[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Running as nobody
First,
Thanks Mike, and whoever else maybe working too hard, for the new
mail list search system. I've been using the search much more often and
now spend less time looking for what I need!
Question: After searching the list, I still have not seen the reasoning
for the following statement in the manual (Although I'm sure there is a good
reason or 2):
"IMPORTANT NOTE: The MiniVend server should not run as the user
nobody!"
The closest I came to an answer was from the docs:
http://www.minivend.com/minivend/docindex/27.04.Compiling_VLINK_and_TLINK.html
"Do not make vlink owned by root, because making vlink setuid root is an
huge and unnecessary security risk. It should also not normally run as the
default WWW user (often nobody or http))."
Does the above statement mean that running as nobody
could have some security issues if the web server is
also running as nobody? Or does it mean something
won't work correctly but not necessarily a security
problem?
The reason I need to know is that a new set-up I'm
working on may require running as nobody to interface
with their credit card processing software (or so says
their isp).
Thanks all,
(KC) Kyle Cook
http://www.invisio.com
Web site design, database driven sites,
and shopping cart programming.
Great sites, value priced!
