Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ossec-execd should support more granular controls around uid/gid of self and children #215

Open
drawks opened this issue May 27, 2014 · 0 comments
Open

ossec-execd should support more granular controls around uid/gid of self and children #215

drawks opened this issue May 27, 2014 · 0 comments
Labels
enhancement feature-request needs-volunteers

Comments

@drawks
Copy link

drawks commented May 27, 2014

As mentioned in the discussion in issue #207 execd is run as root as doesn't drop privileges since it may be used typically for executing active response commands which typically required root permissions. It would be a nice feature if execd could optionally drop root privileges if they aren't required by the end user's configuration.

Likewise if exed is run with root privileges it would be nice if the command portion of the active response configuration allowed the uid/gid of spawned processes to be specified. This would allow for the normal practice of least required privileges to be extended to child processes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement feature-request needs-volunteers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jrossi @drawks