Nathan Zook writes:
The NYET-software runs as superuser on the ISP's machine. All minor accounts have a corresponding configuration file sitting in their account owner's parent's directory, which is locked with read/write by owner only flags. The correspondence between minor and parent accounts sits in a file owned by root and similiarly locked.
Just a minor technical comment: Based on my rather limited experience lurking on the firewalls list, I believe the preferred security-conscious method of running such daemons involves _not_ giving them su/root privileges. Dr. FBC's thttp, for example, runs as a user named, e.g., "www" with pretty ordinary privileges. They are also often run in a chroot()ed "jail", so that the process can't see any directories outside the tree artifically rooted in its home directory. You'd then need some mechanism for the `rents to submit configuration updates to the imprisoned daemon, I suppose. Perhaps digitally-signed email.... -Futplex <futplex@pseudonym.com> "Before you started tokin' you used to have a brain, but now you don't get even the simplest of things...." -Offspring