git: 9ac7f30252 - main - Status/2023Q3/login_classes.adoc: Fixes
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 02 Oct 2023 08:29:22 UTC
The branch main has been updated by salvadore: URL: https://cgit.FreeBSD.org/doc/commit/?id=9ac7f30252a17829f9404455abdf3d61e5951b8e commit 9ac7f30252a17829f9404455abdf3d61e5951b8e Author: Graham Perrin <grahamperrin@gmail.com> AuthorDate: 2023-10-02 08:25:53 +0000 Commit: Lorenzo Salvadore <salvadore@FreeBSD.org> CommitDate: 2023-10-02 08:25:53 +0000 Status/2023Q3/login_classes.adoc: Fixes Pull Request: https://github.com/freebsd/freebsd-doc/pull/266 --- .../content/en/status/report-2023-07-2023-09/login_classes.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/content/en/status/report-2023-07-2023-09/login_classes.adoc b/website/content/en/status/report-2023-07-2023-09/login_classes.adoc index d7158bcac7..c68fbbe13c 100644 --- a/website/content/en/status/report-2023-07-2023-09/login_classes.adoc +++ b/website/content/en/status/report-2023-07-2023-09/login_classes.adoc @@ -14,22 +14,22 @@ See man:login.conf[5] for more information. ==== Changes The `priority` and `umask` capabilities now accept the `inherit` special value to explicitly request property inheritance from the login process. -This is useful, e.g., when temporarily logging in as another user from a process with a non-default priority to ensure that processes launched by this user still have the same priority level. +This is useful, e.g., when temporarily logging in as another user from a process with a non-default priority to ensure that processes launched by this user still have the same priority level. Users can now override the global setting for the `priority` capability (in [.filename]#/etc/login.conf#) in their local configuration file ([.filename]#~/.login_conf#). -Note however that they cannot increase their priority if they are not privileged, and that using `inherit` in this context makes no sense since the global setting is always applied first. +Note however that they cannot increase their priority if they are not privileged, and that using `inherit` in this context makes no sense, since the global setting is always applied first. Fixes: - Fix a bug where, when the `priority` capability specifies a realtime priority, the final priority used was off-by-one (and the numerically highest priority in the real time class (31) could never be set). - Security: Prevent a setuid/setgid process from applying directives from some user's [.filename]#~/.login_conf# (directives there that cannot be applied because of a lack of privileges could suddenly become applicable in such a process). -We have also updated the relevant manual pages to reflect the new functionality and improved the description of the `priority` and `umask` capabilities in man:login.conf[5]. +We have also updated the relevant manual pages to reflect the new functionality, and improved the description of the `priority` and `umask` capabilities in man:login.conf[5]. ==== Status Some of the patches in the series have been reviewed thanks to mailto:kib@FreeBSD.org[Konstantin Belousov] and mailto:imp@FreeBSD.org[Warner Losh]. -Other patches are waiting for reviews (and reviewers, volunteers welcome!) which are not expected to be labored ones. +Other patches are waiting for reviews (and reviewers, volunteers welcome!), which are not expected to be labored. We plan to improve consistency by deprecating the priority reset to 0 when no value for the capability `priority` is explicitly specified, which has been the case for `umask` for 15+ years.