hi,
On Oct 23, 12:18pm, Max Matveev wrote:
> Subject: Re: Running PCP as non-root
> ...
> As far as changing the model, I don't see the reason (other then
> paranoia) to be non-priveleged because it will mean we would have to
> introduce a concept of "pcp" user (remeber, init scripts are all
> started by root and unless we specifically change uid, we're not going
> to get any advantage here).
could we just become user "nobody" rather than creating a new
"pcp" user? (and if that failed fall back to root?)
> ... It will also mean that should in the
> future we'd have to make some kind of fancy ioctl-ing, it may not work
> from the non-priveleged user and Linux doesn't have capabilities
> yet. Or does it?
>
that could be done as a separate (setuid) pmda if the need arose?
- hopefully it wont - and ioctl doesn't always require root...
(just need to be able to open the file passed in thru ioctl arg1).
cheers.
--
Nathan
|