[bug-notifications] [openldap 0001602]: slapd should be running as non-root user
Mantis Bug Tracker
noreply at opencsw.org
Thu Jun 24 14:05:45 CEST 2010
A NOTE has been added to this issue.
======================================================================
https://www.opencsw.org/mantis/view.php?id=1602
======================================================================
Reported By: amaier
Assigned To: asmoore
======================================================================
Project: openldap
Issue ID: 1602
Category: packaging
Reproducibility: always
Severity: feature
Priority: normal
Status: assigned
======================================================================
Date Submitted: 2006-05-15 07:36 CEST
Last Modified: 2010-06-20 11:16 CEST
======================================================================
Summary: slapd should be running as non-root user
Description:
Is there any need to run slapd as user root ?
Solaris allows use of privilege ports for non-root users. See here for
details:
http://www.sun.com/blueprints/0505/819-2680.pdf
This would improve security.
======================================================================
----------------------------------------------------------------------
(0008045) rupert (manager) - 2010-06-20 11:16
https://www.opencsw.org/mantis/view.php?id=1602#c8045
----------------------------------------------------------------------
you mean this, in case of apache2:
# svccfg -s apache2
svc:/network/http:apache2> setprop start/user = astring: webservd
svc:/network/http:apache2> setprop start/group = astring: webservd
svc:/network/http:apache2> setprop start/privileges = astring:
basic,!proc_session,!proc_info,!file_link_any,net_privaddr
svc:/network/http:apache2> setprop start/limit_privileges = astring:
:default
svc:/network/http:apache2> setprop start/use_profile = boolean: false
svc:/network/http:apache2> setprop start/supp_groups = astring: :default
svc:/network/http:apache2> setprop start/working_directory = astring:
:default
svc:/network/http:apache2> setprop start/project = astring: :default
svc:/network/http:apache2> setprop start/resource_pool = astring:
:default
svc:/network/http:apache2> end
# svcadm -v refresh apache2
Action refresh set for svc:/network/http:apache2.
More information about the bug-notifications
mailing list