Bug 360177

Summary:	net-proxy/dansguardian: run as dedicated user instead of nobody
Product:	Gentoo Linux	Reporter:	Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component:	[OLD] Server	Assignee:	Gentoo Network Proxy Developers (OBSOLETE) <net-proxy+disabled>
Status:	RESOLVED FIXED
Severity:	enhancement
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	patch

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-03-23 17:33:31 UTC

Currently dansguardian will run as nobody:nobody as default, and clamav:clamav if clamav is used.

I'd like to suggest an enhancement to create a dedicated dansguardian user and group and make the daemon run as the dansguardian user and group instead of nobody for better isolation. In case clamav is used, it'd still use clamav:clamav.

What do you think? I can submit patches to make it work that way, just asking for an opinion first.

Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-06-11 08:47:22 UTC

Created attachment 276619 [details, diff]
patch

This is the patch I'm using on my local system. No problems detected so far, and I'm running it for a few weeks.

Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-11-11 17:26:11 UTC

Committed, patch was there for 4 months.