Re: Distributed objects: connecting to a process running as root?
Re: Distributed objects: connecting to a process running as root?
- Subject: Re: Distributed objects: connecting to a process running as root?
- From: Andrei Tchijov <email@hidden>
- Date: Sat, 29 Apr 2006 18:11:12 -0400
How about approach used by SSHD. You can have one server process
which runs as ROOT but it does not do anything except spawning sub-
ordinate processes which run as appropriate USER and do actual work?
On Apr 29, 2006, at 5:06 PM, James Bucanek wrote:
Andrei Tchijov wrote on Saturday, April 29, 2006:
If your daemon does not need any additional privileges which come as
a result of running as root, than you can actually "downgrade" your
daemon to ANY user using setuid() function (man setuid for more
info). This probably will be good idea, because you should not have
pieces running as root if you do not want/need extra privileges.
Besides the issues that Jordan pointed out, this wouldn't solve my
problem anyway. This needs to be a single/centralized scheduling
coordinator for all users using this system. If a NSConnect can't
connect to a process with a different user ID, then changing user
IDs doesn't really fix the problem. I just end up with a server
that only one user can connect to.
Alternatively, if you are can use DO which employes "normal" (TCP/IP)
sockets (I believe I read somewhere that it is possible), than most
likely you will not have any difficulties connecting from user
process to root server - because TCP/IP sockets do not have concept
of "user".
I've considered using IP ports for this, and plan to do so for the
distributed/network version of the app, but really wanted to avoid
it for inter-process communications.
--
James Bucanek
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden