Return to notes.txt CVS log | Up to [Pegasus] / pegasus / src / Executor |
File: [Pegasus] / pegasus / src / Executor / notes.txt
(download)
Revision: 1.1.2.4, Fri Dec 29 07:58:58 2006 UTC (17 years, 5 months ago) by mike Branch: PEP286_PRIVILEGE_SEPARATION_BRANCH CVS Tags: PEP286_PRIVILEGE_SEPARATION_1 Changes since 1.1.2.3: +18 -22 lines PEP#: 286 TITLE: Privilege Separation DESCRIPTION: Ongoing privilege separation work. |
1. The user that runs cimervermain is determined as follows. (1) Look for serverUser configuration option on command line. (2) Look for serverUser configuration option in planned configuration file. (3) Use the owner of the cimservermain program (if not root). (4) Use "pegasus" (the default user). 2. All files but the repository are owned by root. The cimservermain process may read any of the root owned files, but it must ask the executor to modify the file system. 3. Cimservermain must own the repository and all files beneath. The executor automatically sets ownership for these files upon startup. 4. Provider agent is run as root, whenever the same user as server is requested. 5. Executor checks whether Pegasus repository exists and errors out if not. 7. Cimservermain owns the local-domain socket file (/tmp/cimxml.socket). 8. For logging purposes, the executor uses "cimexecutor" as its syslog identifier.
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |