Am Freitag 03 Februar 2017 09:00:21 schrieb Bernhard Reiter:
As for how the scheduling it done, I guess that we'll probably need one scheduling daemon for intelmq that will supervise the other processes.
Another reasons for this is separation of access control. One example for this is configuration.
Right now intelmqctl runs as the unix user who has access to the configuration files itself. If we want a different unix user (that has restricted access to intelmq resources) to change something in particular like one value, we have to implement some access control. The typical way of implementing this priviledge separation is setuid/setguid or sudo/pkexec. Both have drawback if we want only a few selected points to be accessed. Setuid priviledges a full process, sudo restricts its configuration to a set of parameters for the process.
A control daemon could just offer whatever is allowed. (Postfix uses the daemon concept nicely for priviledge separation).
Just my 2 ¢, Bernhard