[distcc] Allowing non-root users to kill and start distccd
Dan Sturtevant
sturtx at gmail.com
Sat Jun 3 00:28:57 GMT 2006
Hi,
I'm setting up distcc in my organization. I've built a "proof of concept"
cluster of about 30 SuSE 64 bit Opterons. I plan to get this working on 32
bit Debian machines, Solaris boxes and Mac OSX boxes as well, and need to
set up init scripts for each.
In addition, I need to allow users to stop/suspend the daemon when they
don't want the load on their computer. I've started doing the following:
- Change distccd to be a SUID executable so that users can do
"/etc/init.d/distccd start".
- Modify the "start-stop-daemon" open source C program to hard code all
values for location of the binary and make it only do "stop".
Rename the executable to "distccd-stop". Also make this executable
SUID.
- Use "distccd-stop" inside "/etc/init.d/distccd stop"
I'm also planning on adding:
- Something like "/etc/init.d/distccd temporarystop 4" which would stop the
daemon for 4 hours but start an "at" job to restart it after a
limited period of time. Maybe only allow root to call "stop" and only
allow non-root users to do "temporarystop" somehow.
- "/etc/init.d/distccd start 2" which would tell distccd to accept an
opitonal number of simultaneous connections.
2 questions:
1. Is allowing users to start/stop the daemon on thier own machinies a
good/bad, commonly/uncommonly done thing?
2. I don't care too much about security in this environment, but don't want
to do anything rediculously stupid either. Is this a decent strategy?
I'll upload my OSX and Solaris init scripts and distccd-stop.c when they're
ready if anyone thinks they would be useful.
Thanks for any insight.
-Dan Sturtevant
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the distcc
mailing list