Chris Josephes wrote: > Most people don't run memcached on a privileged port, but even if they wanted > to, the following method_context block in the manifest would accommodate that. > > <method_context> > <method_credential user='noaccess' > privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr'> > <method_context> > > This lets memcached bind to any port. More importantly, memcache NEVER has > full root privileges when it is invoked in this manor. If an administrator > wants to change which user memcache runs as, they modify the property > "start/user". > > Using the -u method, memcached initially starts as root and changes to a > different user account on its own accord. So we're trusting memcache to do > the right thing, instead of having the OS enforce security levels. > <joke> So I have to choose who to trust? an unknown party of kernel developers or myself??? </joke>
To be serious, yes things could be done a bit differently but this solution requires the least architectural review and meets user needs without being too complicated. Cheers, Trond
