On Fri, Apr 11, 2014 at 12:49 PM, Lennart Poettering
<mzerqung@xxxxxxxxxxx> wrote:
> On Fri, 11.04.14 16:09, Colin Walters (walters@xxxxxxxxxx) wrote:
>
>> On Fri, Apr 11, 2014 at 11:33 AM, Martin Langhoff
>> <martin.langhoff@xxxxxxxxx> wrote:
>> >
>> >If you move in this direction, you have to create files/dirs to be
>> >owned by the daemon user too.
>
> Hmm, let's think for a moment what kind of files this actually matters
> for. In which directories do system users actually own files?
>
> That'd be suid/sgid binaries in /usr/bin. That'd be working directories
> in /run and /var. Anything else?
>
> The latter don't sound too bad, since we can allocate them during late
> boot. The fomer is the messy bit.
Stuff like /var/lib/{mysql,ldap} is what I was mainly referring to.
The services depend or could/should depend on resolving any mounts
needed to get /var/lib in place.
Not a big deal for systemd, but I want to note -- the creation of
/var/lib/{svc} is often driven by a script that may do additional work
(i.e.: create a template database), and may have interesting error
conditions.
Not sure why you mention suid/sgid -- this applies as long as the
service is run as a particular user. Maybe systemd needs to resolve
those users while parsing the service files?
m
--
martin.langhoff@xxxxxxxxx
- ask interesting questions
- don't get distracted with shiny stuff - working code first
~ http://docs.moodle.org/en/User:Martin_Langhoff
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
