Re: Guidance needed on well known ports
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guidance needed on well known ports
Hallam-Baker, Phillip wrote:
The idea of requiring a privillege to access certain ports can have utility.
The idea of requiring root in a monolithic two level system like unix is
a very bad one indeed. Http and smtp servers should not run as root.
Forcing them to is bad o/s design.
Bind is chrooted into directory /usr/lib/named and runs as user named.
Apache is chrooted into /usr/lib/www and runs as user wwwrun.
Exim is chrooted into /usr/lib/exim and runs as user exim.
...
There are even systemcalls in all flavours of unix for doing this.
There is (almost) no need to run anything as root.
Bernstein too has ideas too, how not to run things as root ...
Works under all flavours of unix, including MAC OS-X. I guesstimate
that works for some 70% of all servers.
--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
