> As far as changing the model, I don't see the reason (other then
> paranoia) to be non-priveleged because it will mean we would have to
> introduce a concept of "pcp" user (remeber, init scripts are all
> started by root and unless we specifically change uid, we're not going
> to get any advantage here). It will also mean that should in the
> future we'd have to make some kind of fancy ioctl-ing, it may not work
> from the non-priveleged user and Linux doesn't have capabilities
> yet. Or does it?
What I was talking about was running PCP as non-root user, not installing it.
It is our policy to not run network services as root unless it is required for
the service to work.
I think a good implementation would be to setup a new environment variable -
as which user should the pmcd run. It would be "root" by default so it wouldn't
break anything. Those wanting to run it as a non-priviledged user would have to
change it. The init.d script might even change ownership of the log directory
(?) and then run the pmcd by the su command.
Michal
|