Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 360177

Summary: net-proxy/dansguardian: run as dedicated user instead of nobody
Product: Gentoo Linux Reporter: Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component: [OLD] ServerAssignee: Gentoo Network Proxy Developers (OBSOLETE) <net-proxy+disabled>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: patch

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-23 17:33:31 UTC
Currently dansguardian will run as nobody:nobody as default, and clamav:clamav if clamav is used.

I'd like to suggest an enhancement to create a dedicated dansguardian user and group and make the daemon run as the dansguardian user and group instead of nobody for better isolation. In case clamav is used, it'd still use clamav:clamav.

What do you think? I can submit patches to make it work that way, just asking for an opinion first.
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-06-11 08:47:22 UTC
Created attachment 276619 [details, diff]
patch

This is the patch I'm using on my local system. No problems detected so far, and I'm running it for a few weeks.
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-11-11 17:26:11 UTC
Committed, patch was there for 4 months.