From owner-freebsd-x11@FreeBSD.ORG Wed Apr 18 10:57:10 2007 Return-Path: X-Original-To: freebsd-x11@freebsd.org Delivered-To: freebsd-x11@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5618D16A402 for ; Wed, 18 Apr 2007 10:57:10 +0000 (UTC) (envelope-from flz@FreeBSD.org) Received: from smtp6-g19.free.fr (smtp6-g19.free.fr [212.27.42.36]) by mx1.freebsd.org (Postfix) with ESMTP id E4B0813C44B for ; Wed, 18 Apr 2007 10:57:09 +0000 (UTC) (envelope-from flz@FreeBSD.org) Received: from smtp.xbsd.org (unknown [82.233.2.192]) by smtp6-g19.free.fr (Postfix) with ESMTP id 1478B6D4FB; Wed, 18 Apr 2007 12:57:09 +0200 (CEST) Received: from localhost (localhost.xbsd.org [127.0.0.1]) by smtp.xbsd.org (Postfix) with ESMTP id 5BFF511C88; Wed, 18 Apr 2007 12:57:08 +0200 (CEST) X-Virus-Scanned: amavisd-new at xbsd.org Received: from smtp.xbsd.org ([127.0.0.1]) by localhost (srv1.xbsd.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NKueUMFP83S6; Wed, 18 Apr 2007 12:57:01 +0200 (CEST) Received: from [193.95.134.156] (mayday.esat.net [193.95.134.156]) by smtp.xbsd.org (Postfix) with ESMTP id 9C71011C84; Wed, 18 Apr 2007 12:56:59 +0200 (CEST) Message-ID: <4625F973.90002@FreeBSD.org> Date: Wed, 18 Apr 2007 11:56:51 +0100 From: Florent Thoumie User-Agent: Thunderbird 1.5.0.9 (X11/20070122) MIME-Version: 1.0 To: Dejan Lesjak References: <200704161141.l3GBfrcY049525@freefall.freebsd.org> <46253C95.3030808@FreeBSD.org> <20070417220046.GC44061@ice.42.org> <200704181250.01295.dejan.lesjak@ijs.si> In-Reply-To: <200704181250.01295.dejan.lesjak@ijs.si> X-Enigmail-Version: 0.94.1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig26EF9A4028CD3EF2981E012A" Cc: Stefan `Sec` Zehl , freebsd-x11@freebsd.org Subject: Re: ports/109497: x11-servers/xorg-fontserver rc.d/xfs.sh script missing "-user" X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Apr 2007 10:57:10 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig26EF9A4028CD3EF2981E012A Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Dejan Lesjak wrote: > On Wednesday 18 of April 2007, Stefan `Sec` Zehl wrote: >> On Tue, Apr 17, 2007 at 22:31 +0100, Florent Thoumie wrote: >>> Stefan `Sec` Zehl wrote: >>>> Hi, >>>> >>>> On Mon, Apr 16, 2007 at 11:41 +0000, Florent Thoumie wrote: >>>>> Synopsis: x11-servers/xorg-fontserver rc.d/xfs.sh script missing >>>>> "-user" >>>>> >>>>> State-Changed-From-To: open->closed >>>>> State-Changed-By: flz >>>>> State-Changed-When: Mon Apr 16 11:40:38 UTC 2007 >>>>> State-Changed-Why: >>>>> I just checked and other OS'es seem to run it as root as well. >>>>> >>>>> If this is a real concern to you, just set xfs_flags=3D"-user nobod= y" in >>>>> /etc/rc.conf. I think this is what you're looking for. >>>> Please note that if you set "xfs_user=3D" to something, the default >>>> rc.subr will already try to do something with it, and (silently) fai= l >>>> to start xfs at all. I do think fixing this would be more user frien= dly >>>> -- besides, its only a two-line patch anyway, and it doesn't even >>>> change the default of running as root. >>>> >>>> But if think it's important to refuse this change, I can certainly l= ive >>>> without that patch. >>> This is not what I said, please re-read my message. >> Ok. I did. >> >> As far as I can tell, your message had two points. >> >> 1: Others run it as root. >> 2: I can run it as non-root if I want to by using xfs_flags=3D... >> >> If that isn't what you said, please rephrase, as I must have >> misunderstood you. Please be patient, as english is not my native >> language. Therefore let me also rephrase my last answer. >> >> First regarding your two points: >> >> re 1: >> - I'm not asking to change the default. So what other OSs run it as is= >> not relevant. >> >> re 2: >> - If you still want to reject the patch I sent, I can live with it as >> users searching for it will hopefully find the workaround documented= >> in this PR. >> >> My additional points I was trying to make: >> >> - If someone currently sets "xfs_user=3D" in rc.conf, this makes xfs f= ail >> silently. I think it would be great if it instead would just work. >=20 > It certainly should not fail silently if someone has unsupported option= in=20 > rc.conf. If this is the case it should be fixed. But note that we are r= ather=20 > busy trying to get xorg 7.2 into ports so if you could try the script a= gain=20 > after the upgrade and if it fails bring it up again then, that would be= =20 > lovely. >=20 >> - It is only two lines, so no bloat, and it won't hurt anyone. >=20 > It's not so much the number of lines - it's rather that it seems this o= ption=20 > is not that commonly used and that there already is a mechanism to do t= hat=20 > with existing options (namely xfs_flags). >=20 >> Hope that clears it up, >=20 > Well, it rather confuses me :-) I didn't expect the thing to fail if yo= u set=20 > some option that the script does not even look at, but yes, it does cle= ar up=20 > your problem. Well I haven't checked for xfs case but if it needs root privileges at startup to drop them later then xfs_user indeed won't work, cause it uses 'su'. I tend to think that *_flags is there because we can't support any possible option. Anyway, I don't know if it indeed fails silently but I'll fix it in git so that it'll work after the merge. --=20 Florent Thoumie flz@FreeBSD.org FreeBSD Committer --------------enig26EF9A4028CD3EF2981E012A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGJfl5MxEkbVFH3PQRCjTNAJ9xp+7fzBfQuYlioLBxsFJAmQF0UACgjQAQ Cfs9YZlnuD9PTeYuq+MCY6I= =dY5R -----END PGP SIGNATURE----- --------------enig26EF9A4028CD3EF2981E012A--