From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Wed, 26 Jul 2000 18:59:09 +0200 From: Lucio De Re To: 9fans@cse.psu.edu Subject: Re: [9fans] INIT and AUTH - Was: X11 on 3rd Edition Message-ID: <20000726185909.K18891@cackle.proxima.alt.za> References: <200007261634.MAA15529@smtp4.fas.harvard.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <200007261634.MAA15529@smtp4.fas.harvard.edu>; from Russ Cox on Wed, Jul 26, 2000 at 12:34:16PM -0400 Topicbox-Message-UUID: eac7c142-eac8-11e9-9e20-41e7f4b1d025 On Wed, Jul 26, 2000 at 12:34:16PM -0400, Russ Cox wrote: > > Another difference I noticed between 2ed and 3ed is the fact that most > services on a CPU server now run as "none". As mentioned, that is a > useful security precaution, and would be usefully documented for the > services involved. Presumably, something along these lines is > happening: if the service is found in /rc/bin/service, it is run under > id "none", if in /rc/bin/service.auth (and elsewhere?), the host id is > used. > > If its in a directory specified with listen -d, it's > not trusted and runs as none. Things in a directory > specified with listen -t are trusted, and run as > whoever ran listen. Listen(8) in my second edition > manual mentions this. I'm pretty sure it existed then. > I guess I'll have to look at the sources, but a ps seems adamant that the owner of all running services is "proxima" on my 2ed system. Of course, it may be an installation error on my part, but a cursory check doesn't disclose anything obviously broken. > The only /lib/ndb/auth that matters is the one > that auth.srv and guard.srv (which run on the > authentication server) see. > I am baffled by that one, courtesy of the newly discovered host ID (I really understood this even less until now), but I'll do more investigating before I make a total fool of myself (again). But maybe somebody can throw me a lifeline: drawterm, which worked once for me under WinNT, is now rejecting most of my advances with a ?AS protocol botch: file does not exist (occasionally it merely hangs, but that's under different circumstances that can be explained, not unlike the fact that I had it working) and this message doesn't ring any bells with me. What's the most likely origin of this particular error, keeping in mind that the authentication server is still 2nd edition? Thanks, everyone. ++L