From: Lucio De Re <lucio@proxima.alt.za>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] INIT and AUTH - Was: X11 on 3rd Edition
Date: Wed, 26 Jul 2000 18:59:09 +0200 [thread overview]
Message-ID: <20000726185909.K18891@cackle.proxima.alt.za> (raw)
In-Reply-To: <200007261634.MAA15529@smtp4.fas.harvard.edu>; from Russ Cox on Wed, Jul 26, 2000 at 12:34:16PM -0400
On Wed, Jul 26, 2000 at 12:34:16PM -0400, Russ Cox wrote:
>
> Another difference I noticed between 2ed and 3ed is the fact that most
> services on a CPU server now run as "none". As mentioned, that is a
> useful security precaution, and would be usefully documented for the
> services involved. Presumably, something along these lines is
> happening: if the service is found in /rc/bin/service, it is run under
> id "none", if in /rc/bin/service.auth (and elsewhere?), the host id is
> used.
>
> If its in a directory specified with listen -d, it's
> not trusted and runs as none. Things in a directory
> specified with listen -t are trusted, and run as
> whoever ran listen. Listen(8) in my second edition
> manual mentions this. I'm pretty sure it existed then.
>
I guess I'll have to look at the sources, but a ps seems adamant
that the owner of all running services is "proxima" on my 2ed
system. Of course, it may be an installation error on my part,
but a cursory check doesn't disclose anything obviously broken.
> The only /lib/ndb/auth that matters is the one
> that auth.srv and guard.srv (which run on the
> authentication server) see.
>
I am baffled by that one, courtesy of the newly discovered host ID (I
really understood this even less until now), but I'll do more
investigating before I make a total fool of myself (again).
But maybe somebody can throw me a lifeline: drawterm, which worked
once for me under WinNT, is now rejecting most of my advances with a
?AS protocol botch: file does not exist
(occasionally it merely hangs, but that's under different circumstances
that can be explained, not unlike the fact that I had it working)
and this message doesn't ring any bells with me. What's the most
likely origin of this particular error, keeping in mind that the
authentication server is still 2nd edition?
Thanks, everyone.
++L
next prev parent reply other threads:[~2000-07-26 16:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-07-26 16:34 Russ Cox
2000-07-26 16:59 ` Lucio De Re [this message]
2000-07-26 17:21 ` Lucio De Re
-- strict thread matches above, loose matches on Subject: below --
2000-07-24 4:03 [9fans] " Russ Cox
2000-07-24 5:39 ` [9fans] INIT and AUTH - Was: " Lucio De Re
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20000726185909.K18891@cackle.proxima.alt.za \
--to=lucio@proxima.alt.za \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).