On Mon, Jan 04, 2010 at 05:03:39PM -0800, Jordan Brown wrote: > Perhaps all that would be needed to support per-user services of all kinds > (start-at-boot services, start-by-clock services, start-by-network-request > services, ...) would be to check that the method context matches the > requesting user (or force that it does), plus a bit of per-restarter > security like ensuring that only root can use reserved network ports.
If you get the method context right then privileges take care of things like what ports you can listen on. In inetd you'd fork a per-user inetd to run each user's inetd listeners; the per-user inetds would run as the users. Just as with per-user nscd. > There's probably a lot more minutiae like permissions on log files that > would have to be addressed, and probably some stuff related to > authorizations for manipulating the services. It's the latter I worry about: how do you decide to let a non-admin user create/modify a service with a given name, and how to force such services' methods to have the owner's credentials as method context. > I don't know whether I'd cordon off namespace for them. Probably, though > [...] Perhaps, but doing so makes it trivial to do authorization: want to create svc:/.../users/jordan/foo:default? If you're running [svccfg] as jordan then you're welcome to it, because all svc.configd need do is verify that the caller's euid resolves to "jordan". > BTW, I most specifically would *not* cordon off namespace for cron jobs. I > would want to put cron jobs "near" any associated "normal" services. If I > had a cron job that did some kind of idmap-related maintenance, I would > want it to be somewhere near svc:/system/idmap. Sure. A very good point. We do cordon off inetd services into /network, though there are non-inetd services below there. > >But this could come all later. > > Yes. I think it's almost completely orthogonal to SMF-izing installed cron > jobs. Yes. Also, we still need an SMF-like thing for login session services, like MacOS X's launchd. ctrun gives you the restarter part, but not any way to manage the session services, no namespace for them, ... Nico --
