[tahoe-dev] different uids, and multiple introducer/client/server nodes on one box

Greg Troxel gdt at ir.bbn.com
Fri Jul 23 20:52:25 UTC 2010


I can see how Tahoe uses the POLA in cryptographic design, but it seems
one should also approach host operation in the same way.  In
contemplating setting this up, I'm inclined to

  Have an introducer on a particularly reliable machine (really, one I
  have to fix quickly anyway).

  Run the introducer node as a service uid, like tahoe.tahoe, similar to
  how one runs servers as an unprivileged user.

  Run a server node as a service uid, perhaps the same as above, on many
  machines.  This would mean introducer and server would have same uid.
  Or tahoei and tahoes.   I don't see a real reason to separate them.

  Either

    A) Run the client as me, so I can interact with it.

  or

    B) Run the client as tahoec, because it interacts with people via
    capabilities and the WAPI, so it doesn't matter that it's the same
    uid as the person using it.

I think A might be needed, because the command-line program uses
private/aliases.  But perhaps if I symlink node.url from my ~/.tahoe to
the tahoec client, all is well, and I can separate the command-line
client and the node instance.

Is this what others do?  Does it make sense?
Will it work to run three nodes on one system?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20100723/b6c6a98d/attachment.pgp>


More information about the tahoe-dev mailing list