running arlad as a user besides root
Love
lha at stacken.kth.se
Sat Feb 19 19:15:08 CET 2000
Chris Wing <wingc at engin.umich.edu> writes:
> I've been playing around with making as many daemons as I can run as
> unprivileged users, instead of root. I've made a patch to arla that lets
> you specify a user name to switch to on the arlad command line. As far as
> I can tell, as long as that user can write to the cache directory,
> everything works fine:
That should be about it. I think you are too afraid of running things as
root :)
If you trusts your afs token and your files to arla, I think you have lost
anyway. And since arlad can open whatever file and write to it there is no
extra security by letting it run as another use then root.
> Is anyone else interested in this patch, do any of the arla guys have any
> comments? (the one necessary hack was making the xfs kernel module grant
> fhopen privileges to any uid that opened a xfs device)
On all system fhget/fhopen isn't implemented by xfs. It's a native syscall
on current *BSD.
I think you have started a good thing, security screening of arla. We have
done some work doing it, but there need to be done more. There is for
example lots of trust of what the fileserver gives to the client, if there
is invalid information arlad might do a abort().
I personally don't think that is nessecery to run arlad an user != root.
Haven't talked yet to the other arla people, but I would think that they
think the same.
If you come with a good argument of not running arlad as root, I'm happy to
include it. But I think that it gives false security.
Love
More information about the Arla-drinkers
mailing list