From owner-freebsd-current Mon Oct 27 11:06:53 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA15417 for current-outgoing; Mon, 27 Oct 1997 11:06:53 -0800 (PST) (envelope-from owner-freebsd-current) Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.133]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA15406 for ; Mon, 27 Oct 1997 11:06:47 -0800 (PST) (envelope-from mark@greenpeace.grondar.za) Received: from greenpeace.grondar.za (AFfCJXS2ZpmNMUXJGbrSAJ44a+F6BvJE@greenpeace.grondar.za [196.7.18.132]) by gratis.grondar.za (8.8.7/8.8.7) with ESMTP id VAA17793; Mon, 27 Oct 1997 21:06:22 +0200 (SAT) (envelope-from mark@greenpeace.grondar.za) Received: from greenpeace.grondar.za (YHzXb+QojYpdeSGQKJHGo1HlXRgkheZu@localhost [127.0.0.1]) by greenpeace.grondar.za (8.8.7/8.8.7) with ESMTP id VAA29746; Mon, 27 Oct 1997 21:06:01 +0200 (SAST) Message-Id: <199710271906.VAA29746@greenpeace.grondar.za> X-Mailer: exmh version 2.0zeta 7/24/97 To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= cc: Nate Williams , Mark Murray , current@freebsd.org Subject: Re: Inetd & login class bug (was Re: cvs commit: src/etc master.passwd) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 27 Oct 1997 21:06:00 +0200 From: Mark Murray Sender: owner-freebsd-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= wrote: > > I think that every new process spawned from inetd should have it's own > > 'private' nobody limits, and not 'share' a set of limits for every > > process spawned from inetd. > > Please explain, I not understand well what you say. I think what Nate means is this: There should be some way of telling inetd that it should start each process as the nominated user-class, so there must be an extra filed in inet.conf (?) to specify this. I like this idea, but suggest it be optional for backwards compatability. Suggestion: make the syntax for "user" [/[/]], instead of the current . and are allowed to be blank, and default appropriately. > Some time ago inetd runs all process with the limits it was started by rc, > i.e. daemon class limits. Recently it was changed to take user field from > inetd.conf and set this user limits (which is wrong for nobody case since > we can't suppose some particular limits there). ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Nate's solution fixes this. > Right now I think checking for nobody name and set default daemon limits > will be enough solution. ...as a patch in Apache? As a workaround, I suppose. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org