On Tue, Feb 18, 2003, Andrews, Martin wrote:
Hi,
> I am trying to control my openpkg services (with cfengine) and just noticed
> that the rc script does not return an error code when the action fails - it
> just prints a warning. What's up with that? I want to know if my start
> fails, or get an error when status finds the service is not running. Adding
> "exit $rc" to the end of rc fixes the problem.
sounds like something to fix.
> Also, just noticed that openpkg runs postgres as the user openpkg-r. Do
> (most) all services run as openpkg-r? Is there an option to set a unique
> user for each service somehow? Otherwise I worry that I will be leaking
> privileges by using this shared account.
We have four privilege levels associated with four user ids:
s_usr essentially root
m_usr owner of the installation (like 'bin')
r_usr services that do not require root may run as r_usr
if they access non-public files or write files themselves.
n_usr non-privileged user that must not own any files (like 'nobody')
services that do not need their own files should run as n_usr.
Of course this does not discriminate between multiple services
within a single OpenPKG installation. However, it is a simple
and thus easily maintainable scheme which therefor adds to the
security of the installation.
If you want to assign different users to each service you can
create multiple OpenPKG hierarchies, each with its own set of
privileged users (except s_usr which is of course the same).
This way not only the uid running services will be separated
but also the uid owning most files. You also avoid security
relevant dependencies because you can reduce a hierarchy to
the minimum set of packages required for a single service.
And finally such a separation makes it trivial to separate
services on individual machines.
Greetings,
--
Michael van Elst
[EMAIL PROTECTED]
______________________________________________________________________
The OpenPKG Project www.openpkg.org
User Communication List [EMAIL PROTECTED]
