Re: New user for new package
On Wed, Dec 06, 2000 at 10:40:44AM +0100 , Andres Seco Hernandez wrote:
> El 05 Dec 2000 a las 06:18PM -0900, Ethan Benson escribio:
> > On Wed, Dec 06, 2000 at 02:01:36AM +0100, Andres Seco Hernandez wrote:
> > > One of the daemons need access to a serial device, so i think is good to
> > > set its group uid bit and set its group to dialout.
> >
> > disagreed, if its a daemon not to be run by users then the user it
> > runs as should be a member of group dialout. users should not be able
> > to access the serial devices in any way unless they are members of
> > group dialout (except through ppp, in which they are member of group
> > dip instead). setgid/setuid is something you should avoid using
> > unless absolutely necessary. writing set[ug]id safe code takes much
> > care.
>
> How must i run it then? I supose that the init.d script to start/stop the
> daemon is run as root, so, the daemon itselft too. Then, must i change
> user efective id inside the code?
and made it configurable, or
start-stop-daemon has this
-c|--chuid username|uid
Change to this username/uid before starting the
process. You can also specify a group by appending
Petr Cech
--
Debian GNU/Linux maintainer - www.debian.{org,cz}
cech@atrey.karlin.mff.cuni.cz
<Myth> thats \\GNU\Linux$ to you
Reply to: