Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Oct 1997 21:06:00 +0200
From:      Mark Murray <mark@grondar.za>
To:        =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru>
Cc:        Nate Williams <nate@mt.sri.com>, Mark Murray <mark@grondar.za>, current@freebsd.org
Subject:   Re: Inetd & login class bug (was Re: cvs commit: src/etc master.passwd) 
Message-ID:  <199710271906.VAA29746@greenpeace.grondar.za>

next in thread | raw e-mail | index | archive | help
=?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= wrote:
> > I think that every new process spawned from inetd should have it's own
> > 'private' nobody limits, and not 'share' a set of limits for every
> > process spawned from inetd.
> 
> Please explain, I not understand well what you say.

I think what Nate means is this: There should be some way of telling 
inetd that it should start each process as the nominated user-class, so 
there must be an extra filed in inet.conf (?) to specify this.

I like this idea, but suggest it be optional for backwards 
compatability.

Suggestion: make the syntax for "user" <user>[/<group>[/<userclass>]], 
instead of the current <user>. <group> and <userclass> are allowed to 
be blank, and default appropriately.

> Some time ago inetd runs all process with the limits it was started by rc,
> i.e. daemon class limits. Recently it was changed to take user field from
> inetd.conf and set this user limits (which is wrong for nobody case since
> we can't suppose some particular limits there).
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Nate's solution fixes this.

> Right now I think checking for nobody name and set default daemon limits
> will be enough solution. 

...as a patch in Apache? As a workaround, I suppose.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710271906.VAA29746>