Re: [Monotone-devel] Debian package enhancements

[Nathaniel Smith]

On Thu, May 19, 2005 at 01:26:54AM +0200, Tomas Fasth wrote:
> I would not recommend to run a monotone service as root. As far as I
> know, there's nothing in monotone that require root priviledges.

That is correct.  I don't know any reason why monotone would be
insecure, and the code is designed to prevent buffer overruns and all
that, but it's still young code and I can't recommend running it as
root.

It should also be perfectly happy to run in a chroot, assuming all the
normal chroot things are satisfied (access to appropriate shared
libraries, etc.).

> It seem to me that running monotone in serve mode will only be
> applicable to single user machines, right? It seem to me that
> monotone can only serve one set of collections given before hand,
> and that the network port is not configurable at run time (only at
> compile time). In practice this should mean that you can only run
> one predefined set of collections on each machine unless you have
> more than one ip address bound to the same machine.

No, you can specify the port at run time -- just use "serve
<hostname>:<port>" instead of "serve <hostname>".

Another thing to consider is that the monotone server is currently a
little more prone to exiting on error than most servers; it doesn't
cause much of a problem in practice, but it's probably a good idea to
run it under some sort of process supervisor, like runit.  (This is
probably a good idea anyway, because runit is awesome, of course ;-))

-- Nathaniel

-- 
"On arrival in my ward I was immediately served with lunch. `This is
what you ordered yesterday.' I pointed out that I had just arrived,
only to be told: `This is what your bed ordered.'"
  -- Letter to the Editor, The Times, September 2000