Re: /etc/rc.d/ramdisk script for review

From: Sven Willenberger <sven_at_dmv.com>
Date: Thu, 15 Apr 2004 09:17:23 -0400
On Wed, 2004-04-14 at 16:35, Wes Peters wrote:
> On Monday 12 April 2004 02:48 pm, masta wrote:
> > Wes Peters wrote:
> > >A question came up on the mimedefang-users mailing list today.  One
> > >user who has recently converted from 4.8 to 5.2.1 was lamenting the
> > >fact there is no way to control ownership and permission of memory
> > >disks in 5.x.  The MIMEdefang spool area, often placed on a ramdisk
> > >for speed, needs to be owned by the MIMEdefang user and group.
> > >
> > >I poked around at mdmfs, aka mount_mfs, and thought there should be
> > >a more 5.x-ish way to create ramdisks early enough in the boot process
> > >to just put them in /etc/fstab directly.  Here's what I came up with.
> >
> > I like the notion of having rc.conf nobs to do this stuff with, but we
> > can already use /etc/fstab to configure a ramdisk as such:
> >
> > md                             /tmp           mfs
> > rw,-s3m         0               0
> > md                             /var            mfs
> > rw,-s7m         0               0
> >
> > That is how I engineered wifibsd prior to the changes Brooks did to the
> > diskless script of Matt's. It would seem to me that we
> > could have the ownership options next to the "rw,-s7m" options fields
> > which already exists. Something like "rw,-s7m,-Owes:staff", or similare.
> >
> > Since mount_md, or mdmfs, or whatever mount uses to do the task, could
> > be changed to facilitate that one needful thing or using chown/chgrp,
> > right?
> 
> No, because it can't change the ownership of the mount point after the 
> mount, which is the point of the whole thing.  If you recall from the 
> original message, this was to create a temporary space for MIMEdefang, 
> which runs as an untrusted user and so needs the ownership set 
> appropriately.  We use the same mechanism for virus scanning as well.

using the rc script works great, btw, in creating the memory device and
mounting it via /etc/fstab does so with root ownership. Since I use this
for mimedefang, I added the following to the mimedefang.sh startup
script in /usr/local/etc/rc.d which then successfully sets the perms as
needed (I am guessing that there is no way to preserve device ownership
and perms to the mountpoint?):

--- mimedefang.sh-dist  Thu Apr 13 09:10:03 2004
+++ mimedefang.sh       Tue Apr 13 12:22:14 2004
_at__at_ -9,6 +9,15 _at__at_
 PID="$SPOOLDIR/$prog.pid"
 MXPID="$SPOOLDIR/$prog-multiplexor.pid"

+# Test ownership and perms on SPOOLDIR
+eval $(stat -s $SPOOLDIR)
+if [ $st_uid -ne 26 ]; then
+    chown mailnull $SPOOLDIR
+fi
+if [ $st_mode -ne 040700 ] ; then
+    chmod 700 $SPOOLDIR
+fi
+
 # Is the program executable?  We search in /usr/bin and /usr/local/bin.

 if [ -x /usr/local/bin/$prog ] ; then
Received on Thu Apr 15 2004 - 04:17:41 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:51 UTC