yifan wrote:
> http://www.opensolaris.org/os/project/vrrp/vrrp_design.pdf
In 9.2 of the above doc, it mentions that because the state
transition executable may be "used to protect other services,
it's very likely to manipulate other programs or SMF services,"
hence it needs to be executed by root. Why's that? For
example, suppose the executable is run with the basic user
privileges and the user is "vrrp." And a service X needs to be
notified when a VRRP instance state transition happens so that
it will do something which requires, say all privileges. Will
the following work?
1. X creates some IPC channel (say a UNIX domain socket) waiting
for state transition notification.
2. When the VRRP state transition executable runs, it talks to
X via the IPC.
3. X checks the credential of the peer and makes sure that its
uid is vrrp.
4. X does whatever it needs to do using whatever privileges it
has already.
The above does not require the executable to be run by root.
And if the executable does not need to be run by root, does
vrrpd need to be run by root?
--
K. Poon.
[EMAIL PROTECTED]
_______________________________________________
networking-discuss mailing list
[email protected]
