From owner-freebsd-hackers@FreeBSD.ORG  Mon Jul 23 07:41:50 2012
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id BF4BF1065678
	for <hackers@freebsd.org>; Mon, 23 Jul 2012 07:41:50 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl [89.206.35.99])
	by mx1.freebsd.org (Postfix) with ESMTP id 203CC8FC22
	for <hackers@freebsd.org>; Mon, 23 Jul 2012 07:41:49 +0000 (UTC)
Received: from wojtek.tensor.gdynia.pl (localhost [127.0.0.1])
	by wojtek.tensor.gdynia.pl (8.14.5/8.14.5) with ESMTP id q6N7fmBT007650;
	Mon, 23 Jul 2012 09:41:49 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from localhost (wojtek@localhost)
	by wojtek.tensor.gdynia.pl (8.14.5/8.14.5/Submit) with ESMTP id
	q6N7fmcc007647; Mon, 23 Jul 2012 09:41:48 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Date: Mon, 23 Jul 2012 09:41:48 +0200 (CEST)
From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
To: "ming.zym@gmail.com" <ming.zym@gmail.com>
In-Reply-To: <1343008044.4047.19.camel@zym6400>
Message-ID: <alpine.BSF.2.00.1207230941350.7616@wojtek.tensor.gdynia.pl>
References: <1342963441.4162.8.camel@zym6400>
	<alpine.BSF.2.00.1207221702240.2621@wojtek.tensor.gdynia.pl>
	<1343008044.4047.19.camel@zym6400>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.7
	(wojtek.tensor.gdynia.pl [127.0.0.1]);
	Mon, 23 Jul 2012 09:41:49 +0200 (CEST)
Cc: "hackers@FreeBSD.org" <hackers@freebsd.org>
Subject: Re: trafficserver and raw disk access in FreeBSD
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jul 2012 07:41:50 -0000

> yeah, rules in devfs always work. and it may introduce more challenge on
> operation management, is there any way that we can do it more clean?

what challenges?

>
> should we set the permission for :operator g+w on disks and partitions?

you still may just do chown/chmod

> then we can put a dedicate user for trafficserver into operator group.
>
>
> ? 2012-07-22?? 17:03 +0200?Wojciech Puchar???
>>> Apache Traffic Server may use raw disk for caching, and for privilege
>>> elevation, the worker process(traffic_server) will setuid to nobody, my
>>> question is, how to make traffic_server access the /dev/ada*?
>>>
>>> in linux, disk permitting is root:disk 0660, we can go with:
>>> 1, setup a new user 'ats', and put it into 'disk' group
>>> 2, after setuid, run initgroups() to complete the groups evn.
>>
>> devfs.conf
>
> -- 
> zym, Zhao Yongming.
> aka: yonghao @ taobao.com
>