[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unowned processes and who controls them (was: Re: passwd entry for uid -1



Quoth Marcus Brinkmann: 

> All users of the login shell are in login groups named "login", but they are
> all distinct to proc.

Pointers to different strings containing "login", then?

> > Unless you pre-open this directory, how can you reliably make sure that
> > a program/daemon running as no-user gets access to the same files the
> > next time you start it?  Let's say BIND is started in the system boot
> > scripts, and I later log in through telnet and restart BIND (kill and
> > start again), how would you make sure BIND gets the same files.
> 
> All processes in the same login group should get access to the same files.

If I log in as root on the console, through telnet, and through ssh and
noauth the three, would these be in the same login group?  In my tests,
it seemed that one rmauthed oysteivi logged in through telnet could not
kill the processes of another rmauthed oysteivi. (two nousers with
different login ids, no?)

If not, when you log in, start bind, log out, log in, stop bind, start
bind, how can you make sure it gets access to the same files?  Wouldn't
you have to preallocate a login id for bind then, effectively doing the
same as having a dedicated named user?

(I'm not asking to be difficult, I just want to make sure that both I
and everybody else who is interested understands this and its
implications  :)

> Of course.  I also should have mentioned data protection etc.

Perhaps, but would you normally give other read access to sensitive
data? 

Oystein
-- 
This message was brought to you by the letter ß and the number e.



Reply to: