[arch-general] [arch-dev-public] Snort UID / GID

Luke S Crawford lsc at prgmr.com
Thu Jul 17 15:14:03 EDT 2008

"Hugo Doria" <hugodoria at gmail.com> writes:
> IMHO, we have two options:
> 1) Create a "snort" user/group and provide a package with fewer
> privileges by default (users can change that if they want)
> 2) Run snort as "nobody" and put a message in snort.install showing
> how to change the user/group that snort runs.
> I think the first option is better.

I agree.

Personally, I try to create a new user (and sometimes a chroot) for every 
publicly facing service that can be run as non-root.  

I think it would be awesome if more packages did this for me.  I don't
see the downside to having lots of users, supposing the mapping is clear.  

More information about the arch-general mailing list