View Single Post
  #7   (View Single Post)  
Old 30th June 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Example application -- a database engine. The administrative userid is typically NOT root, but is postgresql, or mysql, or whatever. On OpenBSD, these system userids typically start with underscore, such as _postgresql. The startup scripts will use sudo or su to bring up the associated daemons, such as:
Code:
su -l _postgresql -c "nohup /usr/local/bin/pg_ctl start \
        -D /var/postgresql/data -l /var/postgresql/logfile \
        -o '-D /var/postgresql/data' >/dev/null"
(It is, of course, best practice to NEVER have your database servers exposed to the Internet. But problems can also occur from inside one's network. Is everybody trusted? Even if they are, did one of them accidentally do something that enabled a remote vector in by an external attacker?)
Reply With Quote