Date: Mon, 23 Jul 2012 09:41:48 +0200 (CEST) From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> To: "ming.zym@gmail.com" <ming.zym@gmail.com> Cc: "hackers@FreeBSD.org" <hackers@freebsd.org> Subject: Re: trafficserver and raw disk access in FreeBSD Message-ID: <alpine.BSF.2.00.1207230941350.7616@wojtek.tensor.gdynia.pl> In-Reply-To: <1343008044.4047.19.camel@zym6400> References: <1342963441.4162.8.camel@zym6400> <alpine.BSF.2.00.1207221702240.2621@wojtek.tensor.gdynia.pl> <1343008044.4047.19.camel@zym6400>
next in thread | previous in thread | raw e-mail | index | archive | help
> yeah, rules in devfs always work. and it may introduce more challenge on > operation management, is there any way that we can do it more clean? what challenges? > > should we set the permission for :operator g+w on disks and partitions? you still may just do chown/chmod > then we can put a dedicate user for trafficserver into operator group. > > > ? 2012-07-22?? 17:03 +0200?Wojciech Puchar??? >>> Apache Traffic Server may use raw disk for caching, and for privilege >>> elevation, the worker process(traffic_server) will setuid to nobody, my >>> question is, how to make traffic_server access the /dev/ada*? >>> >>> in linux, disk permitting is root:disk 0660, we can go with: >>> 1, setup a new user 'ats', and put it into 'disk' group >>> 2, after setuid, run initgroups() to complete the groups evn. >> >> devfs.conf > > -- > zym, Zhao Yongming. > aka: yonghao @ taobao.com >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1207230941350.7616>