ietf
[Top] [All Lists]

Re: Guidance needed on well known ports

2006-03-20 13:14:25
Hallam-Baker, Phillip wrote:
The idea of requiring a privillege to access certain ports can have utility.

The idea of requiring root in a monolithic two level system like unix is a very bad one indeed. Http and smtp servers should not run as root. Forcing them to is bad o/s design.

Bind is chrooted into directory /usr/lib/named and runs as user named.
Apache is chrooted into /usr/lib/www and runs as user wwwrun.
Exim is chrooted into /usr/lib/exim and runs as user exim.
...

There are even systemcalls in all flavours of unix for doing this.
There is (almost) no need to run anything as root.

Bernstein too has ideas too, how not to run things as root ...
Works under all flavours of unix, including MAC OS-X. I guesstimate
that works for some 70% of all servers.

--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter(_at_)peter-dambier(_dot_)de
mail: peter(_at_)echnaton(_dot_)serveftp(_dot_)com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf