[OpenAFS-devel] Unprotected PAGs
Garance A Drosihn
drosih@rpi.edu
Thu, 22 Sep 2005 15:43:16 -0400
At 6:55 PM +0200 9/21/05, Alexander Bostr=F6m wrote:
>I like my PAGs unprotected. That is, without the setgroups wrapper.
I am not completely sure I understand what you mean by that, but
I'll ask a few questions based on what I *think* you mean. What I
am thinking of is more accurately "without PAGs" instead of "with
unprotected PAGs", so it's quite possible I am thinking of the
wrong thing...
>In case you wonder, my reasons for preferring unprotected PAGs
>include:
>
>I don't need protected PAGs and my users won't notice the difference.
>Since the syscall table thing is a bit controversial, avoiding it
>seems like a good idea.
Will this cause you problems when the same user starts multiple
sessions? If I'm on box-A, and ssh into box-B, and ssh into box-B
a second time, then what happens to the first box-B connection
when the second one logs out? What happens to the first session
if the second session does a klog to some alternate userid?
>Getting out of a PAG can be useful sometimes, for example when
>starting deamons.
>
>If httpd is allowed to, it will break out of the PAG (if started
>from a PAG:d shell). That means that the problem of getting into
>the same PAG as httpd disappears, which makes it possible to use
>cron to update the token for the httpd user.
Why not just start daemons from a pag-less shell? I either login
to root via a serial console, or I have some another daemon which
is launched at startup (and thus has no PAG). I then tell *that*
daemon to start the daemon(s) I want to start up without a pag.
--
Garance Alistair Drosehn =3D gad@gilead.netel.rpi.edu
Senior Systems Programmer or gad@freebsd.org
Rensselaer Polytechnic Institute or drosih@rpi.edu