On Wed, 2004-04-14 at 16:35, Wes Peters wrote: > On Monday 12 April 2004 02:48 pm, masta wrote: > > Wes Peters wrote: > > >A question came up on the mimedefang-users mailing list today. One > > >user who has recently converted from 4.8 to 5.2.1 was lamenting the > > >fact there is no way to control ownership and permission of memory > > >disks in 5.x. The MIMEdefang spool area, often placed on a ramdisk > > >for speed, needs to be owned by the MIMEdefang user and group. > > > > > >I poked around at mdmfs, aka mount_mfs, and thought there should be > > >a more 5.x-ish way to create ramdisks early enough in the boot process > > >to just put them in /etc/fstab directly. Here's what I came up with. > > > > I like the notion of having rc.conf nobs to do this stuff with, but we > > can already use /etc/fstab to configure a ramdisk as such: > > > > md /tmp mfs > > rw,-s3m 0 0 > > md /var mfs > > rw,-s7m 0 0 > > > > That is how I engineered wifibsd prior to the changes Brooks did to the > > diskless script of Matt's. It would seem to me that we > > could have the ownership options next to the "rw,-s7m" options fields > > which already exists. Something like "rw,-s7m,-Owes:staff", or similare. > > > > Since mount_md, or mdmfs, or whatever mount uses to do the task, could > > be changed to facilitate that one needful thing or using chown/chgrp, > > right? > > No, because it can't change the ownership of the mount point after the > mount, which is the point of the whole thing. If you recall from the > original message, this was to create a temporary space for MIMEdefang, > which runs as an untrusted user and so needs the ownership set > appropriately. We use the same mechanism for virus scanning as well. using the rc script works great, btw, in creating the memory device and mounting it via /etc/fstab does so with root ownership. Since I use this for mimedefang, I added the following to the mimedefang.sh startup script in /usr/local/etc/rc.d which then successfully sets the perms as needed (I am guessing that there is no way to preserve device ownership and perms to the mountpoint?): --- mimedefang.sh-dist Thu Apr 13 09:10:03 2004 +++ mimedefang.sh Tue Apr 13 12:22:14 2004 _at__at_ -9,6 +9,15 _at__at_ PID="$SPOOLDIR/$prog.pid" MXPID="$SPOOLDIR/$prog-multiplexor.pid" +# Test ownership and perms on SPOOLDIR +eval $(stat -s $SPOOLDIR) +if [ $st_uid -ne 26 ]; then + chown mailnull $SPOOLDIR +fi +if [ $st_mode -ne 040700 ] ; then + chmod 700 $SPOOLDIR +fi + # Is the program executable? We search in /usr/bin and /usr/local/bin. if [ -x /usr/local/bin/$prog ] ; thenReceived on Thu Apr 15 2004 - 04:17:41 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:51 UTC