From owner-freebsd-questions@FreeBSD.ORG  Fri Dec 24 08:13:30 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 675C2106564A
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Dec 2010 08:13:30 +0000 (UTC)
	(envelope-from freebsd-questions@herveybayaustralia.com.au)
Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au
	[150.101.178.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 1A7AC8FC16
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Dec 2010 08:13:29 +0000 (UTC)
Received: from laptop1.herveybayaustralia.com.au
	(laptop1.herveybayaustralia.com.au [192.168.0.193])
	by mail.unitedinsong.com.au (Postfix) with ESMTP id 8D9B55C21
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Dec 2010 18:18:21 +1000 (EST)
Message-ID: <4D14555B.3000909@herveybayaustralia.com.au>
Date: Fri, 24 Dec 2010 18:10:03 +1000
From: Da Rock <freebsd-questions@herveybayaustralia.com.au>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.1.15) Gecko/20101119 Thunderbird/3.0.10 ThunderBrowse/3.3.4
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <20101223172752.GA8539@admin.sibptus.tomsk.ru>	<20101223201249.ea7648aa.freebsd@edvax.de>	<20101223191443.GA24653@gizmo.acns.msu.edu>	<20101224031352.GB16472@admin.sibptus.tomsk.ru>	<20101224042542.3e21a6df.freebsd@edvax.de>	<20101224035041.GF16472@admin.sibptus.tomsk.ru>	<4D14233F.4070107@herveybayaustralia.com.au>
	<20101224080354.GA21712@admin.sibptus.tomsk.ru>
In-Reply-To: <20101224080354.GA21712@admin.sibptus.tomsk.ru>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: rc.d and environment variables
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Dec 2010 08:13:30 -0000

On 12/24/10 18:03, Victor Sudakov wrote:
> Da Rock wrote:
>
> [dd]
>
>    
>> Doesn't the rc.d script run as root initially and then a method (default
>> flags, etc) is used to change the owner to a nobody (restricted
>> privilege user)? Just my 2c, but please correct me if I'm wrong.
>>      
>
> That is probably correct, rc.subr does "su -m $user", but the login
> class is not applied there, nor is the users's shell called.
>
>    
Exactly. Which means that you'd have to adapt root's env because root's 
shell would be called(?).

PITA, but as an alternative couldn't all the keytabs be stored in the 
same _secure_ location? Then a global env could be used.