quick poppassd question
Scott Lambert
lambert at lambertfam.org
Mon Jun 2 09:44:26 PDT 2003
On Mon, Jun 02, 2003 at 10:50:38AM -0600, Wolfpaw - Dale Corse wrote:
> > Perhaps someone can shed more light on the subject, but it's my
> > impression that most system process run with a UID/GID
> > under 100. So a
> > uid < 100 should deny the change request.
>
> Perhaps, though the trend is running most things as non-priv
> users, because it minimizes the damage to the server if a
> process is compromised. Generally "non-system" accounts seem
> to start at 1000 (BSD, and most Linux), or 500 (notably Redhat)
> so.. you may want to use 500 as the magic number for portability
> reasons.
Make it configurable!!! Set a default but don't make hard coded
assumptions about someone else's systems. On FreeBSD, the default
should probably be 1000.
make NON_SYSTEM_ACCT_START=4321
More information about the freebsd-security
mailing list