newbie vserver/auth question.

Solar Designer solar at openwall.com
Mon Mar 28 10:29:40 PST 2005


On Mon, Mar 28, 2005 at 07:22:01PM +0200, Japie wrote:
> On Mon, 28 Mar 2005 20:31:39 +0400, Solar Designer wrote:
> 
> > If you make use of an UID anywhere on the system (even within a chroot
> > jail), it is most appropriate to allocate it in the global /etc/passwd
> > as well, to ensure that it won't be taken for another purpose.  This
> > has no security consequences.
> 
> In concreto this would implement that using an user account with
> strict access policy is sufficient for running most services? (or did I
> misunderstood)

I'm not sure I fully understand what you wanted to say by this.

Yes, it's OK to use pseudo-user accounts.  No, it is not always
sufficient to do just that, other restrictions such as chroot jails
may be appropriate.

-- 
/sd



More information about the hlfs-dev mailing list