Kacheong Poon writes: > I think there is no way you can anticipate needs for > every services. So maybe you can assume that a service > requiring VRRP support will do the right thing and > assign a correct rights profile to the executable. Then > you do not need to worry about that.
I've been down that road before with in.ndpd, dhcpagent, and pppd. I don't think it works and can't really be made to work, because you need to either assign a distinct UID to this process (we only have 100 total that can be reserved over the whole system, and many already are demanding them, so this is a losing proposition) or you end up with a privilege escalation path. Processes that simply _must_ invoke external executables of an arbitrary nature have to run with all privileges and bracket the use of privileges carefully. I'm still not very well convinced that invoking external executables is really the right way to tie VRRP into the system, though. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
