[arch-general] [arch-dev-public] Snort UID / GID
list-arch at mcmilk.de
Sun Jul 20 04:02:18 EDT 2008
* Hugo Doria <hugodoria at gmail.com> wrote:
> The problem of using the user "nobody" is that if it is used for
> various services, and one of these is compromised it can also affect
> IMHO, we have two options:
> 1) Create a "snort" user/group and provide a package with fewer
> privileges by default (users can change that if they want)
> 2) Run snort as "nobody" and put a message in snort.install showing
> how to change the user/group that snort runs.
> I think the first option is better.
I vote also for the first option, but we need some place, were all
uids/gids are listed. The wiki is the right place for doing that.
Snowman started in may 2008 such a list, as you can see here:
A second aproach I would prefer over the first option mentioned above is
In the PKGBUILD these two options in 3 variants:
1) user1/group1 are listed in a database of pacman:
2) user1 gets uid1, which is defined in the PKGBUILD file
group1 is taken from database
3) user1/group2 become some random uid (ranges are set in pacman.conf)
group2 will be set to gid2
More information about the arch-general