=================== BUG #3254: FULL BUG SNAPSHOT =================== http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3254&group_id=2348
Submitted by: yeupou Project: Package DataBase View Submitted on: Thu 04/17/03 at 14:57 Category: core Severity: 7 Bug Group: None Resolution: None Assigned to: yeupou Status: Open Summary: pdbv usually run as root Original Submission: Pdbv should not run as root, it compromises the security of a system, especially if /etc/pdbvrc2 get too laxist mode/ownership. "www-data" may be a good choice on debian system but this user is not usual on RedHat-based systems. In this regard, "daemon" is probably a better choice. I do not think we should define the user with pdbvrc. It's surely better to just run pdbv with the user who started it, it let user do what they want. In addition, we could return a warning message, when running pdbv as root. Modifying /etc/cron.d/pdbv2 should be enough. No Followups Have Been Posted CC list is empty No files currently attached For detailed info, follow this link: http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=3254&group_id=2348
