# This file is default for Debian packaging. # the Free Software Foundation either version 3 of the License, or # it under the terms of the GNU General Public License as published by # Shadowsocks-libev is free software you can redistribute it and/or modify etc/systemd/system//rvice # This file is part of shadowsocks-libev. Thanks to telcoM's answer and comments, I found the following file: So I'm wondering if this numeric user ID will be stable across reboots. I was thinking about changing the ownership of /etc/shadowsocks-libev/config.json (or its parent directory). Therefore, the fact that the config file is readable by any user is, IMO, a (mild?) security vulnerability. Ideally, only the ss-server program, and any ss-client programs that connect to ss-server would know this password. This configuration file contains (by default) a semi-confidential password (that was presumably generated when the package was installed on the system). This configuration file (as installed by default on Ubuntu) is readable by any user. Ss-server reads its configuration file /etc/shadowsocks-libev/config.json. Ss-server runs (at least at present) as user 64677. In response to telcoM's answer, I will provide additional background information that explains why I am curious about the shadowsocks-libev user. So the question remains, where is this user defined? But even so, that user is not present in /etc/passwd. It is possible that the actual username is something like shadowsocks, and it is being truncated down to 8 characters. Where is this shadows+ user defined? I do not see this user listed in /etc/passwd. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ss-server is running as user shadows+, as can be seen below: $ ps u -C ss-server I am running the ss-server proxy (from the shadowsocks-libev package) on Ubuntu.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |