rc.d and environment variables

Victor Sudakov vas at mpeks.tomsk.su
Fri Dec 24 09:37:27 UTC 2010

Da Rock wrote:
> >
> >   
> >>Doesn't the rc.d script run as root initially and then a method (default
> >>flags, etc) is used to change the owner to a nobody (restricted
> >>privilege user)? Just my 2c, but please correct me if I'm wrong.
> >>     
> >
> >That is probably correct, rc.subr does "su -m $user", but the login
> >class is not applied there, nor is the users's shell called.
> >
> >   
> Exactly. Which means that you'd have to adapt root's env because root's 
> shell would be called(?).

In this case, how do I limit the variables's visibility only to the
particular daemon (svnserve) or particular user (svn)?

> PITA, but as an alternative couldn't all the keytabs be stored in the 
> same _secure_ location? Then a global env could be used.

I really don't know what the security implications will be if
/etc/krb5.keytab is readable by anyone besides the root user? Do you
have a clue about it? There are other services' keys stored there
besides svn (host/*, cvs/* etc).

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru

More information about the freebsd-questions mailing list