chmod of some pidfiles
Kostik Belousov
kostikbel at gmail.com
Wed Apr 16 13:19:13 UTC 2008
On Wed, Apr 16, 2008 at 03:12:03PM +0200, Jille wrote:
> Hello,
>
> Today I found out some pidfiles of 'system daemons', have a 'weird' chmod.
>
> [quis at istud ~]$ ls -l /var/run/cron.pid
> -rw------- 1 root wheel 4 Mar 1 19:25 /var/run/cron.pid
>
> Can somebody tell me why it is 0600 ?
> I don't think it will harm if it is 0644 ?
>
> I think this is only useful if the security.bsd.see_other_uids sysctl is
> set to 0.
They are 0600 so that the advisory locking works reliably on them.
More details:
the daemons flock() the pidfile to indicate that it is alive. Any other
process may lock the file that can be opened for reading. Having more
permissive mode would allow anybody to lock the pidfile, falsely indicating
that the daemon is still alive, while it in fact died.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20080416/3d8e4aee/attachment.pgp
More information about the freebsd-current
mailing list