Re: preferences api

[Richard Frith-Macdonald]

On 16 Aug 2004, at 06:30, Rogelio M.Serrano Jr. wrote:

> On 2004-08-16 12:53:10 +0800 Richard Frith-Macdonald 
> <richard@brainstorm.co.uk> wrote:
>
> [snipped...]
> > No, there is a single user defaults database for each user.
> > > This still leaves my original question unanswered. How do system 
> > > daemons store and access their configs in GNUstep?
> > Exactly like any other program ...they use the user defaults database 
> > belonging to the user they are running as.
> > As a general principle of security, a daemon should not run as root 
> > unless it really needs to, but if it did, it would use the root user 
> > defaults database.
> > All the daemon (24*7 server) processes I write for the company I work 
> > for are expected (for security) to run as a well known user.  When we 
> > install our software, we set up a user account for it, and the 
> > processes check (on startup) that they are running as the expected 
> > user.
> > I don't think daemons are a problem for the current user defaults 
> > system at all ...
> [snipped..]
>
> I see. So all daemons need to have a home directory where the defaults 
> files will be stored?
Yes ... normally all users have a home directory, so you have to *work* 
at not having one!

> Management of the daemon will require login as that user before you 
> run the management apps. Or should root run the management apps and 
> change identity?
You can do either, but it's conventional for daemons to be run on 
system startup.  The system startup scripts run as root and change 
identity to start individual systems.

> Thats one of the issue for the prgrams i wrote because they dont have 
home directories. I just put them in /etc for now.

I'm not sure what you mean by this ... programs don't have 
home directories under unix ... users do.
Programs are run by/as particular users.

> But it does not work with NSUserDefaults at all.
On most systems, unless you work hard to prevent things working, they 
will work fine.

> Should we add /etc to the NSUserDefaults path?

There isn't an NSUserDefaults path.
The user defaults files are (normally) located in a subdirectory of the 
users home directory, but may be located elsewhere if the .GNUsteprc 
file configures it so.

> Im going to use selinux later and im going to run them as root anyway.
Running daemons as root is a really, really bad idea ... you need to be 
VERY careful about the code.

> And have a group of administrators. Where do we put the file with 
> access to these administrators without exposing roots settings? 
> Another user?

You could have a copy of the 'defaults' program setuid to root and with 
execute access for the group members.
The defaults database would be in root's home directory as normal.