SPUG: site clutter

Tue Jun 26 00:15:52 CDT 2001

William Julien, in an immanent manifestation of deity, wrote:
>Hmmm. Can you explain why it is a "Bad Thing" to have your server
>running as user "nobody" and group "nobody"? It would seem to me, that
>this would provide better security for the system if you ran scripts
>as an unprivlidged user. If your cgi scripts were run under setuid,
>a poorly written script can gain access to files (owned by them) that
>were not explicily permitted by the owner as world write.

So, if User A runs his scripts as "nobody" and User B runs her scripts
as "nobody", what could User A do to User B?

Darren
-- 
<torin at daft.com><http://www.daft.com/~torin/> <torin at debian.org><perl at slut.org>
Darren Stalder/2608 Second Ave, @282/Seattle, WA 98121-1212/USA/+1-206-ELF-LIPZ
@                <URL:http://www.daft.com/~torin/resume.html>                 @
@               Unix Sys-Admin / Perl Guru / C expert for hire                @

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For daily traffic, use spug-list for LIST ;  for weekly, spug-list-digest
  Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/