On Wed, 28 Aug 2002 21:03:53 -0700, Jamie Heilman wrote:
>> Can I change this around a bit to achieve my goal - maybe make a new
>> group called "foo" (say) and give that gid to in.telnetd and
>> hosts.allow ... ?
>
>Obscuring your libwrap/tcpd configuration from your local users, at
>the expense of allowing services to run as seperate, non-privileged
>users is a bad idea.
Well if that's what the price is then I agree with you. But I can't
see where we'd lose if all that the group "foo" membership gives the
daemons is tcp wrappers config file read access.
It does occur to me that maybe in.telnetd (say) _depends_ on having
its group telnetd membership for some purpose though ..
Cheers,
Nick Boyce
Bristol, UK
--
"Microsoft may provide updates that will be automatically downloaded onto
your computer. These updates may disable your ability to copy and/or play
content and use other software on your computer."
-- http://bsdvault.net/article.php?sid=527&mode=&order=0
