Discussion:
binkd r608 ebuild
(too old to reply)
Benny Pedersen
2012-04-10 22:06:18 UTC
Permalink
Hello All!

just created now, will make more gentoo/funtoo modified so its better layout,
and hopefully also create the xinetd startup and make it non root needed, does
not make sense to have binkd running as root when ports is over 1024

my question here is so, can binkd be coded to start as root, and drop
privileges as apache does it ?, that way conf files can be like binkd make file
suggest to do, but do anyone do it like that ?


Regards Benny

... there can only be one way of life, and it works :)
Scott Street
2012-04-11 05:31:44 UTC
Permalink
On 4/11/12 12:06 AM, Benny Pedersen -> All wrote:

BP> just created now, will make more gentoo/funtoo modified so its better
BP> layout, and hopefully also create the xinetd startup and make it non
BP> root needed, does not make sense to have binkd running as root when
BP> ports is over 1024

I've never needed to run binkd as root. Especially on Gentoo. I have a user
setup just to run the Fido operations. This user has all the binaries and
config files needed in its home directory.
(/home/%user%/bin,.../lib,.../include, etc)

BP> my question here is so, can binkd be coded to start as root, and drop
BP> privileges as apache does it ?, that way conf files can be like binkd
BP> make file suggest to do, but do anyone do it like that ?

Don't need to, examine this Gentoo init script for binkd:


---begin script---
#!/sbin/runscript

depend() {
need net localmount
use dns logger clock wlan
after bootmisc hostname
}

start() {
ebegin "Starting binkd"
export LD_LIBRARY_PATH=/home/fidonet/lib
start-stop-daemon --start --user ${BINKD_USER} --exec /usr/bin/binkd
--pidfile ${BINKD_PID} -- ${BINKD_OPTIONS} ${BINKD_CFG}
eend $?
}

stop() {
ebegin "Stopping binkd"
start-stop-daemon --stop --user ${BINKD_USER} --exec /usr/bin/binkd
--pidfile ${BINKD_PID}
eend $?
}
---end script---

---/etc/conf.d/binkd---
# /etc/conf.d/binkd: config file for /etc/init.d/binkd

# Options to pass to the binkd daemon.
# See the binkd(8) man page for more info.

# dont use root
BINKD_USER="fidonet"

# change xpoint to what user dir is home dir
BINKD_CFG="/home/fidonet/etc/binkd.conf"

# pid file must be in homedir
BINKD_PID="/home/fidonet/var/binkd.pid"

# options to run as daemon
BINKD_OPTIONS="-CDmr"
---end binkd---


This is all sources from the Fidonet Overlay
(http://gpo.zugaina.org/Overlays/fidonet)

Looks like build 608 just arrived too!
Benny Pedersen
2012-04-12 00:46:30 UTC
Permalink
Hello Scott!

11 Apr 2012 09:31, Scott Street wrote to Benny Pedersen:

SS> export LD_LIBRARY_PATH=/home/fidonet/lib

bah :)

ldd binkd reports no non system libs here

who invented that idear ?

SS> -+-/etc/conf.d/binkd---

SS> This is all sources from the Fidonet Overlay
SS> (http://gpo.zugaina.org/Overlays/fidonet)

synced from my overlay, funny users out there, i dont blame them, but just make
another url is not making the work in layman

SS> Looks like build 608 just arrived too!

yep just added, and it compiles just fine here, but thanks for suggestions
about binkd, also what i had in mind, but still miss to make more complete,
final wish is that ebuild can configure binkd.conf and /etc/conf.d/binkd holds
info on what user binkd runs as, so tossers can read/delete bundles incomming
and outbound after sending

imho binkd should NOT be in /home path, not even for fun


Regards Benny

... there can only be one way of life, and it works :)
Scott Street
2012-04-12 07:07:02 UTC
Permalink
On 4/12/12 2:46 AM, Benny Pedersen -> Scott Street wrote:
SS>> export LD_LIBRARY_PATH=/home/fidonet/lib

BP> bah :)

BP> ldd binkd reports no non system libs here

BP> who invented that idear ?

That would have been me -- I like to have everything separate; I didn't want
applications for a single user to be populated into the standard filesystem
layout. It is HPT that needs the additional libraries.

