I can see how Tahoe uses the POLA in cryptographic design, but it seems one should also approach host operation in the same way. In contemplating setting this up, I'm inclined to
Have an introducer on a particularly reliable machine (really, one I
have to fix quickly anyway).
Run the introducer node as a service uid, like tahoe.tahoe, similar to
how one runs servers as an unprivileged user.
Run a server node as a service uid, perhaps the same as above, on many
machines. This would mean introducer and server would have same uid.
Or tahoei and tahoes. I don't see a real reason to separate them.
Either
A) Run the client as me, so I can interact with it.
or
B) Run the client as tahoec, because it interacts with people via
capabilities and the WAPI, so it doesn't matter that it's the same
uid as the person using it.
I think A might be needed, because the command-line program uses
private/aliases. But perhaps if I symlink node.url from my ~/.tahoe to
the tahoec client, all is well, and I can separate the command-line
client and the node instance.
Is this what others do? Does it make sense?
Will it work to run three nodes on one system?
pgp1buZNogjOK.pgp
Description: PGP signature
_______________________________________________ tahoe-dev mailing list [email protected] http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
