[ovs-dev] [PATCH 2/3] lib: Add --user for daemon
Andy Zhou
azhou at nicira.com
Wed Sep 9 06:36:02 UTC 2015
On Tue, Sep 8, 2015 at 5:37 PM, Ben Pfaff <blp at nicira.com> wrote:
> On Tue, Sep 08, 2015 at 05:29:24PM -0700, Ben Pfaff wrote:
>> On Thu, Sep 03, 2015 at 04:33:42PM -0700, Andy Zhou wrote:
>> > Allow daemon running as root to accept --user option, that accepts
>> > "user:group" string as input. Performs sanity check on the input,
>> > and store the converted uid and gid.
>> >
>> > daemon_become_new_user() needs to be called to make the actual
>> > switch.
>> >
>> > Signed-off-by: Andy Zhou <azhou at nicira.com>
>>
>> I might have other comments when I look at the final patch.
>
> One more concern. I believe that this series of patches makes all
> daemons accept --user, but only ovsdb-server actually implements it and
> the others just treat it as a no-op. I think that this is a bad idea: a
> server should only accept --user if it implements it.
It seems having all daemons accept --user would be a useful feature in
the long run. OVSDB
happens to be the easiest to add support for since it does not really
root privilege to run.
Sure, I will work on a way to block this option (and map page) for
other daemons.
More information about the dev
mailing list