| Subject | Firebird install.sh and Linux/Unix |
|---|---|
| Author | William L. Thomson Jr. |
| Post date | 2002-06-28T20:51:07Z |
Just a thought for others to comment on. Shouldn't each service under a
Posix compliant OS run under restricted users and groups not root/su.
So if possible can it be added to the Firebird installer that a user and
group be created that Firebird will run under.
I have had my installation of InterBase and InterClient running this way
for a while without any problems. Which should also help in case someone
was able to get control of those accounts or services the damage would
be limited to the user and the group the services belong to.
Some what of is a mood issue since at that point they have access to the
DB, and etc., but they will not have root access to the entire system.
So if an exploit or vulnerability arises it would not be a root exploit.
So in my situation I have a user and group that IB runs under. I have a
separate user and group that InterClient runs under. InterClient's
group also includes the group that IB belongs to. Both IB and
InterClient's group are also members of the root group, although I am
not to sure that was necessary.
Or am I doing all of this for nothing?
Any comments thoughts etc.?
--
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 707.766.9509
Fax 707.766.8989
http://www.obsidian-studios.com
Posix compliant OS run under restricted users and groups not root/su.
So if possible can it be added to the Firebird installer that a user and
group be created that Firebird will run under.
I have had my installation of InterBase and InterClient running this way
for a while without any problems. Which should also help in case someone
was able to get control of those accounts or services the damage would
be limited to the user and the group the services belong to.
Some what of is a mood issue since at that point they have access to the
DB, and etc., but they will not have root access to the entire system.
So if an exploit or vulnerability arises it would not be a root exploit.
So in my situation I have a user and group that IB runs under. I have a
separate user and group that InterClient runs under. InterClient's
group also includes the group that IB belongs to. Both IB and
InterClient's group are also members of the root group, although I am
not to sure that was necessary.
Or am I doing all of this for nothing?
Any comments thoughts etc.?
--
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 707.766.9509
Fax 707.766.8989
http://www.obsidian-studios.com