It is possible in the way described below, though with the understanding that this does not provide the security that you are probably after. We are working on a new security architecture which will solve the security problems.
You can start several daemons on a node as different users and have them bind to the root process as "sub-processes". You do this by, for example, taking a copy of the sfDaemon process and editing the line that contains the Java command. Set the sfProcessName to something other that "rootProcess".
Once you have run the modified command, the root process will contain a sub-process with the name given. You then use the sfProcessName attribute in the sfConfig for that part that you wish to deploy in that subprocess. If the process is not already present, created as described above, it will be transparently created with the same user as the root process, which is not what you want, so manual creation is required as the first step.
Note that this does not stop components in the sub-process from deploying back into the root process - so this is really only an illusion of security but can help in accidentally running execs as the wrong user, for example. (We haven't added a mechanism to do the sub-process/different-user automatically as it makes it appear rather more secure than we know it to be.)
The better approach, but it is more work, would be to start two seperate domains of SmartFrog - on different ports with different security credentials running in the two seperate user accounts. Then write a set of proxy comiponents that allow only the operations that are valid betweens two domains. Roughly speaking, the next generation of the security infrastructure will provide automated ways of doing this.
Hope this helps,
-----Original Message-----
From: [] On Behalf Of Khargharia, Bithika
Sent: 22 October 2004 18:11
Subject: [Smartfrog-support] sfDaemon question



I am deploying components on a single machine as part of a workflow. The initial few components require sfDaemon to be root while the rest of the components require it to be any non-root user. Within the single sfConfig, how do I achieve this? Any ideas