(Illustration by Gaich Muramatsu)
On Mon, May 19, 2003 at 05:37:40PM +0200, Markus Markert wrote: > when i make a ps -aux in the shell, the coda processes are running under root. > now my question: > > can i run the processes (start coda,venus...) under a other user or does coda > must have root privileges? We do a few things that won't really work when we run as a non-root users. Many of these can probably be worked around. Here is a quick list off of the top of my head. - We change the ulimit settings so that we can mmap or allocate enough address space to load RVM data into memory. Alternatively the administrator would have to make sure there are no such resource limits set as raising limits requires root. - When using raw partitions for RVM we need to open the block device /dev/hdX or /dev/sdX. Alternatively we can use RVM in files. - The /dev/coda device is commonly installed so that only root can open it read-write. Simply chown /dev/coda by the admin can fix this. - Venus directly mounts /coda using sys_mount which requires root privs. Exec'ing into a dedicated setuid mount program would help, as we already fork to complete the mount. There has also been some discussion about swapping the responsibility and having venus run as a child of the 'mounting' process. - rpc2portmap and auth2 daemons open low portnumbers (369/370). We can probably drop priviledges right after opening the udp socket. So the only processes that at the moment can run as non-root processes without modifications seem to be updateclnt and updatesrv. JanReceived on 2003-05-19 18:52:13