Return to
notes.txt
CVS log
Up to [Pegasus] / pegasus / src / Executor
|
Return to
notes.txt
CVS log
|
Up to [Pegasus] / pegasus / src / Executor
|
|
File: [Pegasus] / pegasus / src / Executor / notes.txt
(download)
Revision: 1.1.2.4, Fri Dec 29 07:58:58 2006 UTC (17 years, 5 months ago) by mike Branch: PEP286_PRIVILEGE_SEPARATION_BRANCH CVS Tags: PEP286_PRIVILEGE_SEPARATION_1 Changes since 1.1.2.3: +18 -22 lines PEP#: 286 TITLE: Privilege Separation DESCRIPTION: Ongoing privilege separation work. |
1. The user that runs cimervermain is determined as follows.
(1) Look for serverUser configuration option on command line.
(2) Look for serverUser configuration option in planned configuration
file.
(3) Use the owner of the cimservermain program (if not root).
(4) Use "pegasus" (the default user).
2. All files but the repository are owned by root. The cimservermain
process may read any of the root owned files, but it must ask the
executor to modify the file system.
3. Cimservermain must own the repository and all files beneath.
The executor automatically sets ownership for these files upon
startup.
4. Provider agent is run as root, whenever the same user as server is
requested.
5. Executor checks whether Pegasus repository exists and errors out
if not.
7. Cimservermain owns the local-domain socket file (/tmp/cimxml.socket).
8. For logging purposes, the executor uses "cimexecutor" as its syslog
identifier.
| No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |