On Fri, Sep 08, 2006 at 02:19:37PM +0200, Yannick Lecaillez wrote: > > > I'm agree too. kdbd shouldn't have to be run as root. But actually its
It could run as root, but not setuid. In fact I think that the normal use case would be to launch the daemon as root, do the initialization things that requires root rights (if any) then drop privileges by becoming elektra.elektra, and regain root privileges only when needed, that is when accessing a file (or a db) which is not readable/writable by the elektra.elektra user. It even seems to me that it would make sense to drop privileges even when called directly from libelektra, say in the filesys backend. > We have to change this behaviour : no more store user settings into > their respective home directory but into a central place. For berkeleydb > that could give something like : > > /etc/kdb-berkeley/system.db <= system/ namespace > /etc/kdb-berkeley/user:yl.db <= user:yl/ namespace > /etc/kdb-berkeley/user:foo.db <= user:foo/ namespace > ... and so on For berkeleydb, yes, but for filesys it may be more simple and hopefully not less secure to regain and redrop privileges only for the file open and close. Indeed if things are in the user HOME, it could be less easy for a malicious user to steal things or the like. > Yeah, i'm disagree too :-/ As i said yet, for me that smell like ugly > hack. I'd prefere a lot to allow namespace to backend mapping. Please > refere to a previous post : > http://article.gmane.org/gmane.comp.lib.elektra.devel/23 > Backend mapping will allow init to use filesys backend (which is perfect > for low-level stuff) while still allowing other higher level software > benefit of the speed of daemon + berkeleydb. > Mapping will then allow to launch daemon a bit later in the boot process > using a standard init script. Agreed. Moreover config required by initscripts should be robust, simple and easy to repair, binary db aren't good at that. > So, i mainly agree with you but the part about "error out when the > daemon is not started". Since in my mind connection could simply die > (timeout) without reflecting a problem from kdbd. libelektra-daemon > should be able to "re-connect" automaticaly in this case. In short : > make kdbOpen() and "connectToDaemon()" different things (which is not > the case actually). Agreed. -- Pat ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Registry-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/registry-list
