People said
"it can be done at user level"
By the same reasoning, ACLs can be done at user-level.
"capabilities already allow you to run named non-root"
but don't allow to say specifically which port they can bind to.
"...."
and too many programs like named assume they run as root (e.g. mountd)
so that they don't work as non-root even if they can open their socket.
Without sockfs, those program won't be fixed and without those programs fixed,
sockfs will never spread.
I do admit that there is a vaguely reasonable alternative at user-level: extend
inetd to also be able to start services like sendmail, named, innd, mountd, ..
The way this would work would be along the same lines as `sendmail_start' and
`inn_start': inetd binds to the port, forks and passes the file descriptor as
an argument (it would probably have to exec sendmail and such eagerly rather
than lazily).
I've never gotten around to adding that feature to inetd, though.
If anyone's interested... this is not linux-kernel ground any more.
Stefan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/