[mythtv] unprivileged user?
lists at forevermore.net
Tue Aug 12 10:59:18 EDT 2003
> Doesn't the ability of the application to switch users
> depend upon setuid root
> and isn't every additional setuid root program a
> security risk?
well, the problem is that there are now a LOT of programs out there
being run as root (via sysV startup scripts) - my installation, for
example - I hadn't even realized it until last night, since I'm so used
to programs like mysql, apache, etc starting up as root and then
switching to an unprivileged user after reading in their settings.
The simple solution is to fix the startup script (which is what debian
does, if I understand correctly), but my initial suggestion was to make
myth smarter than this and actually go out of its way to try NOT to be
root. If it's not running as root, a chuser call wouldn't be necessary,
and shouldn't work, anyway.
> An install script could do this, or it could just be recommended
> in the HOWTO.
like I said - it can be done in a package.
anyway, I'm going to stop talking now. People seem to feel pretty
strongly that "users should fix their own problems" and I don't want to
get into an argument about it. (and on that note, I think I'll go fix
my startup script)
More information about the mythtv-dev