On Thursday, January 16, 2003, at 02:08 PM, Rich Morin wrote:
Your example is exactly what I was talking about - the process starts out as root and changes to another user on the fly via su. Just because it happens on the "command line" doesn't change the way in which the process is forked.At 12:44 PM -0500 1/16/03, William H. Magill wrote:On Thursday, January 16, 2003, at 04:07 AM, Rich Morin wrote:I also filed a bug, suggesting that Apple add a startup parameter (e.g.,
RunAs) that would set the username; the default should be nobody.
Actually, Apple can't. It's a Unix thing... Startup scripts -- i.e. daemons and their spawn... sorry about that:) -- are children of init, process 1 and therefore ARE root. If a given script or daemon wishes to run as other than root it either must do as others have described -- change to some other UID on the fly, or NOT be started by the init process.I'm sorry, but this makes no sense to me at all. Every process is a descendent of init, but that doesn't meant that every process must start out running as root. I like Peter Lewis's suggestion:su peter -c '/usr/bin/perl /Users/peter/perl/check-services.pl' & and see no reason why the rc infrastructure (or whatever) couldn't do something like this for each StartupItem it handles. It's just a big pile of shell scripts, after all.
Every process DOES start out running as root and the process itself must make the effort to change to another userid. There are several ways it can do this. Peter Lewis described one.
Apache uses another. This issue has always been a big security complaint with Unix. Because daemons started from RC have to make the effort to run as something OTHER than root, lazy programmers have allowed them to run as root and avoid making the necessary changes to their code to have the daemon run as some other userid. Before Apache, most web servers DID run as root for that simple reason. And that issue is one of the ones which drove acceptance of Apache.
As for the RC structure changes; I believe that is the basic direction in which Apple is moving. You will notice that none of the Apple startup stuff follows the classic rc mechanisms. But rather depends upon a plist structure which defines its run time environment (priorities, requisites, etc.). I don't know the logic details of what is happening in the future, but it has been discussed on other lists. (Probably Macosx-admin, but I don't recall.) Some of it is discussed/alluded to in the OSX for Unix geeks chapter. How much, how soon? I would guess not before 10.3 as it really is a pretty substantive change; but it might get "slid-in" earlier.
You will note that the version of Cron used by OS X DOES allow(requires) one to specify the userid which the task will run as. This is not "normal" for cron. It is a "new" innovation, and surprisingly, usage is not that widespread across Unixen.
Till Apple completes its StartupItems transition, we'll just have to use tricks like su or sudo to run startup jobs as some other userid than root.
T.T.F.N.
William H. Magill
# Beige G3 - Rev A motherboard - 768 Meg
# Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg
# PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
