Proper way to set login.conf control for application started as root and soon drop privileges

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Proper way to set login.conf control for application started as root and soon drop privileges

Daniel Ouellet
I was trying to control some applications that start as root and soon
after are drop privileges to their own user, but looks like I am not
very successful.

To see if it was possible to do so, I tested with httpd for example, but
searching on marc, I came across a posting from Henning on a different
subject that however make me wonder what's the proper way to do it in
that case?

If I take the httpd example, the quote goes as follow:

"you are mistaken. apache starts as root and drops privileges to
www:www, that does not mean it inherits the resource limits from that
login class."

So, I get it to mean that you can't use the login.conf to actually
control their resources. So, this bear the question then as to what
other alternative can you use, if any?

Obviously, I don't want to change the root limits just for that.

Reply | Threaded
Open this post in threaded view
|

Re: Proper way to set login.conf control for application started as root and soon drop privileges

Otto Moerbeek
On Mon, 13 Feb 2006, Daniel Ouellet wrote:

> I was trying to control some applications that start as root and soon after
> are drop privileges to their own user, but looks like I am not very
> successful.
>
> To see if it was possible to do so, I tested with httpd for example, but
> searching on marc, I came across a posting from Henning on a different subject
> that however make me wonder what's the proper way to do it in that case?
>
> If I take the httpd example, the quote goes as follow:
>
> "you are mistaken. apache starts as root and drops privileges to
> www:www, that does not mean it inherits the resource limits from that
> login class."
>
> So, I get it to mean that you can't use the login.conf to actually control
> their resources. So, this bear the question then as to what other alternative
> can you use, if any?

su -m -c login_class command

        -Otto

Reply | Threaded
Open this post in threaded view
|

Re: Proper way to set login.conf control for application started as root and soon drop privileges

Daniel Ouellet
Otto Moerbeek wrote:
>> So, I get it to mean that you can't use the login.conf to actually control
>> their resources. So, this bear the question then as to what other alternative
>> can you use, if any?
>
> su -m -c login_class command

Ah men...

Sometime, the answer one search for are just to sample, and stupid!

Call me Dave... (;>

Thanks!