Re: ITS#98 'user' patch for BSD systems

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Kurt D. Zeilenga wrote:
>patl@phoenix.volant.org wrote:
> Allowing per backend additions to the group list would be counter intuitive.
> I beleive the user and group configuration options be required before
> any backend specification.  It should be an fatal error to have multiple
> "user" or multiple "group" directives.

Quite so.

> If no password entry was available for the uid, exit.

Wow.  For security, or for simplicity?  If the latter, it's easy enough
to be nicer: If uid _and_ a group is specified, we can do setuid,
setgid, and like you mentioned setgroups(0, groups).  But exit if uid
was given but no group.

> I would recommend chroot'ing BEFORE reading the configuration files.

If it's done that early, couldn't the sysadmin just as well
use the chroot shell command?

> I also recommend changing uid/gid before reading the configuration
> file.

Then the startup sequence must be rearranged quite a bit.  The most
user-visible change might be that the pid file (which is specified by
the config file) must then be written _after_ the bind().  That would be
a pity; the file should exist as early as possible.

I think it would be better to bite the bullet and follow Pat's
suggestion to split read_config():  Parse the config file early, obey
it later.  Which means the config info must be remembered somewhere.

Besides, I dislike command line arguments for configuration, so I hope
to instead provide config-file options that (optionally) can be used
instead of most command line arguments.

-- 
Hallvard