Two wishes: run as system undex Win, disable remote_gui
26 Feb 2005 17:48:49 UTC
Topic 188053
(moderation:
First, I'd like the boinc to run as 'local system' under WinNT/2K/XP. The service is installing and running as specified user. However I have the situation, where user passwords are changed quite often. It would by nice if I can install boinc as 'local system'.
Or maybe it would work if I just go to the services and change the logon from 'user' to 'local system' ??
And second (i noticed it only under linux). There is switch -allow_remote_gui_rpc. I don't use it. But even that I don't use it, boinc still binds a network port and listen.
Could You add new switch, which would disable it. Or becouse there is already switch -allow..., maybe boinc shouldn't listen on network unless the switch is used.
Two wishes: run as system undex Win, disable remote_gui
)
> First, I'd like the boinc to run as 'local system' under WinNT/2K/XP. The
> service is installing and running as specified user. However I have the
> situation, where user passwords are changed quite often. It would by nice if I
> can install boinc as 'local system'.
> Or maybe it would work if I just go to the services and change the logon from
> 'user' to 'local system' ??
Yes, this works. I do it myself on three of my machines (the other effect is that the screen saver works in this mode as well if you allow interaction with the desktop).
>
> And second (i noticed it only under linux). There is switch
> -allow_remote_gui_rpc. I don't use it. But even that I don't use it, boinc
> still binds a network port and listen.
> Could You add new switch, which would disable it. Or becouse there is already
> switch -allow..., maybe boinc shouldn't listen on network unless the switch is
> used.
>
The local GUI uses the same port.
BOINC WIKI
Ad 1) Indeed it works ! Well,
)
Ad 1)
Indeed it works !
Well, I still think, that there should be an option during installation, to instal the service to run as a 'local system'.
Ad 2)
As the Linux is more 'multiuser' than windows I still would like to have a way disable boinc listening on network port.
That's becouse I don't line the idea that another user can connect to boinc ans spy it and manage it!
And moreover, if he find some weakness (as it's open source), he could run a shell with my privileges!
> As the Linux is more
)
> As the Linux is more 'multiuser' than windows I still would like to have a way
> disable boinc listening on network port.
> That's becouse I don't line the idea that another user can connect to boinc
> ans spy it and manage it!
> And moreover, if he find some weakness (as it's open source), he could run a
> shell with my privileges!
If you use the remote_hosts.cfg file approach instead of the command line option, only machines listed in that file will be able to connect.
Be lucky,
Neil
Whatever remote_hosts.cfg is
)
Whatever remote_hosts.cfg is - haven't seen it.
But, even if I put there 127.0.0.1, other users logged into system will be able to connect, spy and manage boinc running by me (or maybe even exploit).
I checked it - there's no authorization in the protocol between GUI and client.
> Whatever remote_hosts.cfg
)
> Whatever remote_hosts.cfg is - haven't seen it.
> But, even if I put there 127.0.0.1, other users logged into system will be
> able to connect, spy and manage boinc running by me (or maybe even exploit).
> I checked it - there's no authorization in the protocol between GUI and
> client.
>
If you no not put remote_hosts.cfg or add -allow_remote_hosts, all connections EXCEPT 127.0.0.1 will be refused. If you place remote_hosts.cfg in your BOINC directory, you can determine by DHCP hame or IP number who gets to connect. Everything else will just be refused.
BOINC WIKI
How do you run BOINC client
)
How do you run BOINC client (4.24) as a service under WinXP?
Where do you get the "boinc_cli.exe" executable needed for service?
There is no such file in the BOINC install folder or am I missing something?