Date: Fri, 1 Sep 2006 13:37:31 -0500 From: Brooks Davis <brooks@one-eyed-alien.net> To: Doug Barton <dougb@FreeBSD.org> Cc: Brooks Davis <brooks@one-eyed-alien.net>, ports@FreeBSD.org, Jiawei Ye <leafy7382@gmail.com> Subject: Re: Jabberd vs PostgreSQL Message-ID: <20060901183731.GC15734@lor.one-eyed-alien.net> In-Reply-To: <44F87677.4000604@FreeBSD.org> References: <c21e92e20608292112u714e3b5ck9ca346acffe4a30b@mail.gmail.com> <44F7C639.90905@FreeBSD.org> <20060901133519.GA14134@lor.one-eyed-alien.net> <44F87677.4000604@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--oTHb8nViIGeoXxdp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 01, 2006 at 11:05:43AM -0700, Doug Barton wrote: > Brooks Davis wrote: > > On Thu, Aug 31, 2006 at 10:33:45PM -0700, Doug Barton wrote: > >> Jiawei Ye wrote: > >> > >>> I can see that postgresql requires LOGIN, but jabberd is BEFORE:LOGIN, > >>> what is the proper solution? > >> If I understand correctly, pgsql runs as an unprivileged user, which m= eans > >> it needs to REQUIRE LOGIN. OTOH, there is no reason that jabberd shoul= d run > >> BEFORE LOGIN, and I suspect that is an artifact of copying and pasting= a > >> script that had that in it for no good reason. In fact, > >> ports/net-im/jabber/files/jabberd.sh.in does not have that line, so I = am > >> wondering what port you're working with here. > >=20 > > I'd agree that pgsql should REQUIRE LOGIN, but I think the reason is > > subtilly different. In my mind the key with LOGIN is that the system > > is ready security wise to allow users to interact with the machine via > > methods other than the administrative console. This should mean the > > secure level is elevated and any other security bootstrapping is done. > > IIRC this is actually not the case and should be fixed.=20 >=20 > That's an interesting idea, I'll have to give it some more thought. This is what LOGIN has to say for it self: # This is a dummy dependency to ensure user services such as xdm, # inetd, cron and kerberos are started after everything else, in case # the administrator has increased the system security level and # wants to delay user logins until the system is (almost) fully # operational. > >> In any case, the proper fix here seems to be to have jabber REQUIRE > >> postgresql. Try that, and if it works, you're golden. > >=20 > > There are a couple problems with "REQUIRE postgresql" in general: >=20 > I wasn't speaking in general. :) I probably should have > s/here/in your situation/ to make it more clear what I meant. I suspected that was the case, but wanted to insure this didn't get committed. > > I think the right thing is create a stub DATABASE provider that mysql > > and postgres can be BEFORE. Ports that want a database can just depend > > on that. It will insure that ordering is correct if the server is local > > without causing problems if it isn't or requiring script modifications > > for ports that can use more than one database from the same package. >=20 > No objections on my side, but I am not in a position to develop or test i= t, > since I'm not using any database stuff at the moment and don't have any > spare cycles. This topic came up on the -rc list a while back and no one = bit > the apple, so if there is a user (or committer) here who wants to work th= is > one out, please feel free to take this project up, and report your findin= gs > on freebsd-rc@. The big question in my mind is, do we make a port to do this or add it to the base? I think we'd need a port for compatability so we might just want to create one and always use it. -- Brooks --oTHb8nViIGeoXxdp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE+H3rXY6L6fI4GtQRAsdmAJ9Jy0PaTyXgC8LVUW77aa7dc2q3jgCfQpUL R5Q5EWXNruAQmrE5G5rht78= =2uul -----END PGP SIGNATURE----- --oTHb8nViIGeoXxdp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060901183731.GC15734>