Date: Wed, 18 Apr 2007 11:56:51 +0100 From: Florent Thoumie <flz@FreeBSD.org> To: Dejan Lesjak <dejan.lesjak@ijs.si> Cc: Stefan `Sec` Zehl <sec@42.org>, freebsd-x11@freebsd.org Subject: Re: ports/109497: x11-servers/xorg-fontserver rc.d/xfs.sh script missing "-user" Message-ID: <4625F973.90002@FreeBSD.org> In-Reply-To: <200704181250.01295.dejan.lesjak@ijs.si> References: <200704161141.l3GBfrcY049525@freefall.freebsd.org> <46253C95.3030808@FreeBSD.org> <20070417220046.GC44061@ice.42.org> <200704181250.01295.dejan.lesjak@ijs.si>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Dejan Lesjak wrote: > On Wednesday 18 of April 2007, Stefan `Sec` Zehl wrote: >> On Tue, Apr 17, 2007 at 22:31 +0100, Florent Thoumie wrote: >>> Stefan `Sec` Zehl wrote: >>>> Hi, >>>> >>>> On Mon, Apr 16, 2007 at 11:41 +0000, Florent Thoumie wrote: >>>>> Synopsis: x11-servers/xorg-fontserver rc.d/xfs.sh script missing >>>>> "-user" >>>>> >>>>> State-Changed-From-To: open->closed >>>>> State-Changed-By: flz >>>>> State-Changed-When: Mon Apr 16 11:40:38 UTC 2007 >>>>> State-Changed-Why: >>>>> I just checked and other OS'es seem to run it as root as well. >>>>> >>>>> If this is a real concern to you, just set xfs_flags="-user nobody" in >>>>> /etc/rc.conf. I think this is what you're looking for. >>>> Please note that if you set "xfs_user=" to something, the default >>>> rc.subr will already try to do something with it, and (silently) fail >>>> to start xfs at all. I do think fixing this would be more user friendly >>>> -- besides, its only a two-line patch anyway, and it doesn't even >>>> change the default of running as root. >>>> >>>> But if think it's important to refuse this change, I can certainly live >>>> without that patch. >>> This is not what I said, please re-read my message. >> Ok. I did. >> >> As far as I can tell, your message had two points. >> >> 1: Others run it as root. >> 2: I can run it as non-root if I want to by using xfs_flags=... >> >> If that isn't what you said, please rephrase, as I must have >> misunderstood you. Please be patient, as english is not my native >> language. Therefore let me also rephrase my last answer. >> >> First regarding your two points: >> >> re 1: >> - I'm not asking to change the default. So what other OSs run it as is >> not relevant. >> >> re 2: >> - If you still want to reject the patch I sent, I can live with it as >> users searching for it will hopefully find the workaround documented >> in this PR. >> >> My additional points I was trying to make: >> >> - If someone currently sets "xfs_user=" in rc.conf, this makes xfs fail >> silently. I think it would be great if it instead would just work. > > It certainly should not fail silently if someone has unsupported option in > rc.conf. If this is the case it should be fixed. But note that we are rather > busy trying to get xorg 7.2 into ports so if you could try the script again > after the upgrade and if it fails bring it up again then, that would be > lovely. > >> - It is only two lines, so no bloat, and it won't hurt anyone. > > It's not so much the number of lines - it's rather that it seems this option > is not that commonly used and that there already is a mechanism to do that > with existing options (namely xfs_flags). > >> Hope that clears it up, > > Well, it rather confuses me :-) I didn't expect the thing to fail if you set > some option that the script does not even look at, but yes, it does clear up > your problem. Well I haven't checked for xfs case but if it needs root privileges at startup to drop them later then xfs_user indeed won't work, cause it uses 'su'. I tend to think that *_flags is there because we can't support any possible option. Anyway, I don't know if it indeed fails silently but I'll fix it in git so that it'll work after the merge. -- Florent Thoumie flz@FreeBSD.org FreeBSD Committer [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGJfl5MxEkbVFH3PQRCjTNAJ9xp+7fzBfQuYlioLBxsFJAmQF0UACgjQAQ Cfs9YZlnuD9PTeYuq+MCY6I= =dY5R -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4625F973.90002>