Re: rc.d and environment variables
RW wrote: > > > > > > I'm not sure this will work. The initial question was about > > > > > > how to obtain an environmental variable. If the rc.d script > > > > > > of svnserve sources /etc/rc.conf and/or /etc/rc.conf.local, > > > > > > it is okay, > > > > > > > > > > They do. rc.d scripts all start by sucking in rc.subr, which in > > > > > turn pulls in the rc.conf files. > > > > > > > > So how do I make the /usr/local/etc/rc.d/svnserve script suck in > > > > KRB5_KTNAME for the "svn" user from the rc.conf* files? > > > > > > Just export it from rc.conf > > > > If exported from rc.conf, it will affect all daemons. I need to set it > > only for svnserve or for the svn user (which is equivalent in my > > case). > > [ "$name" = "svnserve" ] && export KRB5_KTNAME="/home/svn/svn.keytab" This looks really ugly. A thorough examination of /etc/rc.subr shows that a startup script sources a certain /etc/rc.conf.d/"$_name". Maybe I should try to place "export KRB5_KTNAME=/home/svn/svn.keytab" there. At least /etc/rc.conf.d/svnserve will be sourced only once at svnserve startup, and not hundreds of times like rc.conf. But anyway, I don't like the idea of placing commands (not variables) in /etc/rc.conf* There should be support for the rc.d framework to assign limits, environment variables and login classes. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
Da Rock wrote: [dd] > >I really don't know what the security implications will be if > >/etc/krb5.keytab is readable by anyone besides the root user? Do you > >have a clue about it? There are other services' keys stored there > >besides svn (host/*, cvs/* etc). > > > > > At the risk of getting laughed off stage, and pulling in yet another > service, what about ldap? I believe there is supposed to be a way to > store keytabs in ldap, which theoretically would mean only the > particular services would be able to access their keytabs. No matter where we store the keytabs, if it is not the default location (/etc/krb5.keytab for FreeBSD), we face the same problem of telling the server application about the alternative location of the keytab. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
On Fri, 24 Dec 2010 15:29:01 +0600 Victor Sudakov wrote: > RW wrote: > > > > > > > > > I'm not sure this will work. The initial question was about > > > > > how to obtain an environmental variable. If the rc.d script > > > > > of svnserve sources /etc/rc.conf and/or /etc/rc.conf.local, > > > > > it is okay, > > > > > > > > They do. rc.d scripts all start by sucking in rc.subr, which in > > > > turn pulls in the rc.conf files. > > > > > > So how do I make the /usr/local/etc/rc.d/svnserve script suck in > > > KRB5_KTNAME for the "svn" user from the rc.conf* files? > > > > Just export it from rc.conf > > If exported from rc.conf, it will affect all daemons. I need to set it > only for svnserve or for the svn user (which is equivalent in my > case). [ "$name" = "svnserve" ] && export KRB5_KTNAME="/home/svn/svn.keytab" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
On 12/24/10 19:37, Victor Sudakov wrote: Da Rock wrote: Doesn't the rc.d script run as root initially and then a method (default flags, etc) is used to change the owner to a nobody (restricted privilege user)? Just my 2c, but please correct me if I'm wrong. That is probably correct, rc.subr does "su -m $user", but the login class is not applied there, nor is the users's shell called. Exactly. Which means that you'd have to adapt root's env because root's shell would be called(?). In this case, how do I limit the variables's visibility only to the particular daemon (svnserve) or particular user (svn)? PITA, but as an alternative couldn't all the keytabs be stored in the same _secure_ location? Then a global env could be used. I really don't know what the security implications will be if /etc/krb5.keytab is readable by anyone besides the root user? Do you have a clue about it? There are other services' keys stored there besides svn (host/*, cvs/* etc). At the risk of getting laughed off stage, and pulling in yet another service, what about ldap? I believe there is supposed to be a way to store keytabs in ldap, which theoretically would mean only the particular services would be able to access their keytabs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
Da Rock wrote: > > > > > >>Doesn't the rc.d script run as root initially and then a method (default > >>flags, etc) is used to change the owner to a nobody (restricted > >>privilege user)? Just my 2c, but please correct me if I'm wrong. > >> > > > >That is probably correct, rc.subr does "su -m $user", but the login > >class is not applied there, nor is the users's shell called. > > > > > Exactly. Which means that you'd have to adapt root's env because root's > shell would be called(?). In this case, how do I limit the variables's visibility only to the particular daemon (svnserve) or particular user (svn)? > > PITA, but as an alternative couldn't all the keytabs be stored in the > same _secure_ location? Then a global env could be used. I really don't know what the security implications will be if /etc/krb5.keytab is readable by anyone besides the root user? Do you have a clue about it? There are other services' keys stored there besides svn (host/*, cvs/* etc). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
RW wrote: > > > > > > > I'm not sure this will work. The initial question was about > > > > how to obtain an environmental variable. If the rc.d script > > > > of svnserve sources /etc/rc.conf and/or /etc/rc.conf.local, > > > > it is okay, > > > > > > They do. rc.d scripts all start by sucking in rc.subr, which in > > > turn pulls in the rc.conf files. > > > > So how do I make the /usr/local/etc/rc.d/svnserve script suck in > > KRB5_KTNAME for the "svn" user from the rc.conf* files? > > Just export it from rc.conf If exported from rc.conf, it will affect all daemons. I need to set it only for svnserve or for the svn user (which is equivalent in my case). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
On Fri, 24 Dec 2010 09:34:27 +0600 Victor Sudakov wrote: > Lowell Gilbert wrote: > > > > > I'm not sure this will work. The initial question was about > > > how to obtain an environmental variable. If the rc.d script > > > of svnserve sources /etc/rc.conf and/or /etc/rc.conf.local, > > > it is okay, > > > > They do. rc.d scripts all start by sucking in rc.subr, which in > > turn pulls in the rc.conf files. > > So how do I make the /usr/local/etc/rc.d/svnserve script suck in > KRB5_KTNAME for the "svn" user from the rc.conf* files? Just export it from rc.conf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
On 12/24/10 18:03, Victor Sudakov wrote: Da Rock wrote: [dd] Doesn't the rc.d script run as root initially and then a method (default flags, etc) is used to change the owner to a nobody (restricted privilege user)? Just my 2c, but please correct me if I'm wrong. That is probably correct, rc.subr does "su -m $user", but the login class is not applied there, nor is the users's shell called. Exactly. Which means that you'd have to adapt root's env because root's shell would be called(?). PITA, but as an alternative couldn't all the keytabs be stored in the same _secure_ location? Then a global env could be used. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
Da Rock wrote: [dd] > Doesn't the rc.d script run as root initially and then a method (default > flags, etc) is used to change the owner to a nobody (restricted > privilege user)? Just my 2c, but please correct me if I'm wrong. That is probably correct, rc.subr does "su -m $user", but the login class is not applied there, nor is the users's shell called. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
On 12/24/10 13:50, Victor Sudakov wrote: Polytropon wrote: Of course I can always write my own script or put something like su -l svn -c 'usr/local/bin/svnserve -d --listen-port=3690 bla bla' into /etc/rc.local, but the question was about the rc.d framework. Environmental variables cannot be controlled by the rc.d framework, as far as I understand. Using login classes to define them should be the correct way. > From "man login.conf": setenv listA comma-separated list of environment variables and values to which they are to be set. I thought of that, and in fact I wrote about it in the very first message: I tried to do this via a login class for the svn user, but it did not work. If I first 'su -l svn' and then start the daemon manually, the environment variable is set all right, but not when it is started from /usr/local/etc/rc.d/svnserve. What did you enter for the svnserve user in /etc/login.conf, svn:\ :setenv=KRB5_KTNAME=~/svn.keytab:\ :tc=default: and did you make sure there is no override setting in the corresponding user's ~/.login.conf? I am pretty sure because when I login interactively as svn, I see $ whoami svn $ printenv | grep KT KRB5_KTNAME=/home/svn/svn.keytab $ But it does not work for the rc.d script. Doesn't the rc.d script run as root initially and then a method (default flags, etc) is used to change the owner to a nobody (restricted privilege user)? Just my 2c, but please correct me if I'm wrong. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
Polytropon wrote: > > Of course I can always write my own script or put something like > > su -l svn -c 'usr/local/bin/svnserve -d --listen-port=3690 bla bla' > > into /etc/rc.local, but the question was about the rc.d framework. > > Environmental variables cannot be controlled by the rc.d > framework, as far as I understand. Using login classes to > define them should be the correct way. > > >From "man login.conf": > > setenv listA comma-separated list of > environment variables and > values to which they are to > be set. I thought of that, and in fact I wrote about it in the very first message: > > I tried to do this via a login class for the svn user, but it did > > not work. If I first 'su -l svn' and then start the daemon > > manually, the environment variable is set all right, but not when > > it is started from /usr/local/etc/rc.d/svnserve. > > What did you enter for the svnserve user in /etc/login.conf, svn:\ :setenv=KRB5_KTNAME=~/svn.keytab:\ :tc=default: > and did you make sure there is no override setting in the > corresponding user's ~/.login.conf? I am pretty sure because when I login interactively as svn, I see $ whoami svn $ printenv | grep KT KRB5_KTNAME=/home/svn/svn.keytab $ But it does not work for the rc.d script. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
Polytropon wrote: > > I have tried putting "setenv KRB5_KTNAME /home/svn/svn.keytab" in > > ~svn/.cshrc, it does not help. Evidently the svn user's login shell is > > not called when "/usr/local/etc/rc.d/svnserve start" is called. > > I did already assume something like that. This mechanism > relies on some kind of login that causes the shell to be > run (usually an interactive shell), which isn't the case > here. Besides, the login.conf capability database does not seem to be used by the rc.d framework either, which is sad. > > > Excuse me? What does /etc/rc.local have to do with the rc.subr > > framework? > > Nothing. The /etc/rc.local script is executed along with > the system startup. It is considered obsolete (I think), > but it should work, and therefore be able to set a system-wide > environment variable. I guess any environment variable set in the /etc/rc.local script would be available in the script itself and its children, but not system wide. Even if it were, remember, I do not need to change KRB5_KTNAME system wide, but just for one particular user. [dd] > > Anyway, did you find a way to use some _flags= setting for > /etc/rc.conf to be used by svnserve? This would be the > method most other programs handle things like configuration > flags that are not set by an own config file. To my regret, this is not a svnserve option, it is a setting used by libsasl2 with which svnserve is linked. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
Lowell Gilbert wrote: > > > I'm not sure this will work. The initial question was about > > how to obtain an environmental variable. If the rc.d script > > of svnserve sources /etc/rc.conf and/or /etc/rc.conf.local, > > it is okay, > > They do. rc.d scripts all start by sucking in rc.subr, which in turn > pulls in the rc.conf files. So how do I make the /usr/local/etc/rc.d/svnserve script suck in KRB5_KTNAME for the "svn" user from the rc.conf* files? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
Polytropon wrote: [dd] > > Anyway, if svnserve is able to be passed a command string > to, a setting like > > svnserve_flags="... -k /home/svn/svn.keytab ..." No, this is not a svnserve option, it is a setting used by libsasl2 with which svnserve is linked (or even by libkrb5.so). > > coded in /etc/rc.conf or /etc/rc.conf.local would work, > and would also be the preferred method for such things. > In fact, I've not come across the need to have an environmental > variable to store a configuration setting for an additional > program, as such kind of variables is mainly for "low level" > system use, mostly. This need is indeed rare, but not nonexistent. In fact, if cyrus-sasl implemented the keytab: configuration option, there would be no need to set KRB5_KTNAME prior to starting svnserve. I also remember a need to pass $ORACLE_HOME to apache on start for some PHP module to work correctly. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
On Fri, 24 Dec 2010 09:13:53 +0600, Victor Sudakov wrote: > Of course I can always write my own script or put something like > su -l svn -c 'usr/local/bin/svnserve -d --listen-port=3690 bla bla' > into /etc/rc.local, but the question was about the rc.d framework. Environmental variables cannot be controlled by the rc.d framework, as far as I understand. Using login classes to define them should be the correct way. >From "man login.conf": setenv listA comma-separated list of environment variables and values to which they are to be set. What did you enter for the svnserve user in /etc/login.conf, and did you make sure there is no override setting in the corresponding user's ~/.login.conf? A valid setting should look like this, :setenv=KRB5_KTNAME=/home/svn/svn.keytab: embedded into the proper structures. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
On Fri, 24 Dec 2010 09:07:35 +0600, Victor Sudakov wrote: > I have tried putting "setenv KRB5_KTNAME /home/svn/svn.keytab" in > ~svn/.cshrc, it does not help. Evidently the svn user's login shell is > not called when "/usr/local/etc/rc.d/svnserve start" is called. I did already assume something like that. This mechanism relies on some kind of login that causes the shell to be run (usually an interactive shell), which isn't the case here. > Excuse me? What does /etc/rc.local have to do with the rc.subr > framework? Nothing. The /etc/rc.local script is executed along with the system startup. It is considered obsolete (I think), but it should work, and therefore be able to set a system-wide environment variable. This script is not in any relation with the rc.subr framework. > Of course I can abandon the standard /usr/local/etc/rc.d/svnserve > script and write my own one, or start svnserve from /etc/rc.local > (which I will do if I don't find a more graceful way), but it is not > what the question was about. Yes, I fully understand: You need to set an environmental variable that will be picked up later on by the svnserve program (in some way, not neccessarily by accessing a file). That's why I think KRB5_KTNAME=/home/svn/svn.keytab; export KRB5_KTNAME in /etc/rc.local should create the $KRB5_KTNAME environment variable at system startup. Anyway, did you find a way to use some _flags= setting for /etc/rc.conf to be used by svnserve? This would be the method most other programs handle things like configuration flags that are not set by an own config file. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
Jerry McAllister wrote: > > > > > > The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need > > > to > > > pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the > > > daemon on start. How do I do that? > > > > If the user corresponding to the svnservice has a login > > shell, which would usually be the system's default > > dialog shell, the C shell, you could edit /etc/csh.cshrc > > and put > > > > setenv KRB5_KTNAME /home/svn/svn.keytab > > > > to make it a system-wide setting (or use the user's > > ~/.cshrc for a user-only setting). > > > > In case the user does NOT have a default shell, I think > > you should be able to also define a system-wide environmental > > variable by coding > > > > KRB5_KTNAME=/home/svn/svn.keytab; export KRB5_KTNAME > > > > into /etc/rc.local (which will be executed at system startup). > > See "man rc.local" for details. > > > > Put it in /etc/rc.conf and have your script read up rc.conf and > set any of the stuff in there it is interested in, such as KRB5_KINAME. What "my script" do you mean? The script /usr/local/etc/rc.d/svnserve is already installed by the port, how can I make the stock script read up KRB5_KTNAME from rc.conf? And besides, KRB5_KTNAME should be only defined for the svn user (the user svnserve runs from) and not any other user. > I think that is the officially sanctioned way of doing such things. Of course I can always write my own script or put something like su -l svn -c 'usr/local/bin/svnserve -d --listen-port=3690 bla bla' into /etc/rc.local, but the question was about the rc.d framework. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
Polytropon wrote: > > > > The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need to > > pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the > > daemon on start. How do I do that? > > If the user corresponding to the svnservice has a login > shell, which would usually be the system's default > dialog shell, the C shell, you could edit /etc/csh.cshrc > and put > > setenv KRB5_KTNAME /home/svn/svn.keytab > > to make it a system-wide setting (or use the user's > ~/.cshrc for a user-only setting). I have tried putting "setenv KRB5_KTNAME /home/svn/svn.keytab" in ~svn/.cshrc, it does not help. Evidently the svn user's login shell is not called when "/usr/local/etc/rc.d/svnserve start" is called. > In case the user does NOT have a default shell, I think > you should be able to also define a system-wide environmental > variable by coding > > KRB5_KTNAME=/home/svn/svn.keytab; export KRB5_KTNAME > > into /etc/rc.local (which will be executed at system startup). > See "man rc.local" for details. Excuse me? What does /etc/rc.local have to do with the rc.subr framework? Of course I can abandon the standard /usr/local/etc/rc.d/svnserve script and write my own one, or start svnserve from /etc/rc.local (which I will do if I don't find a more graceful way), but it is not what the question was about. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
Polytropon writes: > I'm not sure this will work. The initial question was about > how to obtain an environmental variable. If the rc.d script > of svnserve sources /etc/rc.conf and/or /etc/rc.conf.local, > it is okay, They do. rc.d scripts all start by sucking in rc.subr, which in turn pulls in the rc.conf files. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
