On 05/28/08, Bill Sommerfeld wrote:
>
> On Tue, 2008-05-27 at 11:49 +0100, Darren J Moffat wrote:
> ....
> > >>> Note that user will still need ejabberdctl(1M) for other
> > >>> administration tasks(ie., user management).
>
> this implies that ejabberd has its own user database. Where is that
> user database stored and how is it protected?
Yes, ejabberd can store user data in Mnesia(an internal database
provied as part of Erlang/OTP), MySQL(via native driver), PostgreSQL
(via native driver), or any other ODBC-compatible database(via odbc
driver provided by Erlang/OTP).
For this FastTrack, only Mnesia support will be implemented. This is
partly because Erlang/OTP as proposed in LSARC/2008/210 won't have
odbc support(because there isn't a odbc library on OpenSolaris yet).
>From what I read and my experiments results, Mnesia doesn't have
something like database administator for access control. So, anyone
who has access to a node(an Erlang VM) where the database is running
can access and manipulate all data stored in it.
Erlang uses "all or nothing" security model. Access to a node is
authenticated with cookies(this is known insecure and should be used
only in a secure network environment). Once an user has acess to
a node, he can do anything, like shuting down the node, or removing
all files on the system if the node is running as root.
Mnesia on-disk files will be placed under /usr/lib/ejabberd/db/ejabberd
(you may notice I didn't list the directory in FastTrack, because it
is typically created automatically). All data files under this subdir
are owned by daemon, and have 600 as their permissions.
> > > Note that ejabberd's initial configuration data are stored in config
> > > files under /etc/ejabberd, so even with above proposal, root user is
> > > still required for editting those config files(I suppose that is OK).
> >
> > Given the above I see no rationale for having an ejabberd user/role
> > instead of using the daemon account.
>
> who owns the ejabberd user database?
It is owned by daemon user in that:
- on-disk files are owned by daemon and their permission are 600.
- ejabberd server runs as daemon user, and loads those data.
- any user who connects to the node can access those data. But to
connect the node, the user must have access to a cookie file, which
is owned and can only be read by daemon.
Two more notes on user authentication:
1) ejabberd also supports PAM authentication. So it is possible to
use UNIX accounts for ejabberd user authentication(though I don't think
this was recommended in its manual). For various reason, this feature
won't be supported in my package.
2) I actually don't know what's the most widely used way for ejabbered
user authentication. I think we can first integrate ejabberd using
its default authentication method(that is, using mnesia), and add
support for other methods if there are need for them.
Thanks.
Raymond
