> For a few years I have been running nc from inetd together with pf
> redirect rules to reach LAN servers via their public IP adresses from
> LAN:
> 
> # cat /etc/inetd.conf
> 127.0.0.1:20080 stream tcp nowait proxy /usr/bin/nc nc -w 20 PR.IV.AT.E 80
> 127.0.0.1:20443 stream tcp nowait proxy /usr/bin/nc nc -w 20 PR.IV.AT.E 443
> 
> Now that proxy user is gone in 6.1, what would be appropriate account to
> run nc under? Is nobody OK? Something else?
> 
> Or is there a better way to accomplish this?

A user of your own you create.

Never reuse a user intended for another purpose.

Take a glance at the ptrace manual page.

Reply via email to