On Thu, 23 Dec 2010 14:14:43 -0500, Jerry McAllister wrote: > On Thu, Dec 23, 2010 at 08:12:49PM +0100, Polytropon wrote: > > > On Thu, 23 Dec 2010 23:27:52 +0600, Victor Sudakov > > wrote: > > > Colleagues, > > > > > > The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need > > > to > > > pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the > > > daemon on start. How do I do that? > > > > If the user corresponding to the svnservice has a login > > shell, which would usually be the system's default > > dialog shell, the C shell, you could edit /etc/csh.cshrc > > and put > > > > setenv KRB5_KTNAME /home/svn/svn.keytab > > > > to make it a system-wide setting (or use the user's > > ~/.cshrc for a user-only setting). > > > > In case the user does NOT have a default shell, I think > > you should be able to also define a system-wide environmental > > variable by coding > > > > KRB5_KTNAME=/home/svn/svn.keytab; export KRB5_KTNAME > > > > into /etc/rc.local (which will be executed at system startup). > > See "man rc.local" for details. > > > > Put it in /etc/rc.conf and have your script read up rc.conf and > set any of the stuff in there it is interested in, such as KRB5_KINAME. > > I think that is the officially sanctioned way of doing such things. I'm not sure this will work. The initial question was about how to obtain an environmental variable. If the rc.d script of svnserve sources /etc/rc.conf and/or /etc/rc.conf.local, it is okay, but what if a binary wants to read the variable by the standard way, i. e. int main(int argc, char *argv[], char *envp[]) then there will be no access to files like /etc/rc.conf. This means the variable will have to be a validly set environmental variable that can be output by % env or a similar program (or mechanism). Settings from /etc/rc.conf do NOT show up as environmental variables. Anyway, if svnserve is able to be passed a command string to, a setting like svnserve_flags="... -k /home/svn/svn.keytab ..." coded in /etc/rc.conf or /etc/rc.conf.local would work, and would also be the preferred method for such things. In fact, I've not come across the need to have an environmental variable to store a configuration setting for an additional program, as such kind of variables is mainly for "low level" system use, mostly. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
On Thu, Dec 23, 2010 at 08:12:49PM +0100, Polytropon wrote: > On Thu, 23 Dec 2010 23:27:52 +0600, Victor Sudakov > wrote: > > Colleagues, > > > > The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need to > > pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the > > daemon on start. How do I do that? > > If the user corresponding to the svnservice has a login > shell, which would usually be the system's default > dialog shell, the C shell, you could edit /etc/csh.cshrc > and put > > setenv KRB5_KTNAME /home/svn/svn.keytab > > to make it a system-wide setting (or use the user's > ~/.cshrc for a user-only setting). > > In case the user does NOT have a default shell, I think > you should be able to also define a system-wide environmental > variable by coding > > KRB5_KTNAME=/home/svn/svn.keytab; export KRB5_KTNAME > > into /etc/rc.local (which will be executed at system startup). > See "man rc.local" for details. > Put it in /etc/rc.conf and have your script read up rc.conf and set any of the stuff in there it is interested in, such as KRB5_KINAME. I think that is the officially sanctioned way of doing such things. jerry > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: rc.d and environment variables
On Thu, 23 Dec 2010 23:27:52 +0600, Victor Sudakov wrote: > Colleagues, > > The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need to > pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the > daemon on start. How do I do that? If the user corresponding to the svnservice has a login shell, which would usually be the system's default dialog shell, the C shell, you could edit /etc/csh.cshrc and put setenv KRB5_KTNAME /home/svn/svn.keytab to make it a system-wide setting (or use the user's ~/.cshrc for a user-only setting). In case the user does NOT have a default shell, I think you should be able to also define a system-wide environmental variable by coding KRB5_KTNAME=/home/svn/svn.keytab; export KRB5_KTNAME into /etc/rc.local (which will be executed at system startup). See "man rc.local" for details. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
rc.d and environment variables
Colleagues, The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need to pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the daemon on start. How do I do that? I tried to do this via a login class for the svn user, but it did not work. If I first 'su -l svn' and then start the daemon manually, the environment variable is set all right, but not when it is started from /usr/local/etc/rc.d/svnserve. All this is happening on 8.1-RELEASE-p2. Thanks in advance for any help. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
rc.d and environment variables
Colleagues, The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need to pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the daemon on start. How do I do that? I tried to do this via a login class for the svn user, but it did not work. If I first 'su -l svn' and then start the daemon manually, the environment variable is set all right, but not when it is started from /usr/local/etc/rc.d/svnserve. All this is happening on 8.1-RELEASE-p2. Thanks in advance for any help. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"