[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FHS compliance and UNIX sockets



On Mon, Jan 29, 2001 at 06:47:37AM +0000, Oliver Elphick wrote:
>> So the package should provide /var/run/<package> for them to use?

On Mon, Jan 29, 2001 at 08:58:52PM +1000, Anthony Towns wrote:
> If so, it'd have to have similar permissions to /tmp, which is probably
> asking for trouble. The other extreme would be having directories like
> /var/run/aj/, which also seems like it's asking for trouble.

The /var/run/$USER idea seems fine to me, what sort of trouble does
that run into (aside from not addressing IPC between programs with
different uid's)?

As for using things like named pipes and sockets for IPC for programs
run by different users, I don't see very many good solutions aside from
/var/ipc/$PROG or some trivially equivalent idea (under a different
directory so as to avoid user/program namespace clashes). But the GNOME
issue sounds like it could be readily handled by the per-user scheme.

I don't consider this a big point of contention, it seems mostly a push
to compartmentalize namespaces etc. so that programs' IPC services can't
be as easily impersonated or disrupted by hostile users and buggy programs.
Doing both and distinguishing between single-user and multi-user services
could be a useful technique. How about falling back on per-program
compartmentalization when per-user compartmentalization is insufficient?

By the way, what sort of relationship do these discussions have on what
goes into the FHS? Perhaps we should raise the issue with the standards
writers and see what their thoughts on these ideas are.


Cheers,
Bill



Reply to: