I have just been playing with the new authbind package (excellent work Ian).
It works fine however I do have problems with daemons wanting to write to
/var/run. If daemons were configured to truncate the pid file in /var/run on
exit then I could just put appropriate files in there with appropriate
ownership and things would be fine.
However most daemons want to create a file in /var/run at startup and delete it
at exit. This means that the daemon needs write access to /var/run. On my
test machine I have changed /var/run to be owned by group daemon, world and
group writable, and have the sticky bit set. This means that any daemon can
write a file there but daemons can't overwrite each other's files.
What do you think of this idea? To take advantage of authbind we need to do
something about /var/run. My changes work, I believe that they (or some better
alternative that someone here comes up with) should be implemented.