SS>> This is all sources from the Fidonet Overlay
SS>> (http://gpo.zugaina.org/Overlays/fidonet)

BP> synced from my overlay, funny users out there, i dont blame them, but
BP> just make another url is not making the work in layman

AH, I found this one by accident. I ending up 'borrowing' the init script and
config file, but compiled binkd, and husky (unstable, latest from source
repository) by hand. I even compiled jamnntpd-smapi against the latest; which
fixed a few annoyances (especially the last read index missing crud).

BP> yep just added, and it compiles just fine here, but thanks for
BP> suggestions about binkd, also what i had in mind, but still miss to make
BP> more complete, final wish is that ebuild can configure binkd.conf and
BP> /etc/conf.d/binkd holds info on what user binkd runs as, so tossers can
BP> read/delete bundles incomming and outbound after sending

I suppose if the Gentoo community could agree on the 'default' username for
fido operations - then it would be possible.

BP> imho binkd should NOT be in /home path, not even for fun

True, at some point I'll cleanup and move all the binaries to the standard
layout. However, it is working so well I hate to mess with it too much.

I was running MBSE for a very long time, however, it had become a whole lot
more software then I was ever using, which had EVERYTHING in /opt/mbse -- so I
was used to having a user directory do all the work. I'm down to binkd, hpt,
and jamnntpd for just about everything I ned to do.

And so far so good on binkd/1.0a-608, compiled cleanly and went right to work
without config changes.
Scott Street
2012-04-11 14:00:13 UTC
Permalink
On 4/11/12 12:06 AM, Benny Pedersen -> All wrote:

BP> just created now, will make more gentoo/funtoo modified so its better
BP> layout, and hopefully also create the xinetd startup and make it non
BP> root needed, does not make sense to have binkd running as root when
BP> ports is over 1024

I've never needed to run binkd as root. Especially on Gentoo. I have a user
setup just to run the Fido operations. This user has all the binaries and
config files needed in its home directory.
(/home/%user%/bin,.../lib,.../include, etc)

BP> my question here is so, can binkd be coded to start as root, and drop
BP> privileges as apache does it ?, that way conf files can be like binkd
BP> make file suggest to do, but do anyone do it like that ?

Don't need to, examine this Gentoo init script for binkd:


- ---begin script---
#!/sbin/runscript

depend() {
need net localmount
use dns logger clock wlan
after bootmisc hostname
}

start() {
ebegin "Starting binkd"
export LD_LIBRARY_PATH=/home/fidonet/lib
start-stop-daemon --start --user ${BINKD_USER} --exec /usr/bin/binkd
--pidfile ${BINKD_PID} -- ${BINKD_OPTIONS} ${BINKD_CFG}
eend $?
}

stop() {
ebegin "Stopping binkd"
start-stop-daemon --stop --user ${BINKD_USER} --exec /usr/bin/binkd
--pidfile ${BINKD_PID}
eend $?
}
- ---end script---

- ---/etc/conf.d/binkd---
# /etc/conf.d/binkd: config file for /etc/init.d/binkd

# Options to pass to the binkd daemon.
# See the binkd(8) man page for more info.

# dont use root
BINKD_USER="fidonet"

# change xpoint to what user dir is home dir
BINKD_CFG="/home/fidonet/etc/binkd.conf"

# pid file must be in homedir
BINKD_PID="/home/fidonet/var/binkd.pid"

# options to run as daemon
BINKD_OPTIONS="-CDmr"
- ---end binkd---


This is all sources from the Fidonet Overlay
(http://gpo.zugaina.org/Overlays/fidonet)

Looks like build 608 just arrived too!

---
* Origin: -=[ Space Station Alpha ]=- (1:266/420)
Stas Degteff
2012-04-21 15:45:00 UTC
Permalink
Hello Benny!

11 Apr 12 02:06, you wrote to All:

BP> my question here is so, can binkd be coded to start as root, and drop
BP> privileges as apache does it ?, that way conf files can be like binkd
BP> make file suggest to do, but do anyone do it like that ?

I known nothing about Gentoo, but normal way to run binkd at system boot are:

su ftn -l -c "/usr/bin/binkd -D /ftn/etc/binkd.conf"

where "ftn" - dedicated user for the all fido node software and data, "/ftn" -
home directory of user ftn.

Stas
Jabber-ID: ***@grumbler.org
GPG key 0x72186DB9 (keyserver: hkp://wwwkeys.eu.pgp.net)

... Golded+, Husky & RNTrack maintainer, Binkd developer&webmaster
Loading...