|
|
On Tue, Mar 29, 2005 at 05:37:48PM +0200, Enrico Scholz wrote:
> I think, that the current SUID binary is unacceptable. I see the following
> options (in order of precedence):
>
> * ignore faults with /etc/shadow (errors will occur only in this
> setup). IMO it is very uncommon to do user-accounting for such
> services in this file; most people will use a regular database or
> ldap.
If most people would include me I would probably follow your advice here
but I started to package jabber because I am using it with just this
configuration. Authentication against /etc/shadow. Uncommon but exactly
my scenario.
> * start the c2s server as root. afais, the SUID is only needed because
> you start the daemon with
>
> | daemon --user jabber ...
> ~~~~~~~~~~~~~
>
> Omitting this, would execute the daemon with the rights of the caller
> ('root' in this case).
This would be no problem. I just thought that I can add another option
to sysconfig/jabberd which toggles if c2s should be started as root or
as the jabber user. Default would be to start it as jabber and if it is
required (as in my case) it would be necessary to change it in this
file. Would this be an acceptable solution?
Adrian
--
Adrian Reber <adrian@xxxxxxxx> http://lisas.de/~adrian/
Boredom in the Kernel.
--
fedora-extras-list mailing list
fedora-extras-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-list
|
|