From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dave Eckhardt <davide+p9@cs.cmu.edu>
Subject: Re: [9fans] killing processes
To: 9fans@cse.psu.edu
In-Reply-To: <5b58ed3b26b68a9a9751f6b79d306c10@orthanc.cc.titech.ac.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <16866.1126848614.1@piper.nectar.cs.cmu.edu>
Date: Fri, 16 Sep 2005 01:30:15 -0400
Message-ID: <16867.1126848615@piper.nectar.cs.cmu.edu>
Topicbox-Message-UUID: 8afc68c8-ead0-11e9-9d60-3106f5b1d025

> Split the authentication domain into two.
> One for ordinary users in which "our CPU server" and
> the file server (fossil processes) runs, and the other
> in which the file server (the box itself) boots and runs.

I remember reading about that.  To be honest, I was wondering
if there might be a simpler way, without having to run a second
auth server.  For example (and I haven't tried either):

* arrange for the cpu/ncpu listener to run in a namespace where
  /bin/rc is mode 750, so only members of the designated group
  can run it

* put a group-membership check in some "early" /bin/rc startup file

Dave Eckhardt