Eric Cooper said: >> It would be nice if approx ran as an unprivileged user. From what I can >> tell, it doesn't need root privileges (even to bind the listening >> socket). > > You're right, and another user also made the same suggestion, so I > plan to do that. Do you have any advice on which user/group to use?
Heh. Maybe you could "borrow" the aptproxy userid. Actually, along these lines, I wonder if there's a precedent for conflicting with another package with a server that binds to the same port. After all, the default for both apt-proxy and approx is to listen on port 9999. (Of course, you can always reconfigure one or the other to listen on a different port, whereas most other conflicts arise from two packages that have staked out the same portion of the filesystem namespace.) Even if you had both listening to the same port, they keep databases in different subdirectories of /var. Sharing the same userid wouldn't be so much of a technical challenge as a political question. But IANADD :-) > I couldn't find a place in the Policy docs that spelled this out. > Should I try to create a new "approx" user/group, which would require > the base-passwd maintainer's agreement, or to reuse something else > like daemon or www-data? that's probably a question for the debian-devel list (if it hasn't been covered before). -- Charles Lepple
