Default service user

[Вячеслав Матюхин]

I'm not sure if this letter will be helpful to anyone, but i've just thought about this design choice I'm not sure about yet, and braindumping it into ML will do no harm :)

As you probably know, ubic services can specify custom user from which they are running.
Default user is root.
If current user is root and service user is not root, ubic forks and replaces effective uid before creating any status/lock files, so that if you'll accidentally say "ubic start" from root, you will not break anything.

So it all "just works", but i've got a question about default user:
maybe it should be changed from root to owner of service file?

I see two benefits:
1) some host administrators would change /etc/ubic/service (or its subdir) grants to 777 or 775 and allow everyone to add their own services;
2) simplifying tests.

Small explanation for people who never tested their services: it is completely possible to start ubic services in local sandbox environment when testing your programs.
It just requires some boilerplate code (which could be wrapped in use Test::Ubic, BTW, if we can agree on policy issues):
Ubic->set_service_dir('etc/ubic/service');
Ubic->set_ubic_dir('tfiles/ubic');

When testing services in this way, it is necessary to override user, via %ENV or messing with configuration, for example:
Ubic::SomeService->new(
...,
user => $ENV{TEST_USER} || 'www-data',
);

So, if default user will be equal to the service file's owner, this part of testing will become easier.
On the other hand, to completely get rid of setting service user, you'd have to chown service file on installation instead.

I'm assuming here direct service <-> mapping, which is not true because of custom multiservices.
So I don't know yet how exactly user calculation can be expressed in code, but it should be possible.

There are also some security issues.
In case of 777-chmoded service dir, anyone could write a service and set user => "root".
This could be solved if ubic changed effective uid to file owner's uid even before file compilation, at least in cases when service user has fewer grants than current user.
(i'm going to implement this anyway, independently of choice about default user, BTW).

--
Vyacheslav Matyukhin
http://github.com/berekuk
http://friendfeed.com/mmcleric
http://berekuk.ru

[bessarabov]

For now I can't imagine situation when it is needed to grand non admin
users permissions for creating new ubic services.
As I understand (but I have never tried) now It is possible to install
ubic in your home dir and to run it without root account.
This is more difficult that just adding some file to /etc/ubic/
services, but if I'm not mistaken, it is also possible.
I'm not sure that I will find the use of this feature (maybe for
others it will be killer feature, but I can't say for them =).

By the way, please continue braindumping (what a beautiful word =) to
this maillist - it's very interesting to know what are your thoughts
about ubic's future.