On Tue, Dec 2, 2014 at 9:55 PM, Steve Shockley
<steve.shock...@shockley.net> wrote:
> On 12/2/2014 8:49 PM, Einfach Jemand wrote:
>
>> Hmm, I checked on one of my boxen and there /etc/passwd has
>>
>> _squid
>> ^------------! Note the underline.
>>
>> as account for this package, so you probably want
>
>
> According to the package README:
>
> When started by rc.d(8) (i.e. via pkg_scripts in rc.conf.local or from
> "${RCDIR}/squid start") the appropriately-named login class is used
> automatically.
>
> So, the underline shouldn't be necessary.
>
The login would be apply in a rc script ? I looked into that :
is that why the _ goes away ?
_name=$(basename $0)
[.. so name of the rc script is sed to get compiled login.conf info..]
getcap -f /etc/login.conf ${_name} 1>/dev/null 2>&1
[ but this only print stuff according to man page ]
There is a rcexec that force the usage of the login class
grep rcexec /etc/rc.d/*
unbound use it, but not squid.
I guess my perl script would have to do a strlimit after dropping
privilege to open 4096 files.
On the other hand, the class is supposed to be in master.passwd or be
to default:
name User's login name.
password User's encrypted password.
uid User's login user ID.
gid User's login group ID.
class User's general classification (see login.conf(5)).
change Password change time.
expire Account expiration time.
gecos General information about the user.
home_dir User's home directory.
shell User's login shell.
_squid:*:515:515:daemon:0:0:Squid Account:
_bgpd:*:75:75::0:0:BGP Daemon:/var/empty:/sbin/nologin
bgpd class is blank, squid is set to daemon.
Is bgpd correctly configured ? is squid using the daemon class ? am I
forced to use BSD::resources to strlimit in the perl script to
validate this ? is getcap doing something else than printing ?
--
---------------------------------------------------------------------------------------------------------------------
() ascii ribbon campaign - against html e-mail
/\
