|
|
|
|
|
|
by Calzifer
1326 days ago
|
|
|
> Have an administrator `setcap cap_net_bind_service=+ep /your/binary/here` and you can use any port you want. And remember to do it again every time the binary is updated :/ > chown /etc to nobody:wheel and Bad idea! nobody is supposed to own no files at all. You run untrusted services (or untrusted users without account; something like anonymous FTP access) as nobody. This would potentially allow the least trusted entity to change your configs. Apart from that. Since root can read any file anyways there is no reason to change the owner. And some programs may complain if the configuration is not owned by root. |
|
|
Depends on the way the file is replaced; if it's overwritten and not deleted + created, the flag should stick around I believe.
> Bad idea! nobody is supposed to own no files at all. You run untrusted services (or untrusted users without account; something like anonymous FTP access) as nobody. This would potentially allow the least trusted entity to change your configs.
You're right, should've used root:wheel rather than nobody:wheel. Oops...