[Date Prev][Date Next]
Re: ITS#98 'user' patch for BSD systems
Kurt D. Zeilenga wrote:
> Allowing per backend additions to the group list would be counter intuitive.
> I beleive the user and group configuration options be required before
> any backend specification. It should be an fatal error to have multiple
> "user" or multiple "group" directives.
> If no password entry was available for the uid, exit.
Wow. For security, or for simplicity? If the latter, it's easy enough
to be nicer: If uid _and_ a group is specified, we can do setuid,
setgid, and like you mentioned setgroups(0, groups). But exit if uid
was given but no group.
> I would recommend chroot'ing BEFORE reading the configuration files.
If it's done that early, couldn't the sysadmin just as well
use the chroot shell command?
> I also recommend changing uid/gid before reading the configuration
Then the startup sequence must be rearranged quite a bit. The most
user-visible change might be that the pid file (which is specified by
the config file) must then be written _after_ the bind(). That would be
a pity; the file should exist as early as possible.
I think it would be better to bite the bullet and follow Pat's
suggestion to split read_config(): Parse the config file early, obey
it later. Which means the config info must be remembered somewhere.
Besides, I dislike command line arguments for configuration, so I hope
to instead provide config-file options that (optionally) can be used
instead of most command line arguments.