On Tue, 11 Apr 2023 20:06:02 +0100, Colin Paice wrote: >I've been reviewing someone's (ftp like) product documentation, and they >say that the userid that runs their product needs id(0) to be able to run. >This feels like giving too much authority to the userid. Is there a better >way of defining the userid and its access to resources to be able to >eliminate the need for id(0)? > If it's "ftp like" it needs full access to every user's files so yes, id(0). A better design might be an executable to be invoked by sshd as sftp does. Then it would be as secure as ssh/stp for whatever method you use to secure ssh. Do you permit ssh/sftp?
Do you trust the supplier? Even if it runs on a non-privileged ID, it can do any harm that users can do to themselves. Would you run a script that I supplied without a thorough audit? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
