> Darren J Moffat wrote:
> > Michael Shapiro wrote:
> >> I've put an updated set of materials from the project team in the
> >> case directory under "commit.materials". This includes a new
> >> document ndmp_rbac.txt which describes the RBAC assignments.
> >
> > The ndmp_rbac.txt document in section 5.1 says that the daemon will run
> > as uid=bin,gid=sys plus privileges. Why uid of bin and gid of sys ?
> > Why not daemon as the uid and gid like many other system daemons ?
> >
>
> Good question. Running with uid=daemon instead of bin is arbitrary, but
Or perhaps even better as "noaccess" if it's the intent to not
have any specific access due to uid or gid.
> it's a useful convention to follow. Running with gid=daemon instead of
> sys is actually more important since group sys confers some additional
> capabilities, like the ability to read /dev/mem for example.
Gary..
