On Fri, 2007-04-13 at 21:10 +0800, Wei Chen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Greg Folkert wrote: > >> After rebooting it again, I found famd still ran as me. Is famd supposed > >> to behave like this? I never think a daemon that starts from init script > >> should change itself to a normal user privilege. And another etch box of > >> mine has famd running as root correctly. Is this a bug? > > > > Yes, why would you have it run as root? > > > > FAM is a userland process for monitoring YOUR files YOU have open. I > > have FAM installed on a server of mine, when I connect using IMAP, it > > runs as my user. FAM == File Alteration Monitor. > > I do not think so. I also have other services running on my box and they > either run as root or as their own system user. > > Yes FAM is used to monitor files of mine. But after the daemon changes > its privilege to a normal user, it cannot change back to root again. So > on a multi-user system, when other users want to monitor *their* files, > the daemon cannot get access to them. That is the point why such a > daemon should not change itself to a normal user of the system. User owned FAM is spawned from the root daemon, just like SSH. Separation of privileges and all that. The FAM daemons spawned from the root one just end after the user does a logout. The root one stays there waiting to spawn a priv sep'd for the user. -- greg, greg@gregfolkert.net Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup
Attachment:
signature.asc
Description: This is a digitally signed message part