From owner-freebsd-x11@FreeBSD.ORG Tue Apr 17 22:00:47 2007 Return-Path: X-Original-To: freebsd-x11@FreeBSD.org Delivered-To: freebsd-x11@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D144616A403; Tue, 17 Apr 2007 22:00:47 +0000 (UTC) (envelope-from sec@42.org) Received: from ice.42.org (ice.42.org [194.77.85.2]) by mx1.freebsd.org (Postfix) with ESMTP id 671F113C4AD; Tue, 17 Apr 2007 22:00:47 +0000 (UTC) (envelope-from sec@42.org) Received: by ice.42.org (Postfix, from userid 1000) id 8782AC462; Wed, 18 Apr 2007 00:00:46 +0200 (CEST) Date: Wed, 18 Apr 2007 00:00:46 +0200 From: Stefan `Sec` Zehl To: Florent Thoumie Message-ID: <20070417220046.GC44061@ice.42.org> X-Current-Backlog: 2864 messages References: <200704161141.l3GBfrcY049525@freefall.freebsd.org> <20070417201548.GB44061@ice.42.org> <46253C95.3030808@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <46253C95.3030808@FreeBSD.org> User-Agent: Mutt/1.4.2.2i I-love-doing-this: really X-Modeline: vim:set ts=8 sw=4 smarttab tw=72 si noic notitle: Accept-Languages: de, en X-URL: http://sec.42.org/ Cc: freebsd-x11@FreeBSD.org Subject: Re: ports/109497: x11-servers/xorg-fontserver rc.d/xfs.sh script missing "-user" X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2007 22:00:47 -0000 On Tue, Apr 17, 2007 at 22:31 +0100, Florent Thoumie wrote: > Stefan `Sec` Zehl wrote: > > Hi, > > > > On Mon, Apr 16, 2007 at 11:41 +0000, Florent Thoumie wrote: > >> Synopsis: x11-servers/xorg-fontserver rc.d/xfs.sh script missing "-user" > >> > >> State-Changed-From-To: open->closed > >> State-Changed-By: flz > >> State-Changed-When: Mon Apr 16 11:40:38 UTC 2007 > >> State-Changed-Why: > >> I just checked and other OS'es seem to run it as root as well. > >> > >> If this is a real concern to you, just set xfs_flags="-user nobody" in > >> /etc/rc.conf. I think this is what you're looking for. > > > > Please note that if you set "xfs_user=" to something, the default > > rc.subr will already try to do something with it, and (silently) fail to > > start xfs at all. I do think fixing this would be more user friendly -- > > besides, its only a two-line patch anyway, and it doesn't even change > > the default of running as root. > > > > But if think it's important to refuse this change, I can certainly live > > without that patch. > > This is not what I said, please re-read my message. Ok. I did. As far as I can tell, your message had two points. 1: Others run it as root. 2: I can run it as non-root if I want to by using xfs_flags=... If that isn't what you said, please rephrase, as I must have misunderstood you. Please be patient, as english is not my native language. Therefore let me also rephrase my last answer. First regarding your two points: re 1: - I'm not asking to change the default. So what other OSs run it as is not relevant. re 2: - If you still want to reject the patch I sent, I can live with it as users searching for it will hopefully find the workaround documented in this PR. My additional points I was trying to make: - If someone currently sets "xfs_user=" in rc.conf, this makes xfs fail silently. I think it would be great if it instead would just work. - It is only two lines, so no bloat, and it won't hurt anyone. Hope that clears it up, Sec -- I know I've got it great, really, good job, good friends, loving family, total freedom, and long bubblebaths. what else could there be?