On Jun 13, Brian Mitchell wrote
> A firewall should not be a general host, and really should not have
> a significant number of users, so this sort of thing while effective on
> general hosts is really not effective on firewall hosts.
Yes, but you can assign 'daemonÄ users to subsystems or single Daemons. A
good example is qmail which uses quite a few users and groups. If this is
done right you dont need world writeable directories on your firewall, you
can assign each subsystem a secured context (at least on the filesystem).
This is better than running everything as user nobody.
(OO) -- Bernd_Eckenfels @
( .. ) ecki @
o--o *plush* 2048/93600EFD eckes @
irc +4972573817 BE5-RIPE
(O____O) If privacy is outlawed only Outlaws have privacy