|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Erick Mechler (emechler_at_techometer.net)
Date: Tue Dec 10 2002 - 13:36:59 CST
:: So how do I get sshd to run off the sshd user?
:: Would apache be cooperative with the www user as well,
:: or is that more tricky?
Privsep is just an sshd thing right now. If you do a system upgrade via
source, the new user should get setup, and the appropriate chroot
environment will as well (/var/empty). To enable sshd privsep, set
UsePrivilegeSeparation yes
in /etc/ssh/sshd_config. As for running Apache as the www user, set
User www
Group www
in your httpd.conf file. Make sure that the user and group you choose can
read all the files in your DocumentRoot, too. The parent process will
continue to run as root (binding to privileged ports and all), but the
children will run as www).
Hope this helps...
Cheers - Erick
To Unsubscribe: send mail to majordomo
FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]