Security on Gentoo
From XtremWebCH Wiki
| |
| Security on Gentoo | |
| Security on Window | |
| Security on Linux | |
| Security of the dispatcher | |
| Security of the worker | |
| Security of the relay | |
| Security of the database |
On Gentoo special adaptation of the worker and the relay are available to ensure the safety of XWCH and of the computer.
Contents |
Special user
All operations of the worker or the relay run only under special unprivileged users. This achieve that no one can login as these user.
The relay run under the xtremwebrelais user. The worker run under the xtremwebclient user.
Specifically folder used
Worker
All temporary data of the worker (application that should be run by the worker and the data that should be use) go only under /var/run/xtremwebclient. All application that are locate under this folder are ensure to only run as xtremwebclient user (using set on execute). The folder /var/run/xtremwebclient is by default unreadable by normal user. This achieve that no one can read data that are used by the worker.
Relay
All temporary data of the relay (data that should be use) go only under /var/run/xtremwebrelais. The folder /var/run/xtremwebrelais is by default unreadable by normal user. This achieve that no one can read data that are used by the relay.
Priority of the process of the Relay or the Worker
No specifically feature are used by default to control the priority of theses process, but the normal feature of Gentoo to control these priority are available.
Quota
No quota are used, by default, with the gentoo program. It is possibly to use the underlying quota system of Gentoo.
Cronjob
The cronjob that auto restart the XWCH program run as root user. This is need because the cronjob use the /etc/init.d script to check (and reboot if needed) the program.
Chroot
Actually, no chroot features are available for the worker or the relay on Gentoo.
| About the worker | About the relay | About the dispatcher | About the livecd | About the cronjob | About security |
