Russell Coker wrote:
On Wed, 17 Mar 2004 22:39, Martin Ebourne <lists@xxxxxxxxxxxxx> wrote:We have turned it off for test2 and intend to have a replacement. Basically we need one that runs in user space and has access to all files that
Russell Coker <russell@xxxxxxxxxxxx> wrote:
The problem is that famd is an application which accepts networkSurely it doesn't need access to the file contents - just to stat them, so
connections, wants read access to every file that any user can access. If you want to have a secure system you don't want many such programs.
access to directories (still a security issue, I agree).
Giving access to file names is still a security issue. If it can run with only { getattr search } access to directories and getattr access to files then it won't be so bad. Of course being able to remotely monitor what files someone is writing too also provides some issues (and for some files the names are predictable).
the user has access to. Currently famd does stuff with portmapper and still
requires a network communication even if it is only allowing localhost. In FC1 it was locked down to localhost.
We realize the that fam provides a needed feature, and are working to replace it.
Dan
Remote famd operation is only for non-polling notifications over theI agree with disabling remote famd, but the original post appeared to be
network. For most people having polling for file status changes on NFS
will probably be OK.
disabling the daemon entirely, which I expect would prevent local file
monitoring too. Or do gnome/kde use dnotify directly?
I don't think that the command Dan suggested would turn it off entirely. The libfam functionality linked into applications should still do everything you want locally.
Also, I thought RH/Fedora already shipped with remote famd disabled.
Not last time I checked.
