[Intelmq-dev] How to implement process contol (Re: Run modes + Systemd + Crontab)
Bernhard Reiter
bernhard at intevation.de
Mon Feb 13 13:59:07 CET 2017
Am Freitag 03 Februar 2017 09:00:21 schrieb Bernhard Reiter:
> As for how the scheduling it done, I guess that we'll probably need one
> scheduling daemon for intelmq that will supervise the other processes.
Another reasons for this is separation of access control.
One example for this is configuration.
Right now intelmqctl runs as the unix user who has access to
the configuration files itself. If we want a different unix user (that has
restricted access to intelmq resources) to change something in particular
like one value, we have to implement some access control.
The typical way of implementing this priviledge separation is setuid/setguid
or sudo/pkexec. Both have drawback if we want only a few selected points to be
accessed. Setuid priviledges a full process, sudo restricts its configuration
to a set of parameters for the process.
A control daemon could just offer whatever is allowed. (Postfix uses the
daemon concept nicely for priviledge separation).
Just my 2 ¢,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20170213/0cc87235/attachment.sig>
More information about the Intelmq-dev
mailing list