philippe brochard <[EMAIL PROTECTED]> writes: > but I think it's a good thing if we can run it with an unprivileged user.
I'm not sure if there's any sensible way to delegate control over just some parts of the networking (e.g different network interfaces), but until someone comes up with a good model for that, it should be possible to delegate control over all networkish things by changing the owner of /servers/socket/2, and adding that uid to users or processes you want to be able to control the networking. Some questions (which is why I'm adding bug-hurd to the recipients): 1. Has anybody thought about partial delegation of networking? Does that make sense at all? 2. Is the group of /servers/socket/2 relevant, or should it be? To me, it seems cleaner to add network admins to a special group than using a special network-admin uid. 3. Is there a reasonable way to give a user additional uid:s automatically at login? (On second thought, you probably have to change the owner and permission on some other nodes as well, to make sure that pfinet gets access to ethernet hardware and stuff. And then one should probably think a little about what a "privileged (< 1024) port means when pfinet doesn't run as root. This seems a little harier than I'd like). Regards, /Niels
