I am not a security specialist. But being a sysadmin I almost know the basics :-)

First thing that I had to know about security is that security and comfort don't match. So, if you want maximum security you have to make the road that leads root to another user a no-return way.

This means, of course, that for minor configuration changes they will be still able to send a HUP and have them immediately applied. But for changes that need root privileges they'll have to restart the program. Not very comfortable, probably, but more secure.

That shouldn't be a big problem anyway, if you provide a init.d-like shell script along with the perl script. That way an administrator could run a /etc/init.d/assp reload for a minor configuration change, and /etc/init.d/assp restart for major changes.

I hope my 2 cents will help

Ciao!
--bronto

# Another Perl edition of a song:
# The End, by The Beatles
END {
  $you->take($love) eq $you->make($love) ;
}

In reply to Re: Changing user and GROUP id for security? by bronto
in thread Changing user and GROUP id for security? by jhanna

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.