From owner-freebsd-questions@FreeBSD.ORG Fri Dec 24 04:39:42 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7CDAA106566C for ; Fri, 24 Dec 2010 04:39:42 +0000 (UTC) (envelope-from freebsd-questions@herveybayaustralia.com.au) Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au [150.101.178.33]) by mx1.freebsd.org (Postfix) with ESMTP id 2EA548FC0A for ; Fri, 24 Dec 2010 04:39:41 +0000 (UTC) Received: from laptop1.herveybayaustralia.com.au (laptop1.herveybayaustralia.com.au [192.168.0.193]) by mail.unitedinsong.com.au (Postfix) with ESMTP id E798F5C21 for ; Fri, 24 Dec 2010 14:44:33 +1000 (EST) Message-ID: <4D14233F.4070107@herveybayaustralia.com.au> Date: Fri, 24 Dec 2010 14:36:15 +1000 From: Da Rock User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.15) Gecko/20101119 Thunderbird/3.0.10 ThunderBrowse/3.3.4 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20101223172752.GA8539@admin.sibptus.tomsk.ru> <20101223201249.ea7648aa.freebsd@edvax.de> <20101223191443.GA24653@gizmo.acns.msu.edu> <20101224031352.GB16472@admin.sibptus.tomsk.ru> <20101224042542.3e21a6df.freebsd@edvax.de> <20101224035041.GF16472@admin.sibptus.tomsk.ru> In-Reply-To: <20101224035041.GF16472@admin.sibptus.tomsk.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: rc.d and environment variables X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Dec 2010 04:39:42 -0000 On 12/24/10 13:50, Victor Sudakov wrote: > Polytropon wrote: > >>> Of course I can always write my own script or put something like >>> su -l svn -c 'usr/local/bin/svnserve -d --listen-port=3690 bla bla' >>> into /etc/rc.local, but the question was about the rc.d framework. >>> >> Environmental variables cannot be controlled by the rc.d >> framework, as far as I understand. Using login classes to >> define them should be the correct way. >> >> > From "man login.conf": >> >> setenv list A comma-separated list of >> environment variables and >> values to which they are to >> be set. >> > I thought of that, and in fact I wrote about it in the very first > message: > > >>> I tried to do this via a login class for the svn user, but it did >>> not work. If I first 'su -l svn' and then start the daemon >>> manually, the environment variable is set all right, but not when >>> it is started from /usr/local/etc/rc.d/svnserve. >>> > >> What did you enter for the svnserve user in /etc/login.conf, >> > svn:\ > :setenv=KRB5_KTNAME=~/svn.keytab:\ > :tc=default: > > > >> and did you make sure there is no override setting in the >> corresponding user's ~/.login.conf? >> > I am pretty sure because when I login interactively as svn, I see > > $ whoami > svn > $ printenv | grep KT > KRB5_KTNAME=/home/svn/svn.keytab > $ > > But it does not work for the rc.d script. > > Doesn't the rc.d script run as root initially and then a method (default flags, etc) is used to change the owner to a nobody (restricted privilege user)? Just my 2c, but please correct me if I'm wrong.