> > I don't know. I would expect the code to create a socket and bind it > > to port 20 to be isolated to one or two functions, but I haven't read > > nor written any real ftp daemon. > > That would be correct. But in the general ftp daemon, you _might_ also > need to be able to setuid() to some user (to provide logins), and to > chroot (which is not a privileged operation for the hurd anyway). If > you want to provide logins, you also need read access to /etc/shadow to > be able to verify peoples passwords. Just because you have no uids does not mean you cannot run addauth. And since a user is trying to login in as a specific user, you provide that password to the addauth prompt. Therefore, you can run with no uids and switch to other users without reading /etc/shadow.
Attachment:
pgp68LExxNern.pgp
Description: PGP signature