[EMAIL PROTECTED] (Jean Pierre LeJacq) wrote on 22.07.98 in <[EMAIL PROTECTED]>:
> I'm not sure if I agree. I maintain the http server, wn, for > debian. At startup, it switches to user nobody. If this policy > is adopted, it could not write to its log file. Does it not open the log file before it switches? That ought to work. Anyway, the reason to have nobody/nogroup (and, indeed, to use those for executing, but not for file ownership) is to improve security - if a security hole allows someone to do something as one of these daemons running as nobody, we want to be sure that he can't touch anything important. If your logfile is changeable by user nobody, you are in essence saying that it isn't important, and any intruder (or, indeed, any legitimate anonymous user that is given "nobody" priviledges) may happily replace the file contents with his inventions. That probably collides with the reasons to keep a logfile in the first place. > I could modify the source code so it switches to another user, > maybe www-data or a new user just for wn. This may result in a > proliferation of new users. > > The other option is to force use of syslog. Those are other workable options. MfG Kai -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
