headers
Harm van Tilborg | 25 Oct 2010 15:48
Favicon

Re: Introducing CurveDNS a DNSCurve forwarding name server

Hi Maciej,

You are right. The idea was taken from djb's approach in djbdns --
together with daemontools' envuidgid tool.

I'm changing it in the next release, making it a bit harder to easily
specify the effective uid and gid -- since envuidgid cannot be used anymore.

I think `CURVEDNS_USER' will house the user CurveDNS is about to run
under when root privileges are not needed anymore.

--

-- 
Kind regards,
Harm van Tilborg

On 25-10-2010 02:48, Maciej Żenczykowski wrote:
> UID is a readonly variable under bash - cannot be modified or unset -
> please use something else.
Permalink | Reply |
headers
Hauke Lampe | 25 Oct 2010 17:07
Picon

Re: Introducing CurveDNS a DNSCurve forwarding name server


On 25.10.2010 15:48, Harm van Tilborg wrote:

> I'm changing it in the next release, making it a bit harder to easily
> specify the effective uid and gid -- since envuidgid cannot be used anymore.

I'm not convinced that's a good idea. It was really easy to set up
curvedns _because_ it worked mostly like dnscache or tinydns.

This is the "run" file I use:

#!/bin/sh
exec 2>&1
exec envdir ./env sh -c '
  exec envuidgid dnscache /usr/sbin/curvedns "$IP" "$PORT" "$FORWARD"
"$FORWARD_PORT"
'
(yes, I use the same user/group as for dnscache)

> I think `CURVEDNS_USER' will house the user CurveDNS is about to run
> under when root privileges are not needed anymore.

Maybe you could make that an additional option and use $UID/$GID if
$CURVEDNS_USER is unset.

Hauke.
Permalink | Reply |
headers
Harm van Tilborg | 25 Oct 2010 17:25
Favicon

Re: Introducing CurveDNS a DNSCurve forwarding name server

On 25-10-2010 17:07, Hauke Lampe wrote:
> On 25.10.2010 15:48, Harm van Tilborg wrote:
>>
>> I think `CURVEDNS_USER' will house the user CurveDNS is about to run
>> under when root privileges are not needed anymore.
>
> Maybe you could make that an additional option and use $UID/$GID if
> $CURVEDNS_USER is unset.
>

Convinced :]. Good solution. Will be in 0.87 that will probably come out
this week.

--

-- 
Kind regards,
Harm
Permalink | Reply |
headers
Bernd Plagge | 25 Oct 2010 18:17
Picon
Favicon

Re: Introducing CurveDNS a DNSCurve forwarding name server

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 25 Oct 2010 15:48:27 +0200
Harm van Tilborg <list <at> zeroxcool.net> wrote:

> I'm changing it in the next release, making it a bit harder to easily
> specify the effective uid and gid -- since envuidgid cannot be used anymore.

Why can't envuidgid not be used anymore?

If so you may want to check runit which you can find here: http://smarden.org/runit/


Cheers,
Bernd
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzFrZoACgkQpYU8M8PbPV47RQCgpysDteppAcLl1IX/PqD42cwr
Y3gAoLwuWTgHneZh1JD98XKdHKrOpU+1
=b3kW
-----END PGP SIGNATURE-----
Permalink | Reply |

Gmane