Frontier as Root

Samuel Reynolds sam at spinwardstars.com
Wed Nov 13 08:41:33 PST 2002 

>I have people uploading folders of files to an OS X server. Frontier 
>runs a thread that loops over the folders and nomalizes the file 
>names.
>
>When I was debugging this process, I would upload a folder and 
>everything would run fast and smooth. But when other users do it, the 
>scripts run, but so slowly that is is unusable.
>
>The problem turns out to be file ownership. Since these people are 
>users on the server, they are the owners of the files and folders. If 
>I change the owner and the privileges to match mine, everything works 
>as expected. In fact, I can't even run the scripts manually - I get a 
>permissions violation at the point that Frontier tries to rename the 
>files.
>
>Frontier is running with my privileges, since it launches under my 
>login. So I see 2 options:
>
>1) Check the owners of files and folders and change them using 
>Frontier's ability to run terminal commands. This would be a 
>performance hit and add unwanted complexity.
>
>2) Run Frontier as Root. Yes, yes, I know it's bad bad bad. 
>But...would it solve my problem? And how would I do it?

It would solve this problem, and introduce a boatload of
security issues.

>Another thought: Is it possible to increase Frontier's privileges so 
>that it can change these files *without* running as root?
>-- 
>Brian Ablaza
>Chief Technology Officer
>Star Interactive
>
>856.488.2015

Try making Frontier and your file uploader users members of the
same *group*, and giving that group default read/write permissions
to the files and to the directory they are uploaded to. (I don't
recall the proper config/commands for this offhand, but it's
A Unix Thing.)

Overall, I'd say something like the following would be good
(again, I don't know the commands, but it should be very doable).
(This is a Unix approach; I'm not certain it will work with
OS-X, but it should.)

1. Create a User "Frontier". Make it a member of
   a group "FrontierGroup" (or whatever).

2. Create a system startup script that start and detaches
   a process running Frontier as user "Frontier". (This may
   cause problems with Frontier due to the lack of GUI; I
   don't know.)

3. Make all users who need to upload files to Frontier
   members of the group "FrontierGroup".

A possible alternate approach:
You don't indicate whether the folder uploads are done
via Frontier, FTP, or ?? It sounds like they're doing
FTP uploads.

You could, instead, have them upload the folders/files
via Frontier. Set up one Manila site with Filer to
do uploads. (I could add a multiple-file upload screen,
if that would help.) Or write (or have somebody [me?])
write a folder/file-upload utility that calls a Frontier
URL to post each file, and give a copy to each user.
Then Frontier could easily normalize names as part of
processing the uploads.

- Sam
- - - - - - - - - - - - - - - - - - - - - - - - - -
I'm currently looking for a new position/contract.
Resume at http://spinwardstars.com/vitae/
- - - - - - - - - - - - - - - - - - - - - - - - - -
_____________________________________________
Samuel Reynolds         sam at spinwardstars.com
Spinward Stars: http://www.spinwardstars.com/

More information about the Frontier-Users mailing list