From owner-freebsd-hackers@FreeBSD.ORG Sun Jul 22 15:03:42 2012 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06ABC1065672 for ; Sun, 22 Jul 2012 15:03:42 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl [89.206.35.99]) by mx1.freebsd.org (Postfix) with ESMTP id 9CE8F8FC16 for ; Sun, 22 Jul 2012 15:03:39 +0000 (UTC) Received: from wojtek.tensor.gdynia.pl (localhost [127.0.0.1]) by wojtek.tensor.gdynia.pl (8.14.5/8.14.5) with ESMTP id q6MF3YcA002655; Sun, 22 Jul 2012 17:03:34 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from localhost (wojtek@localhost) by wojtek.tensor.gdynia.pl (8.14.5/8.14.5/Submit) with ESMTP id q6MF3YmF002652; Sun, 22 Jul 2012 17:03:34 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Date: Sun, 22 Jul 2012 17:03:34 +0200 (CEST) From: Wojciech Puchar To: "ming.zym@gmail.com" In-Reply-To: <1342963441.4162.8.camel@zym6400> Message-ID: References: <1342963441.4162.8.camel@zym6400> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.7 (wojtek.tensor.gdynia.pl [127.0.0.1]); Sun, 22 Jul 2012 17:03:35 +0200 (CEST) Cc: "hackers@FreeBSD.org" Subject: Re: trafficserver and raw disk access in FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jul 2012 15:03:42 -0000 > Apache Traffic Server may use raw disk for caching, and for privilege > elevation, the worker process(traffic_server) will setuid to nobody, my > question is, how to make traffic_server access the /dev/ada*? > > in linux, disk permitting is root:disk 0660, we can go with: > 1, setup a new user 'ats', and put it into 'disk' group > 2, after setuid, run initgroups() to complete the groups evn. devfs.conf