Re: policy on start-stop-daemon
On Mon, 11 Feb 2002 19:35, Julian Gilbey wrote:
> > When policy is opened up for changes again (after the release of woody) I
> > plan to propose the following change:
> >
> > Either start-stop-daemon should not be called from cron, or if it is
> > called from cron then it should be called with a special parameter to
> > indicate that it is being run from cron.
> >
> > Then systems such as SE Linux which need to change the functionality of
> > start-stop-daemon to give special privs to daemons can determine if a
> > program is being started from a cron job and act accordingly.
> >
> > My current SE Linux code requires that the administrator password be
> > entered to start a daemon from any program other than init (which results
> > in cron jobs using start-stop-daemon such as those from man-db aborting
> > because there is no terminal device).
>
> Can't you write a start-stop-daemon wrapper which essentially says
> "what's my ppid? If it's the pid of a cron daemon, then ...,
How do you recognise the cron daemon? Appearing to be /usr/sbin/cron isn't
good enough...
> otherwise just run the true start-stop-daemon as per normal", or
> modify your SE Linux start-stop-daemon to allow daemons to be started
> from cron or from init, or ....
>
> I'm really not sure that allowing Joe User to type start-stop-daemon
> --cron ... is what you're really looking for.
Running it with --cron would not skip any security checks or grant any
special access, it would merely mean "don't try to grant any extra access if
doing so requires asking for a password or other tty access".
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: