Da Rock wrote: > > > > > >>Doesn't the rc.d script run as root initially and then a method (default > >>flags, etc) is used to change the owner to a nobody (restricted > >>privilege user)? Just my 2c, but please correct me if I'm wrong. > >> > > > >That is probably correct, rc.subr does "su -m $user", but the login > >class is not applied there, nor is the users's shell called. > > > > > Exactly. Which means that you'd have to adapt root's env because root's > shell would be called(?).
In this case, how do I limit the variables's visibility only to the particular daemon (svnserve) or particular user (svn)? > > PITA, but as an alternative couldn't all the keytabs be stored in the > same _secure_ location? Then a global env could be used. I really don't know what the security implications will be if /etc/krb5.keytab is readable by anyone besides the root user? Do you have a clue about it? There are other services' keys stored there besides svn (host/*, cvs/* etc). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
