Jabberd vs PostgreSQL
Brooks Davis
brooks at one-eyed-alien.net
Fri Sep 1 18:37:46 UTC 2006
On Fri, Sep 01, 2006 at 11:05:43AM -0700, Doug Barton wrote:
> Brooks Davis wrote:
> > On Thu, Aug 31, 2006 at 10:33:45PM -0700, Doug Barton wrote:
> >> Jiawei Ye wrote:
> >>
> >>> I can see that postgresql requires LOGIN, but jabberd is BEFORE:LOGIN,
> >>> what is the proper solution?
> >> If I understand correctly, pgsql runs as an unprivileged user, which means
> >> it needs to REQUIRE LOGIN. OTOH, there is no reason that jabberd should run
> >> BEFORE LOGIN, and I suspect that is an artifact of copying and pasting a
> >> script that had that in it for no good reason. In fact,
> >> ports/net-im/jabber/files/jabberd.sh.in does not have that line, so I am
> >> wondering what port you're working with here.
> >
> > I'd agree that pgsql should REQUIRE LOGIN, but I think the reason is
> > subtilly different. In my mind the key with LOGIN is that the system
> > is ready security wise to allow users to interact with the machine via
> > methods other than the administrative console. This should mean the
> > secure level is elevated and any other security bootstrapping is done.
> > IIRC this is actually not the case and should be fixed.
>
> That's an interesting idea, I'll have to give it some more thought.
This is what LOGIN has to say for it self:
# This is a dummy dependency to ensure user services such as xdm,
# inetd, cron and kerberos are started after everything else, in case
# the administrator has increased the system security level and
# wants to delay user logins until the system is (almost) fully
# operational.
> >> In any case, the proper fix here seems to be to have jabber REQUIRE
> >> postgresql. Try that, and if it works, you're golden.
> >
> > There are a couple problems with "REQUIRE postgresql" in general:
>
> I wasn't speaking in general. :) I probably should have
> s/here/in your situation/ to make it more clear what I meant.
I suspected that was the case, but wanted to insure this didn't get
committed.
> > I think the right thing is create a stub DATABASE provider that mysql
> > and postgres can be BEFORE. Ports that want a database can just depend
> > on that. It will insure that ordering is correct if the server is local
> > without causing problems if it isn't or requiring script modifications
> > for ports that can use more than one database from the same package.
>
> No objections on my side, but I am not in a position to develop or test it,
> since I'm not using any database stuff at the moment and don't have any
> spare cycles. This topic came up on the -rc list a while back and no one bit
> the apple, so if there is a user (or committer) here who wants to work this
> one out, please feel free to take this project up, and report your findings
> on freebsd-rc at .
The big question in my mind is, do we make a port to do this or add it
to the base? I think we'd need a port for compatability so we might
just want to create one and always use it.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060901/3b39d1a2/attachment.pgp
More information about the freebsd-ports
mailing list