From owner-freebsd-hackers@FreeBSD.ORG Mon Jul 23 01:47:31 2012 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 56E4D106566B for ; Mon, 23 Jul 2012 01:47:31 +0000 (UTC) (envelope-from ming.zym@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 2368D8FC12 for ; Mon, 23 Jul 2012 01:47:31 +0000 (UTC) Received: by pbbro2 with SMTP id ro2so10619017pbb.13 for ; Sun, 22 Jul 2012 18:47:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:subject:from:to:cc:date:in-reply-to:references :content-type:x-mailer:mime-version; bh=wkOC8AVWMB5ZmFGJHHMkoSUHTMg4QPIGKnPYHXPT0yY=; b=goYhqwodtX0lQlE3KBSaflh/e8oBVwG3xIrdRobAsBmcZWA0/fwV0RJij1XFtR6p9o laZAjNOt0wiuXd+CmJ1ikxk/MR5GK6ApWQ/QCM0hMPRWvgSi7wnU+9DLnkq3Yb/xK+aH iBnnpYUcrrpO1QLmaxBYjI41FWjzxGp5wx9k3dV5Yxuo9lEcDwNobSjWee9yHLYfVrFt vzVhmyX1WxACVcjhpHlKMlfMDQrkdkxq5rA11h3FdUUiZMW98XuZ7agvAP6VSByYzHwu fvWwU7Mm59oVzmC/ljx43Hwz4cj8C8kDQmltr9Abeq62BqikBvxdckoq08veU1Orzkl3 9kJA== Received: by 10.68.225.6 with SMTP id rg6mr31652518pbc.100.1343008050854; Sun, 22 Jul 2012 18:47:30 -0700 (PDT) Received: from [10.13.237.25] ([42.120.72.160]) by mx.google.com with ESMTPS id se9sm8878300pbc.25.2012.07.22.18.47.27 (version=SSLv3 cipher=OTHER); Sun, 22 Jul 2012 18:47:29 -0700 (PDT) Message-ID: <1343008044.4047.19.camel@zym6400> From: "ming.zym@gmail.com" To: Wojciech Puchar Date: Mon, 23 Jul 2012 09:47:24 +0800 In-Reply-To: References: <1342963441.4162.8.camel@zym6400> Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-+Xh3bNrkBPkV/jIpJhH4" X-Mailer: Evolution 3.4.3 Mime-Version: 1.0 Cc: "hackers@FreeBSD.org" Subject: Re: trafficserver and raw disk access in FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jul 2012 01:47:31 -0000 --=-+Xh3bNrkBPkV/jIpJhH4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable yeah, rules in devfs always work. and it may introduce more challenge on operation management, is there any way that we can do it more clean? should we set the permission for :operator g+w on disks and partitions? then we can put a dedicate user for trafficserver into operator group. =E5=9C=A8 2012-07-22=E6=97=A5=E7=9A=84 17:03 +0200=EF=BC=8CWojciech Puchar= =E5=86=99=E9=81=93=EF=BC=9A > > Apache Traffic Server may use raw disk for caching, and for privilege > > elevation, the worker process(traffic_server) will setuid to nobody, my > > question is, how to make traffic_server access the /dev/ada*? > > > > in linux, disk permitting is root:disk 0660, we can go with: > > 1, setup a new user 'ats', and put it into 'disk' group > > 2, after setuid, run initgroups() to complete the groups evn. >=20 > devfs.conf --=20 zym, Zhao Yongming. aka: yonghao @ taobao.com --=-+Xh3bNrkBPkV/jIpJhH4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iF4EABEIAAYFAlAMrS0ACgkQQBjU8JUwVz6xDQD/eisqDwN1fagoCPAal35AP/S+ QtcwoCusr1YHwJ8TF/wA/j8AGUAEsICExlKc9zxucK6JgEA6yaPrAPizx11BDMFc =wz0m -----END PGP SIGNATURE----- --=-+Xh3bNrkBPkV/jIpJhH4--