Buried under debug tips is a list of Orion startup options. Take a look
under properties (about halfway down the page at
http://www.orionserver.com/howtos/debug-tips.html , where you'll find
"native.user Used to run Orion under another user than root for unix systems"
I remember this being mentioned on the mail list before, so perhaps there's
some details in the archives. I haven't tried it, yet...
If it works I recommend that you make a separate orion user and group, and
you might want to run it chroot'd also. If Orion's successful enough the
script kiddies <sigh/> will start publishing exploits.
Kirk Yarina
At 09:42 PM 9/28/00 -0400, you wrote:
>Thanks to all who replied.
>
>Acually, my original message was not too well written. I was not concerned
>about the port mapping issue. Thats not a big deal. We already have that
>issue with other processes, such as Apache, which runs as user nobody.
>
>Our issue is where to install Orion, what permissions each file should
>have, what user Orion should run as and so on. We would prefer Orion not
>run as root (we don't let Apache run as root either) and that its files
>not all be world writable by default (which is what happens when we unzip
>it onto our Debian system).
>
>Mostly, we need to know what directories Orion needs to write in, what
>ones it does not, which files it needs to edit and so on. Below is a note
>from the guy who has been working on this. He explaines our problem and
>the partial solution he worked up in detail:
>
>Jim,
>
>I figured out most of the pieces needed to do it, but we
>still have a problem.
<snip>
Kirk Yarina
[EMAIL PROTECTED]
