Michiel Boland wrote:
> Why can't RDS just honour the current umask() setting at the time of
> startup? That looks to me a lot cleaner than hacking about with
> environment variables.
This gives the user more control over an explicit function.
I thought about umask, but given the way we start up the server
(via cfexec, which is run as root but then setuid's to the CF user)
it is hard to set the umask for RDS explicitly without using something
like an environment variable. And once I went there, I might as well
make it explicitly for the file creation, and not a mask (which is
not very simple to explain to a novice).
You see, we do think about these things :-)
> Also it appears that RDS creates all files with the same owner. This is a
> bit of a pain. It would be cool if RDS could honour OS sandbox settings
> and create files within an OS sandbox as the user assigned to that
> sandbox. Of course one would have to port advanced security to linux
> first, or at least the OS sandbox parts of it.
Can't change owners on Unix without running as root.
You don't want RDS (or CF) running as root.
Allaire clearly wants/needs Advanced security to run on Linux.
OS sandbox security isn't a part of Advanced Security on Solaris
because Unix doesn't give is any APIs to do thread level user
impersonation. Wouldn't *that* be cool (and is on NT).
--
Tom Jordahl [EMAIL PROTECTED]
Allaire Development http://www.allaire.com
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
