[arch-dev-public] [signoff] pkgstats 2.1-1
Pierre Schmitz
pierre at archlinux.de
Mon Sep 13 07:32:50 EDT 2010
On Mon, 13 Sep 2010 13:22:03 +0200, Dieter Plaetinck
<dieter at plaetinck.be> wrote:
> On Mon, 13 Sep 2010 13:05:26 +0200
> Pierre Schmitz <pierre at archlinux.de> wrote:
>
>> * the cron is run as nobody and not root (anyone knows how to do this
>> without sudo? no, su does not work it seems)
>
> You can setuid the file and give it a specific owner, it will be run as
> that user. If that's what you're asking.
Yes, thought about that too. But: nobody shouldn't own any files;
especially executables. And: afaik you cannot suid a shell-script. The
script is not run, but the interpreter which then runs the script.
> Also, make sure we don't ddos ourselves.
Well, collecting the data is not that expensive. But there is still
some room to make it even cheaper if needed. But afaik weekly crons are
not executed at the same milisecond and there are also different time
zones and not every clock is in sync.
--
Pierre Schmitz, https://users.archlinux.de/~pierre
More information about the arch-dev-public
mailing list