[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: preferences api
|
From: |
Rogelio M . Serrano Jr . |
|
Subject: |
Re: preferences api |
|
Date: |
Mon, 16 Aug 2004 15:08:45 +0800 |
On 2004-08-16 14:23:54 +0800 Richard Frith-Macdonald <richard@brainstorm.co.uk>
wrote:
>
> On 16 Aug 2004, at 06:30, Rogelio M.Serrano Jr. wrote:
>
>> On 2004-08-16 12:53:10 +0800 Richard Frith-Macdonald
>> <richard@brainstorm.co.uk> wrote:
>>
>> [snipped...]
>>> No, there is a single user defaults database for each user.
>>>> This still leaves my original question unanswered. How do system daemons
>>>> store and access their configs in GNUstep?
>>> Exactly like any other program ...they use the user defaults database
>>> belonging to the user they are running as.
>>> As a general principle of security, a daemon should not run as root unless
>>> it really needs to, but if it did, it would use the root user defaults
>>> database.
>>> All the daemon (24*7 server) processes I write for the company I work for
>>> are expected (for security) to run as a well known user. When we install
>>> our software, we set up a user account for it, and the processes check (on
>>> startup) that they are running as the expected user.
>>> I don't think daemons are a problem for the current user defaults system
>>> at all ...
>> [snipped..]
>>
>> I see. So all daemons need to have a home directory where the defaults
>> files will be stored?
> Yes ... normally all users have a home directory, so you have to *work* at
> not having one!
>
>> Management of the daemon will require login as that user before you run the
>> management apps. Or should root run the management apps and change
>> identity?
> You can do either, but it's conventional for daemons to be run on system
> startup. The system startup scripts run as root and change identity to start
> individual systems.
>
>> Thats one of the issue for the prgrams i wrote because they dont have home
>> directories. I just put them in /etc for now.
>
> I'm not sure what you mean by this ... programs don't have home directories
> under unix ... users do.
> Programs are run by/as particular users.
Well the user associated with the daemon needs to have a home directory. And if
we use NSUserDefaults that means the setting for the programs will be placed in
the users home directory. If we run my NetcconfigD as nobody then there must be
a valid user named nobody.
>
>> But it does not work with NSUserDefaults at all.
> On most systems, unless you work hard to prevent things working, they will
> work fine.
>
>> Should we add /etc to the NSUserDefaults path?
>
> There isn't an NSUserDefaults path.
> The user defaults files are (normally) located in a subdirectory of the users
> home directory, but may be located elsewhere if the .GNUsteprc file
> configures it so.
>
>> Im going to use selinux later and im going to run them as root anyway.
> Running daemons as root is a really, really bad idea ... you need to be VERY
> careful about the code.
>
>> And have a group of administrators. Where do we put the file with access to
>> these administrators without exposing roots settings? Another user?
>
> You could have a copy of the 'defaults' program setuid to root and with
> execute access for the group members.
> The defaults database would be in root's home directory as normal.
>
>
- preferences api, Rogelio Serrano, 2004/08/13
- Re: preferences api, Gregory John Casamento, 2004/08/13
- Re: preferences api, Rogelio M . Serrano Jr ., 2004/08/15
- Re: preferences api, Rogelio M . Serrano Jr ., 2004/08/16
- Re: preferences api, Richard Frith-Macdonald, 2004/08/16
- Re: preferences api, Rogelio M . Serrano Jr ., 2004/08/16
- Re: preferences api, Richard Frith-Macdonald, 2004/08/16
- Re: preferences api,
Rogelio M . Serrano Jr . <=
- Re: preferences api, Pete French, 2004/08/16
- Re: preferences api, Richard Frith-Macdonald, 2004/08/16
- Re: preferences api, Rogelio Serrano, 2004/08/16