From owner-freebsd-hackers@FreeBSD.ORG  Mon Jul 23 02:19:05 2012
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ADA12106564A
	for <hackers@freebsd.org>; Mon, 23 Jul 2012 02:19:05 +0000 (UTC)
	(envelope-from doconnor@gsoft.com.au)
Received: from cain.gsoft.com.au (cain.gsoft.com.au [203.31.81.10])
	by mx1.freebsd.org (Postfix) with ESMTP id EB9EF8FC0A
	for <hackers@freebsd.org>; Mon, 23 Jul 2012 02:19:03 +0000 (UTC)
Received: from [129.96.148.219] ([129.96.148.219]) (authenticated bits=0)
	by cain.gsoft.com.au (8.14.4/8.14.3) with ESMTP id q6N1sohI059951
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
	Mon, 23 Jul 2012 11:24:55 +0930 (CST)
	(envelope-from doconnor@gsoft.com.au)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/signed;
	boundary="Apple-Mail=_056321EB-8B5F-4085-9F6B-C0BA391007EC";
	protocol="application/pkcs7-signature"; micalg=sha1
From: "Daniel O'Connor" <doconnor@gsoft.com.au>
In-Reply-To: <1343008044.4047.19.camel@zym6400>
Date: Mon, 23 Jul 2012 11:24:46 +0930
Message-Id: <3DBCD360-4616-4EC5-B031-B70BBC79102E@gsoft.com.au>
References: <1342963441.4162.8.camel@zym6400>
	<alpine.BSF.2.00.1207221702240.2621@wojtek.tensor.gdynia.pl>
	<1343008044.4047.19.camel@zym6400>
To: ming.zym@gmail.com
X-Mailer: Apple Mail (2.1278)
X-Spam-Score: -0.272 () BAYES_00,RDNS_NONE
X-Scanned-By: MIMEDefang 2.67 on 203.31.81.10
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>,
	"hackers@FreeBSD.org" <hackers@freebsd.org>
Subject: Re: trafficserver and raw disk access in FreeBSD
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jul 2012 02:19:05 -0000


--Apple-Mail=_056321EB-8B5F-4085-9F6B-C0BA391007EC
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


On 23/07/2012, at 11:17, ming.zym@gmail.com wrote:
> yeah, rules in devfs always work. and it may introduce more challenge =
on
> operation management, is there any way that we can do it more clean?
>=20
> should we set the permission for :operator g+w on disks and =
partitions?
> then we can put a dedicate user for trafficserver into operator group.

I would change the ownership of the disk you want to use to =
trafficserver.

This does mean you have double configuration (ie in devfs and ATS) but I =
think it's more sensible than giving operator write perms.

AFAIK operator has read access so it can run dump.

--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C







--Apple-Mail=_056321EB-8B5F-4085-9F6B-C0BA391007EC--