Jabberd vs PostgreSQL

Brooks Davis brooks at one-eyed-alien.net
Fri Sep 1 13:35:55 UTC 2006

On Thu, Aug 31, 2006 at 10:33:45PM -0700, Doug Barton wrote:
> Jiawei Ye wrote:
> > I can see that postgresql requires LOGIN, but jabberd is BEFORE:LOGIN,
> > what is the proper solution?
> If I understand correctly, pgsql runs as an unprivileged user, which means
> it needs to REQUIRE LOGIN. OTOH, there is no reason that jabberd should run
> BEFORE LOGIN, and I suspect that is an artifact of copying and pasting a
> script that had that in it for no good reason. In fact,
> ports/net-im/jabber/files/jabberd.sh.in does not have that line, so I am
> wondering what port you're working with here.

I'd agree that pgsql should REQUIRE LOGIN, but I think the reason is
subtilly different.  In my mind the key with LOGIN is that the system
is ready security wise to allow users to interact with the machine via
methods other than the administrative console.  This should mean the
secure level is elevated and any other security bootstrapping is done.
IIRC this is actually not the case and should be fixed.  Running as an
unprivleged user isn't usable as a differentiating feature.  For example
dhclient runs in part as an unpriveleged user.

> In any case, the proper fix here seems to be to have jabber REQUIRE
> postgresql. Try that, and if it works, you're golden.

There are a couple problems with "REQUIRE postgresql" in general:
 - There's no requirement that you run a database on the machine the
   application is on.  (This is why ports depend on the -client not the
   -server port).
 - Several ports will work out of the box with either postgres or mysql
   so depending one or the other is wrong.  As is depending on both.

I think the right thing is create a stub DATABASE provider that mysql
and postgres can be BEFORE.  Ports that want a database can just depend
on that.  It will insure that ordering is correct if the server is local
without causing problems if it isn't or requiring script modifications
for ports that can use more than one database from the same package.

-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060901/eb3e3835/attachment.pgp

More information about the freebsd-ports mailing list