=================== BUG #3254: LATEST MODIFICATIONS ================== http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3254&group_id=2348
Changes by: Mathieu Roy <[EMAIL PROTECTED]> Date: Thu 04/17/03 at 14:59 (Europe/Paris) ------------------ Additional Follow-up Comments ---------------------------- Or maybe "nobody" can be a correct defaut user? =================== BUG #3254: FULL BUG SNAPSHOT =================== Submitted by: yeupou Project: Package DataBase View Submitted on: Thu 04/17/03 at 14:57 Category: core Severity: 7 Bug Group: None Resolution: None Assigned to: yeupou Status: Open Summary: pdbv usually run as root Original Submission: Pdbv should not run as root, it compromises the security of a system, especially if /etc/pdbvrc2 get too laxist mode/ownership. "www-data" may be a good choice on debian system but this user is not usual on RedHat-based systems. In this regard, "daemon" is probably a better choice. I do not think we should define the user with pdbvrc. It's surely better to just run pdbv with the user who started it, it let user do what they want. In addition, we could return a warning message, when running pdbv as root. Modifying /etc/cron.d/pdbv2 should be enough. Follow-up Comments ******************* ------------------------------------------------------- Date: Thu 04/17/03 at 14:59 By: yeupou Or maybe "nobody" can be a correct defaut user? CC list is empty No files currently attached For detailed info, follow this link: http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3254&group_id=2348
