9front - general discussion about 9front
 help / color / mirror / Atom feed
From: Stanley Lieber <sl@stanleylieber.com>
To: 9front@9front.org
Subject: Re: [9front] werc comments egine
Date: Tue, 18 Jan 2022 05:06:41 +0000	[thread overview]
Message-ID: <51605C26-36E6-4AB4-AF20-6761E2C389F3@stanleylieber.com> (raw)
In-Reply-To: <365B92442B08A87728AA2C4D28F26158@gmail.com>

On January 18, 2022 3:20:34 AM UTC, thinktankworkspaces@gmail.com wrote:
>Okay thinking about this. I guess /rc/bin/cpurc has a line
>	# cpu+auth server
>	auth/keyfs -wp -m /mnt/keys /adm/keys
>	aux/listen -q -t /rc/bin/service.auth -d $serviced tcp
>Which I guess points to tcp services or /rc/bin/services
>cpu% cat tcp80
>exec /rc/bin/rc-httpd/rc-httpd >>[2]/sys/log/www
>So how do I get the user to run this. Do I just pull it out of cpurc and add it to /usr/www/lib/profile or
>clearly i'm confused?
>I guess I always drawterm and log in as glenda the run rcpu -u www. So I should do that
>and manually run 
>aux/listen -q -t /rc/bin/service.auth -d $serviced tcp

when you boot the system, $user is the hostowner, which refers to the owner of the kernel process. the hostowner ends up owning the disk file server process, as well, but the disk file server programs don't provide any automatic mechanism for violating disk file permissions without writing code or abusing the system's running processes with a special tool such as acid(1).

disk file permissions are completely separate from kernel process permissions, and are controlled by the disk file server process (cwfs or hjfs). by convention, plan 9 arranges for the kernel, auth, and disk file server to honor matching usernames, even though technically they're separate entities.

it looks like your system is running rc-httpd via a tcp80 script launched by the default listen(8) process, which ends up being owned by the special user none, rather than your chosen user www.

here's what i do for 9front.org:

first, move the /rc/bin/services/tcp80 script into /cfg/$sysname/service.www/

then add the following to /cfg/$sysname/cpustart:

auth/as www aux/listen -p 128 -t /cfg/$sysname/service.www

when you reboot, this will start a listener running as user www on the directory /cfg/$sysname/service.www/, and any listener script you put in there will in turn be run as user www.


  reply	other threads:[~2022-01-18 10:13 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-17  2:56 thinktankworkspaces
2022-01-17  7:43 ` Kurt H Maier
2022-01-17 23:47   ` thinktankworkspaces
2022-01-18  0:23     ` Stanley Lieber
2022-01-18  2:21       ` thinktankworkspaces
2022-01-18  3:20       ` thinktankworkspaces
2022-01-18  5:06         ` Stanley Lieber [this message]
2022-01-18  8:13           ` thinktankworkspaces
2022-01-18  3:20       ` thinktankworkspaces
2022-01-18  7:27       ` thinktankworkspaces
2022-01-17  9:07 thinktankworkspaces

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51605C26-36E6-4AB4-AF20-6761E2C389F3@stanleylieber.com \
    --to=sl@stanleylieber.com \
    --cc=9front@9front.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).