* Hugo Doria <hugodoria@gmail.com> wrote:
The problem of using the user "nobody" is that if it is used for various services, and one of these is compromised it can also affect snort.
IMHO, we have two options:
1) Create a "snort" user/group and provide a package with fewer privileges by default (users can change that if they want) 2) Run snort as "nobody" and put a message in snort.install showing how to change the user/group that snort runs.
I think the first option is better.
I vote also for the first option, but we need some place, were all uids/gids are listed. The wiki is the right place for doing that. Snowman started in may 2008 such a list, as you can see here: http://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database A second aproach I would prefer over the first option mentioned above is the following: In the PKGBUILD these two options in 3 variants: 1) user1/group1 are listed in a database of pacman: require_user('user1') require_group('group1') 2) user1 gets uid1, which is defined in the PKGBUILD file group1 is taken from database require_user('user1:uid1') require_group('group1') 3) user1/group2 become some random uid (ranges are set in pacman.conf) group2 will be set to gid2 require_user('user1:random') require_group('group1:random' 'group2:gid2') -- regards, TR