On 2009/06/01 22:07, patrick keshishian wrote:
> On Mon, Jun 01, 2009 at 12:48:31PM +0100, Stuart Henderson wrote:
> > On 2009/05/31 20:44, patrick keshishian wrote:
> > > Greetings,
> > >
> > > I'm not sure if ports@ is the right list for these questions,
> > > but I think it is a good place to start.
> > >
> > > I have a PPTP VPN client that I'm trying to clean up for release.
> > > Part of my TODO list before release have to do with user-id to
> > > use and syslog.
> > >
> > > Currently the client switches to _ppp user after it is done
> > > with root privilege and chroot(2)-s to /var/empty. Is this
> > > acceptable? Is there another user-id that is preferred?
> >
> > You need to add a new unique user-id for the port (see
> > ports/infrastructure/db/user.list) and create it in PLIST
> > with @newuser/@newgroup. /var/empty is fine.
>
> Hmm.. kinda feels like a waste to create a new user/group.
> The app doesn't write to any files nor does it have any
> config files (ATM).
we have well over a hundred individual UIDs for ports already.
it's no problem to add another.
> How about I stick with nobody?
"nobody" is special; it is definitely not a non-privileged account.
$ grep nobody /etc/passwd
nobody:*:32767:32767:Unprivileged user for NFS:/nonexistent:/sbin/nologin
^^^^^^^
