Re: possible bugs in xfs-related packages
On 23/11/99 Henrique M Holschuh wrote:
Maybe the xfs packages will need to be started already suid to a xfs user
after all... :-(
I have been meaning to bring this up...
I assume you mean its running into permission problems with
/var/run/xfs.pid? (i can't think of anything else it needs
privileges for that it does not have as nobody)
this would be solved by the subdirectory in /var/run that xfs can
write to its pid.
and further to this, xfs should not be run as nobody, I do not think
anything that writes to files anywhere should be running as nobody
but rather its own user (please see recent archives on this)
also xfstt runs as root till it gets a connection then it forks as
nobody, i think it should not run as root at all but the maintainer
(Stephen J. Carpenter) is not going to change this unless there is a
xfs user defined in debian for this use. (Wichert I think your
maintainer of base-passwd, comments?)
we have at least 3 xfses: xfs-xtt, xfs, xfstt I propose that one
user (xfs) is allocated for use by all three, they would be *started*
as user xfs and always run as user xfs anything they need to write to
should be make writable by user xfs, in this case the pids should be
placed in /var/run/xfs which is writable by the xfs user.
/tmp/.font-unix would be owned by the xfs user and /var/cache/xfstt
would be writable by xfs.
I do not think it is much of a risk to have xfs and xfstt sharing
this account but i think its much better then them sharing the nobody
account along with other things...
also I think that there should be no files anywhere owned by nobody
and currently that is required because the xfs's run as nobody.
just as a note, redhat runs xfs as user xfs full time, its never
root. redhat gets around pid file problems with a kinda gross
/var/lock/subsys concoction, but i think /var/run subdirectories is
better.
Best Regards,
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
Reply to: