On Mon, May 19, 2003 at 05:37:40PM +0200, Markus Markert wrote:
> when i make a ps -aux in the shell, the coda processes are running under root.
> now my question:
> 
> can i run the processes (start coda,venus...) under a other user or does coda 
> must have root privileges?

We do a few things that won't really work when we run as a non-root users.
Many of these can probably be worked around. Here is a quick list off of
the top of my head.

- We change the ulimit settings so that we can mmap or allocate enough
  address space to load RVM data into memory. Alternatively the
  administrator would have to make sure there are no such resource
  limits set as raising limits requires root.

- When using raw partitions for RVM we need to open the block device
  /dev/hdX or /dev/sdX. Alternatively we can use RVM in files.

- The /dev/coda device is commonly installed so that only root can open
  it read-write. Simply chown /dev/coda by the admin can fix this.

- Venus directly mounts /coda using sys_mount which requires root privs.
  Exec'ing into a dedicated setuid mount program would help, as we
  already fork to complete the mount. There has also been some
  discussion about swapping the responsibility and having venus run as a
  child of the 'mounting' process.

- rpc2portmap and auth2 daemons open low portnumbers (369/370).
  We can probably drop priviledges right after opening the udp socket.

So the only processes that at the moment can run as non-root processes
without modifications seem to be updateclnt and updatesrv.

Jan