Re: Famd running with my user id?
On 4/14/07, Greg Folkert <firstname.lastname@example.org> wrote:
On Fri, 2007-04-13 at 21:10 +0800, Wei Chen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Greg Folkert wrote:
> >> After rebooting it again, I found famd still ran as me. Is famd supposed
> >> to behave like this? I never think a daemon that starts from init script
> >> should change itself to a normal user privilege. And another etch box of
> >> mine has famd running as root correctly. Is this a bug?
> > Yes, why would you have it run as root?
> > FAM is a userland process for monitoring YOUR files YOU have open. I
> > have FAM installed on a server of mine, when I connect using IMAP, it
> > runs as my user. FAM == File Alteration Monitor.
> I do not think so. I also have other services running on my box and they
> either run as root or as their own system user.
> Yes FAM is used to monitor files of mine. But after the daemon changes
> its privilege to a normal user, it cannot change back to root again. So
> on a multi-user system, when other users want to monitor *their* files,
> the daemon cannot get access to them. That is the point why such a
> daemon should not change itself to a normal user of the system.
User owned FAM is spawned from the root daemon, just like SSH.
Separation of privileges and all that.
The FAM daemons spawned from the root one just end after the user does a
The root one stays there waiting to spawn a priv sep'd for the user.
That is what the problem is. The one that runs with my user-id is the one that
is started along with other daemons at the boot time. That is the only one
process in the box that named /famd/. There is no another one that runs as
root. Furthermore, I have no idea of /logout/ because I have not logged-in
since I never know how to use that daemon/service.
(The package was automatically installed maybe due to some dependencies.
Maybe I shall have it removed later since my box is a desktop and I don't do
things like monitoring file changes.)
From what you said, I guess it may be a bug I am afraid. I shall file a bug
report tomorrow if it really is.