* Hugo Doria <hugodoria@xxxxxxxxx> wrote: > The problem of using the user "nobody" is that if it is used for > various services, and one of these is compromised it can also affect > snort. > > IMHO, we have two options: > > 1) Create a "snort" user/group and provide a package with fewer > privileges by default (users can change that if they want) > 2) Run snort as "nobody" and put a message in snort.install showing > how to change the user/group that snort runs. > > I think the first option is better. I vote also for the first option, but we need some place, were all uids/gids are listed. The wiki is the right place for doing that. Snowman started in may 2008 such a list, as you can see here: http://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database A second aproach I would prefer over the first option mentioned above is the following: In the PKGBUILD these two options in 3 variants: 1) user1/group1 are listed in a database of pacman: require_user('user1') require_group('group1') 2) user1 gets uid1, which is defined in the PKGBUILD file group1 is taken from database require_user('user1:uid1') require_group('group1') 3) user1/group2 become some random uid (ranges are set in pacman.conf) group2 will be set to gid2 require_user('user1:random') require_group('group1:random' 'group2:gid2') -- regards, TR
