svn commit: r229667 - head/usr.sbin/daemon

Doug Barton dougb at FreeBSD.org
Sat Jan 7 00:16:15 UTC 2012


On 01/06/2012 08:18, Guy Helmer wrote:
> On Jan 5, 2012, at 8:58 PM, Doug Barton wrote:
> 
>> On 01/05/2012 14:48, Guy Helmer wrote:
>>> Allow daemon(8) to run pidfile_open() before relenquishing
>>> privileges so pid files can be written in /var/run when started
>>> as root.
>> 
>> I'm not sure how useful this is since when daemon is exiting it
>> won't be able to remove the pid file (unless I'm missing
>> something).
>> 
>> Isn't it better to pre-create the pid file with the proper
>> permissions for the unprivileged user?
>> 
> 
> Would it be OK for daemon to hang around and wait for the child
> process to exit, then remove the pid file?

Without having given it any kind of careful thought, that sounds Ok ...
but I don't understand how daemon could remove a pid file written as
root after it's already dropped privileges. (IOW that's the same problem
I was bringing up.)

> The only other alternative I see would be to create a subdirectory
> that is writable by the user so the child can create and delete the
> pid file.

That's functionally equivalent to pre-creating the pid file with the
right permissions, so it would be Ok. Various ports use each of these
approaches. I'm generally in favor of using the pid file only solution
since rc.d/cleanvar will clean all that stuff up at boot, and it's
preferable to not leave stale directories around for stuff that is no
longer running and/or installed.


Doug

-- 

	You can observe a lot just by watching.	-- Yogi Berra

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/



More information about the svn-src-head mailing list