit and set its group to dialout.
> > 
> > disagreed, if its a daemon not to be run by users then the user it
> > runs as should be a member of group dialout.  users should not be able
> > to access the serial devices in any way unless they are members of
> > group dialout (except through ppp, in which they are member of group
> > dip instead).  setgid/setuid is something you should avoid using
> > unless absolutely necessary.  writing set[ug]id safe code takes much
> > care.
> How must i run it then? I supose that the init.d script to start/stop the
> daemon is run as root, so, the daemon itselft too. Then, must i change
> user efective id inside the code?

and made it configurable, or
start-stop-daemon has this
       -c|--chuid username|uid
              Change  to  this  username/uid  before starting the
              process. You can also specify a group by  appending

				Petr Cech
Debian GNU/Linux maintainer - www.debian.{org,cz}

<Myth> thats \\GNU\Linux$ to you

Reply to: