Apple Rackmounts
Eric Soroos
eric-ul at soroos.net
Tue May 14 12:45:49 PDT 2002
On Tue, 14 May 2002 21:21:58 +0200 in message
<p0511170eb90712c2fda9@[194.185.162.13]>, Paolo Valdemarin
<paolo.valdemarin at evectors.it> wrote:
> --You wrote:
> >That's a compelling reason to have a 'headless' version of Frontier
> >which runs as a daemon under a privileged user.
>
> For what is worth, we are running Frontier under a privileged user
> using a startup script. The cool thing is that Frontier starts up
> also without having a user logged in, so we often end up with the
> log-on screen AND frontier running (with all its GUI loaded and
> working).
Unfortunately in this configuration, anyone who has access to the gui
is root. And, if someone were to figure out a hole in your app or
frontier, they could be root. (it is rare, but it has happened.)
Running webservers as root is not a good idea, as Microsoft has
shown over and over.
You're better off using port forwarding to get around the few root
privleges that you need rather than granting anyone root access. I've
got a startup script that does the port forwarding if you need one.
eric
More information about the Frontier-Users
mailing list