Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 26 Jun 2017 10:32:48 +0300
From:      Anthony Pankov <ap00@mail.ru>
To:        Adrian Chadd <adrian.chadd@gmail.com>
Cc:        "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>
Subject:   Re: using rc.subr only by root restriction
Message-ID:  <18210175522.20170626103248@mail.ru>
In-Reply-To: <CAJ-Vmon8o2j22SRRyzn7jAqLXtOs-LZnm6HZDOfk2mtmBVz1jg@mail.gmail.com>
References:  <1599987034.20170623182536@mail.ru>  <CAJ-Vmon8o2j22SRRyzn7jAqLXtOs-LZnm6HZDOfk2mtmBVz1jg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello,

> this was my fault. :)

Did you mean that you've commited a patch which change the behavior?

> There are some limits that you can set as a user.

> I think this is a fine change; but I can't speak for the correctness
> of using rc.subr as a general library set for your own purposes. :0

At this time I don't think that my patch is a best solutions.

First  of  all  I  don't see any explanation of ${name}_login_class in
rc.subr(8).  Silently  applying  'daemon'  login class to all services
seems to be very surprising. I think there are  people who modified 'daemon'
login  class  and  get  a weird  result in their system. I know how
complex to investigate such things.

May  be  we  can agree at "explicit is better than implicit" principle
and  do  not  apply  a  login  class  when  ${name}_login_class is not
declared explicity?

It will solve my problem too.


> On 23 June 2017 at 08:25, Anthony Pankov via freebsd-hackers
> <freebsd-hackers@freebsd.org> wrote:
>> Greetings
>>
>> I  was  deploying  my  new  system  based  on  FreeBSD 11 and got =D1=84
>> surprise.
>> I have specific subsystem which use own startup scripts tied to rc.subr
>> for better integration. Those  scripts  can  be  used  not  only  by sys=
tem startup but also by
>> unpriveleged user.
>> With  FreeBSD  11 in case of unpriveleged user the error appear:  "limit=
s:
>> setrlimit datasize: Operation not permitted"
>>
>> There is a thread on a forum about the issue: https://forums.freebsd.org=
/threads/58304/
>>
>> I've  never  seen a warning  to do not use rc.subr in regular scripts so=
 I
>> made it this way.
>>
>> May    be    we   can  consider  to  patch  rc.subr  and  remove  this
>> restriction?
>>
>>
>>
>> P.S. This patch helps, but may be there is a better way.
>> --- /etc/rc.subr.old    2017-06-21 07:11:39.716210000 +0300
>> +++ /etc/rc.subr        2017-06-21 07:18:21.215444000 +0300
>> @@ -1072,7 +1072,9 @@
>>                         fi
>>
>>                                         # Prepend default limits
>> -                       _doit=3D"limits -C $_login_class $_doit"
>> +                       if [ `id -u` -eq 0 ]; then
>> +                               _doit=3D"limits -C $_login_class $_doit"
>> +                       fi
>>
>>                                         # run the full command
>>                                         #
>>
>>
>> --
>>
>>  Anthony Pankov                          mailto:ap00@mail.ru
>>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18210175522.20170626103248>