From owner-freebsd-ports Thu Jan 4 5:23:53 2001 From owner-freebsd-ports@FreeBSD.ORG Thu Jan 4 05:23:50 2001 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from rnocserv.urc.ac.ru (rnocserv.urc.ac.ru [193.233.85.2]) by hub.freebsd.org (Postfix) with ESMTP id E792837B400; Thu, 4 Jan 2001 05:23:38 -0800 (PST) Received: from belle.RNOC-dialup.urc.ac.ru (belle.RNOC-dialup.urc.ac.ru [193.233.85.126]) by rnocserv.urc.ac.ru (8.11.0/8.11.1) with ESMTP id f04DNJJ88504; Thu, 4 Jan 2001 18:23:19 +0500 (YEKT) (envelope-from anton@urc.ac.ru) Date: Thu, 4 Jan 2001 18:23:17 +0500 (YEKT) From: Anton Voronin X-Sender: anton@belle.rnoc-dialup.urc.ac.ru To: Andreas Klemm Cc: Will Andrews , ports@FreeBSD.org Subject: Re: need tas scripts necessarily run under root privileges, could that be changed ? (Re: cvs commit: ports/net Makefile ports/net/tas Makefile distinfo pkg-comment pkg-descr pkg-plist) In-Reply-To: <20010104105235.A3815@titan.klemm.gtn.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 4 Jan 2001, Andreas Klemm wrote: > Hi ! > > Package looks cool. Want to install it on my FreeBSD server > to monitor traffic over my cisco 2516 to my ISP... > > Currently I already have a cisco user to monitor traffic using rsh. > > I alwas try to use a pseudo user to run complex scripts than having > to run foreign/complex scripts under root privileges. > > Current tas design needs to run at least 2 scripts with root privileges > > -rwxr--r-- 1 root wheel 16887 Jan 4 10:02 AcctLog > -rwx------ 1 root wheel 853 Jan 4 10:02 AcctSquid > > Is this really necessary ? Do you use perl functions, that require it ? > > I would be glad if the current design could be changed, so that > your fine package can be run under whatever user privilege. I've fixed file permissions in the "snap" archive (http://rnoc.urc.ac.ru/~anton/projects/files/tas-current.tar.gz), but will update the port after the new version released, which I expect in a couple of weeks. > An additional bnonus for easy handling with any ports system would be, > if you could provide a setup script, that is executed only once by > root, to create a directory, where such a pseudo user (tas ???) > has the permission to write the statistics to, i.e.: /var/account/tas > > The addition and deletion of this pseudo user can easily be handled > by the FreeBSD ports collection, we already have other ports, that > can do that even when the port comes in "package" format (compiled/ > packaged). > > I think this would be a clean design, do that sysadmin can be > pretty sure, that nothing bad happens to their production system. Hmm... tas implies use of periodic scripts that run as root anyway. But if someone prefers to run them via cron for a special user, I guess, for the next version I'll make all the scripts to use some common config file and take the storage directory from it, so it will be possible to specify a directory writeable by that special user. Thanks, Anton > I hope you took my recommendation right > > Andreas /// > > -- > Andreas Klemm Powered by FreeBSD SMP > Songs from our band >>64Bits<<............http://www.apsfilter.org/64bits.html > My homepage................................ http://people.FreeBSD.ORG/~andreas > Please note: Apsfilter got a NEW HOME................http://www.apsfilter.org/ > Anton Voronin Ural Regional Center of FREEnet, Southern Ural State University, Chelyabinsk, Russia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message