[SOLVED] How to change to the possible user ID?

lesca · 02-26-2011, 04:49 AM

Hello everyone

I have installed tftpd on Ubuntu, but I think it not secure very much. So I read its manual, and it says:

Quote:

The server should have the user ID with the lowest possible privilege.

I find the server has the root UID:

Code:

$ ps -ef | grep xinetd
UID        PID  PPID  C STIME TTY          TIME CMD
root      3556     1  0 16:08 ?        00:00:00 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6

So how can I change its UID to the lowest possible privilege?

Any tip is welcome!
Thanks!

acid_kewpie · 02-26-2011, 04:57 AM

nothing to do with programming, moved to Linux - Newbie.

the xinetd user is not the tftpd user. If you've read the manual then you'll surely already know about the -u option. "man tftpd" if not. it should default to "nobody" which is pretty jolly unprivileged, but if you do want to change anything, it'll be in /etc/xinetd.d/tftp

lesca · 02-26-2011, 05:24 AM

Quote:

Originally Posted by acid_kewpie

nothing to do with programming, moved to Linux

I am sorry. But how to move?

Quote:

Originally Posted by acid_kewpie

the xinetd user is not the tftpd user.

I think I am right, because I find it is the xinetd listening on port 69:

Code:

$ sudo netstat -lnput
Active Internet connections (only servers)
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      929/sshd        
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1181/cupsd      
tcp        0      0 0.0.0.0:1723            0.0.0.0:*               LISTEN      1110/pptpd      
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1172/mysqld     
tcp6       0      0 :::80                   :::*                    LISTEN      1253/apache2    
tcp6       0      0 :::22                   :::*                    LISTEN      929/sshd        
tcp6       0      0 ::1:631                 :::*                    LISTEN      1181/cupsd      
udp        0      0 0.0.0.0:52537           0.0.0.0:*                           960/avahi-daemon: r
udp        0      0 0.0.0.0:68              0.0.0.0:*                           1834/dhclient   
udp        0      0 0.0.0.0:69              0.0.0.0:*                           3556/xinetd     
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           960/avahi-daemon: r

Quote:

Originally Posted by acid_kewpie

If you've read the manual then you'll surely already know about the -u option.

I have read it, but there is no -u option

lesca · 02-26-2011, 06:07 AM

Thank you acid_kewpie anyway.
I read the "xinetd" manual, and now I know how does it work.