In our design, BOINC applications run under a specially-created account
having a minimal set of privileges.
Previously, the applications typically ran as the user who installed BOINC,
and had the full privileges of that account.
";
function prot($user, $group, $perm) {
return "
user: $user
group: $group
protection: $perm";
}
$pp0775 = prot('boinc_project', 'boinc_project', '0775');
$mp2500 = prot('boinc_master', 'boinc_project', '0500+setgid');
$pp6551 = prot('boinc_project', 'boinc_project', '0551+setuid+setgid');
$mm0550 = prot('boinc_master', 'boinc_master', '0550');
$mm0770 = prot('boinc_master', 'boinc_master', '0770');
$mm0775 = prot('boinc_master', 'boinc_master', '0775');
$mp0775 = prot('boinc_master', 'boinc_project', '0775');
$mm2555 = prot('boinc_master', 'boinc_master', '0555+setgid');
$mm6555 = prot('boinc_master', 'boinc_master', '0555+setuid+setgid');
$ua0555 = prot('(installing user)', 'admin', '0555');
$colors = array('ddddff', 'ccccff', 'bbbbff');
function show_dir($level, $name, $prot, $contents) {
global $colors;
$color = $colors[$level];
$x = "
$name $prot |
";
for ($i=0; $i "; } echo " Our design uses two users and two groups, both specially created for use by BOINC. These users and groups are created by the installation process.
The following diagram shows user, group and permissions for the BOINC file and directory tree:
";
echo
show_dir(0, 'BOINC data', $mm0775, array(
show_dir(1, 'projects', $mm0775, array(
show_dir(2, 'setiathome.berkeley.edu', $mp0775, array(
show_file('files created by BOINC Client', $mp0775),
show_file('files created by project apps', $pp0775)
))
)),
show_dir(1, 'slots', $mm0775, array(
show_dir(2, '0', $mp0775, array(
show_file('files created by BOINC Client', $mp0775),
show_file('files created by project apps', $pp0775)
))
)),
show_dir(1, 'switcher (directory)', $mm0550, array(
show_file('switcher (executable)', $pp6551),
show_file('setprojectgrp (executable)', $mp2500)
)),
show_dir(1, 'locale', $mm0550, array(
show_dir(2, 'de', $mm0550, array(
show_file('BOINC Manager.mo', $mm0550),
show_file('wxstd.mo', $mm0550)
))
)),
show_file('account_*.xml', $mm0775),
show_file('acct_mgr_login.xml', $mm0775),
show_file('client_state.xml', $mm0775),
show_file('gui_rpc_auth.cfg', $mm0770),
show_file('sched_reply*', $mm0775),
show_file('sched_request*', $mm0775)
));
echo " Implementation notes:
|