From owner-freebsd-current@FreeBSD.ORG Thu Apr 15 06:17:41 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F94B16A4CE for ; Thu, 15 Apr 2004 06:17:41 -0700 (PDT) Received: from smtp-gw-cl-d.dmv.com (smtp-gw-cl-d.dmv.com [216.240.97.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1545543D1D for ; Thu, 15 Apr 2004 06:17:41 -0700 (PDT) (envelope-from sven@dmv.com) Received: from lanshark.dmv.com (lanshark.dmv.com [216.240.97.46]) i3FDHdRv010189 for ; Thu, 15 Apr 2004 09:17:40 -0400 (EDT) (envelope-from sven@dmv.com) From: Sven Willenberger To: freebsd-current@freebsd.org In-Reply-To: <200404141335.05322.wes@softweyr.com> References: <200403112047.43739.wes@softweyr.com> <200404141335.05322.wes@softweyr.com> Content-Type: text/plain Message-Id: <1082035043.7066.15.camel@lanshark.dmv.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Thu, 15 Apr 2004 09:17:23 -0400 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.39 Subject: Re: /etc/rc.d/ramdisk script for review X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Apr 2004 13:17:41 -0000 On Wed, 2004-04-14 at 16:35, Wes Peters wrote: > On Monday 12 April 2004 02:48 pm, masta wrote: > > Wes Peters wrote: > > >A question came up on the mimedefang-users mailing list today. One > > >user who has recently converted from 4.8 to 5.2.1 was lamenting the > > >fact there is no way to control ownership and permission of memory > > >disks in 5.x. The MIMEdefang spool area, often placed on a ramdisk > > >for speed, needs to be owned by the MIMEdefang user and group. > > > > > >I poked around at mdmfs, aka mount_mfs, and thought there should be > > >a more 5.x-ish way to create ramdisks early enough in the boot process > > >to just put them in /etc/fstab directly. Here's what I came up with. > > > > I like the notion of having rc.conf nobs to do this stuff with, but we > > can already use /etc/fstab to configure a ramdisk as such: > > > > md /tmp mfs > > rw,-s3m 0 0 > > md /var mfs > > rw,-s7m 0 0 > > > > That is how I engineered wifibsd prior to the changes Brooks did to the > > diskless script of Matt's. It would seem to me that we > > could have the ownership options next to the "rw,-s7m" options fields > > which already exists. Something like "rw,-s7m,-Owes:staff", or similare. > > > > Since mount_md, or mdmfs, or whatever mount uses to do the task, could > > be changed to facilitate that one needful thing or using chown/chgrp, > > right? > > No, because it can't change the ownership of the mount point after the > mount, which is the point of the whole thing. If you recall from the > original message, this was to create a temporary space for MIMEdefang, > which runs as an untrusted user and so needs the ownership set > appropriately. We use the same mechanism for virus scanning as well. using the rc script works great, btw, in creating the memory device and mounting it via /etc/fstab does so with root ownership. Since I use this for mimedefang, I added the following to the mimedefang.sh startup script in /usr/local/etc/rc.d which then successfully sets the perms as needed (I am guessing that there is no way to preserve device ownership and perms to the mountpoint?): --- mimedefang.sh-dist Thu Apr 13 09:10:03 2004 +++ mimedefang.sh Tue Apr 13 12:22:14 2004 @@ -9,6 +9,15 @@ PID="$SPOOLDIR/$prog.pid" MXPID="$SPOOLDIR/$prog-multiplexor.pid" +# Test ownership and perms on SPOOLDIR +eval $(stat -s $SPOOLDIR) +if [ $st_uid -ne 26 ]; then + chown mailnull $SPOOLDIR +fi +if [ $st_mode -ne 040700 ] ; then + chmod 700 $SPOOLDIR +fi + # Is the program executable? We search in /usr/bin and /usr/local/bin. if [ -x /usr/local/bin/$prog ] ; then