non-root process and PID files
Andrew J Caines
A.J.Caines at halplant.com
Tue Nov 11 17:52:42 PST 2003
On Mon, Oct 27, 2003 at 10:31:18AM -0500, Dan Langille wrote:
> If a process starts up and does a setuid, should it be writing the
> PID file before or after the setuid?
After of course, since to do so before is using UID 0 to solve the wrong
problem and creates the removal problem.
> Any suggestions?
Set /var/run to 1777 if you don't have untrusted users, or 1770 with
daemons in the owning group if you do. I don't see any obvious serious
problem introduced by doing this.
My /var/run is on a small mfs. I don't recall if this is (now) default on
install.
Jos Backus said...
> Why use pid files at all if you could be using a process supervisor instead?
Because this requires the overhead of making the system, tools and admins
familiar with the supervisor system. Then there's the resource overhead,
the extra stuff to configure, etc. That hasn't stopped me putting my DNS
cache, web server and distributed.net client under the watchful eye of
supervise(8) (from DJB's daemontools[1]), though.
[1] sysutils/daemontools, http://cr.yp.to/daemontools.html
-Andrew-
--
_______________________________________________________________________
| -Andrew J. Caines- Unix Systems Engineer A.J.Caines at halplant.com |
| "They that can give up essential liberty to obtain a little temporary |
| safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |
More information about the freebsd-hackers
mailing list