[arch-general] [arch-dev-public] Snort UID / GID
Tino Reichardt
list-arch at mcmilk.de
Sun Jul 20 04:02:18 EDT 2008
* Hugo Doria <hugodoria at gmail.com> wrote:
> The problem of using the user "nobody" is that if it is used for
> various services, and one of these is compromised it can also affect
> snort.
>
> IMHO, we have two options:
>
> 1) Create a "snort" user/group and provide a package with fewer
> privileges by default (users can change that if they want)
> 2) Run snort as "nobody" and put a message in snort.install showing
> how to change the user/group that snort runs.
>
> I think the first option is better.
I vote also for the first option, but we need some place, were all
uids/gids are listed. The wiki is the right place for doing that.
Snowman started in may 2008 such a list, as you can see here:
http://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database
A second aproach I would prefer over the first option mentioned above is
the following:
In the PKGBUILD these two options in 3 variants:
1) user1/group1 are listed in a database of pacman:
require_user('user1')
require_group('group1')
2) user1 gets uid1, which is defined in the PKGBUILD file
group1 is taken from database
require_user('user1:uid1')
require_group('group1')
3) user1/group2 become some random uid (ranges are set in pacman.conf)
group2 will be set to gid2
require_user('user1:random')
require_group('group1:random' 'group2:gid2')
--
regards, TR
More information about the arch-general
mailing list