[ejabberd] epam issue

Dennis Schridde devurandom at gmx.net
Tue Feb 21 18:10:02 MSK 2012


Am Dienstag, 21. Februar 2012, 14:54:41 schrieb Holger Mickler:
> Another question: Have you tried installing ejabberd as the jabber user and
> run from this installation to be sure that your configuration is correct?
I use the installation from a Gentoo package (ebuild) and it worked until I 
tried to restart ejabberd yesterday. I do not know what changed, though, so I 
have to figure out what is going on. (And understand the error message, which 
I currently don't.)

> Can you tell why you need to have this setuid stuff? Does this add security?
When authenticating via PAM, the application needs to be allowed to read 
/etc/shadow (assuming that your PAM stack uses authentication against it). 
Since that file shall not be read by regular users for security reasons (they 
could try to crack the hashes), it is only readable by root. Hence programs 
need to be setuid to read it anyway.
So setuid does not add security (instead it removes it by running the 
application as root), but in some cases it is necessary anyway.

--Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20120221/9c5ba5fa/attachment.bin>


More information about the ejabberd mailing list