[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: preferences api
From: |
Richard Frith-Macdonald |
Subject: |
Re: preferences api |
Date: |
Mon, 16 Aug 2004 07:23:54 +0100 |
On 16 Aug 2004, at 06:30, Rogelio M.Serrano Jr. wrote:
On 2004-08-16 12:53:10 +0800 Richard Frith-Macdonald
<richard@brainstorm.co.uk> wrote:
[snipped...]
No, there is a single user defaults database for each user.
This still leaves my original question unanswered. How do system
daemons store and access their configs in GNUstep?
Exactly like any other program ...they use the user defaults database
belonging to the user they are running as.
As a general principle of security, a daemon should not run as root
unless it really needs to, but if it did, it would use the root user
defaults database.
All the daemon (24*7 server) processes I write for the company I work
for are expected (for security) to run as a well known user. When we
install our software, we set up a user account for it, and the
processes check (on startup) that they are running as the expected
user.
I don't think daemons are a problem for the current user defaults
system at all ...
[snipped..]
I see. So all daemons need to have a home directory where the defaults
files will be stored?
Yes ... normally all users have a home directory, so you have to *work*
at not having one!
Management of the daemon will require login as that user before you
run the management apps. Or should root run the management apps and
change identity?
You can do either, but it's conventional for daemons to be run on
system startup. The system startup scripts run as root and change
identity to start individual systems.
> Thats one of the issue for the prgrams i wrote because they dont have
home directories. I just put them in /etc for now.
I'm not sure what you mean by this ... programs don't have
home directories under unix ... users do.
Programs are run by/as particular users.
But it does not work with NSUserDefaults at all.
On most systems, unless you work hard to prevent things working, they
will work fine.
Should we add /etc to the NSUserDefaults path?
There isn't an NSUserDefaults path.
The user defaults files are (normally) located in a subdirectory of the
users home directory, but may be located elsewhere if the .GNUsteprc
file configures it so.
Im going to use selinux later and im going to run them as root anyway.
Running daemons as root is a really, really bad idea ... you need to be
VERY careful about the code.
And have a group of administrators. Where do we put the file with
access to these administrators without exposing roots settings?
Another user?
You could have a copy of the 'defaults' program setuid to root and with
execute access for the group members.
The defaults database would be in root's home directory as normal.
- preferences api, Rogelio Serrano, 2004/08/13
- Re: preferences api, Gregory John Casamento, 2004/08/13
- Re: preferences api, Rogelio M . Serrano Jr ., 2004/08/15
- Re: preferences api, Rogelio M . Serrano Jr ., 2004/08/16
- Re: preferences api, Richard Frith-Macdonald, 2004/08/16
- Re: preferences api, Rogelio M . Serrano Jr ., 2004/08/16
- Re: preferences api,
Richard Frith-Macdonald <=
- Re: preferences api, Rogelio M . Serrano Jr ., 2004/08/16
- Re: preferences api, Pete French, 2004/08/16
- Re: preferences api, Richard Frith-Macdonald, 2004/08/16
- Re: preferences api, Rogelio Serrano, 2004/08/16