[omniORB] Running omniNames as a non-priviledged user?

Thomas Lockhart lockhart at fourpalms.org
Mon Dec 8 08:57:15 GMT 2003


...
> This is something that I didn't anticipate in the omniNames.suse script.
> Must omniNames be run as another user than root? If so, I will modify
> the script file accordingly (just let me know as which user to run :) )

"Must" is probably too strong. "Should" is probably correct. Jan gives 
an example in which he had created a user "omni", which is probably the 
best way to go, since the RPM does also have some omniORB data logging 
areas defined (that is, it is not just an omniNames issue).

For right now, here are the options:

1) Do nothing, so keep running as root
2) Run omniNames as "nobody", which I think is missing most privileges
3) Define a new user and group "omni"

I don't think that there is a strong reason to not do (3) for the RPM 
packages (though my inclination is to do (2) as easier and less trouble 
for now). If we have time to test and debug, we can go ahead with (3).

For (3), we will have to add code in the "%pre" section to verify the 
existence of the user "omni", and create it otherwise. Other RPMs do 
this so we can find examples to borrow. "%postun" will need to back out 
the user (I think??; maybe the user stays defined), and we may need to 
chown the logging directories so that RPM updates of the package will 
result in correct directory and file ownership.

Comments?

                      - Tom




More information about the omniORB-list mailing list