Re: preventing a user to start a process

• Previous message: Thomas Krause: "preventing a user to start a process"
• In reply to: Thomas Krause: "preventing a user to start a process"
• Next in thread: Thomas Krause: "Re: preventing a user to start a process"
• Reply: Thomas Krause: "Re: preventing a user to start a process"
• Reply: Bill Vermillion: "Re: preventing a user to start a process"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 25 Jul 2005 15:21:59 -0500
To: Thomas Krause <freebsd-isp@chef-ingenieur.de>

Thomas Krause wrote:
> Hello,
> is it possible to bar a user (www) from starting a process?
> I've a irc daemon running under the uid www. I think
> this was done by php. What would be the best way to prevent
> this (php should be remain usable)? I've installed ipfw rules,
> but this doesn't prevent the starting of the process.

Change the permissions on the file to not allow world execution?

chmod 750 /path/to/irc-daemon

and make sure it isn't owner by www user, and the www user is not in the
group that owns the daemon.

Eric

-- 
------------------------------------------------------------------------
Eric Anderson        Sr. Systems Administrator        Centaur Technology
A lost ounce of gold may be found, a lost moment of time never.
------------------------------------------------------------------------
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: Thomas Krause: "preventing a user to start a process"
• In reply to: Thomas Krause: "preventing a user to start a process"
• Next in thread: Thomas Krause: "Re: preventing a user to start a process"
• Reply: Thomas Krause: "Re: preventing a user to start a process"
• Reply: Bill Vermillion: "Re: preventing a user to start a process"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages RE: preventing a user to start a process ... > is it possible to bar a user from starting a process? ... > I've a irc daemon running under the uid www. ... > this was done by php. ... (freebsd-isp) preventing a user to start a process ... is it possible to bar a user from starting a process? ... I've a irc daemon running under the uid www. ... this was done by php. ... (freebsd-isp) Re: preventing a user to start a process ... Use php safe_mode. ... This will prevent the execution of external commands from ... Depending on you what you mean by "usable", ... > I've a irc daemon running under the uid www. ... (freebsd-isp)