discuss-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: preferences api


From: Richard Frith-Macdonald
Subject: Re: preferences api
Date: Mon, 16 Aug 2004 07:23:54 +0100


On 16 Aug 2004, at 06:30, Rogelio M.Serrano Jr. wrote:

On 2004-08-16 12:53:10 +0800 Richard Frith-Macdonald <address@hidden> wrote:

[snipped...]
No, there is a single user defaults database for each user.
This still leaves my original question unanswered. How do system daemons store and access their configs in GNUstep?
Exactly like any other program ...they use the user defaults database belonging to the user they are running as. As a general principle of security, a daemon should not run as root unless it really needs to, but if it did, it would use the root user defaults database. All the daemon (24*7 server) processes I write for the company I work for are expected (for security) to run as a well known user. When we install our software, we set up a user account for it, and the processes check (on startup) that they are running as the expected user. I don't think daemons are a problem for the current user defaults system at all ...
[snipped..]

I see. So all daemons need to have a home directory where the defaults files will be stored?
Yes ... normally all users have a home directory, so you have to *work* at not having one!

Management of the daemon will require login as that user before you run the management apps. Or should root run the management apps and change identity?
You can do either, but it's conventional for daemons to be run on system startup. The system startup scripts run as root and change identity to start individual systems.

> Thats one of the issue for the prgrams i wrote because they dont have home directories. I just put them in /etc for now.

I'm not sure what you mean by this ... programs don't have home directories under unix ... users do.
Programs are run by/as particular users.

But it does not work with NSUserDefaults at all.
On most systems, unless you work hard to prevent things working, they will work fine.

Should we add /etc to the NSUserDefaults path?

There isn't an NSUserDefaults path.
The user defaults files are (normally) located in a subdirectory of the users home directory, but may be located elsewhere if the .GNUsteprc file configures it so.

Im going to use selinux later and im going to run them as root anyway.
Running daemons as root is a really, really bad idea ... you need to be VERY careful about the code.

And have a group of administrators. Where do we put the file with access to these administrators without exposing roots settings? Another user?

You could have a copy of the 'defaults' program setuid to root and with execute access for the group members.
The defaults database would be in root's home directory as normal.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]