Ah great - thanks Alex, I will have a look at this.
Cheers,
Alan
Alexander Malysh wrote:
Hi Alan,
please stop using run_kannel_box because it's deprecated, just use:
/.../bearerbox --daemon
/.../smsbox --daemon
Thanks,
Alex
P.S. A new init scripts for debian using --daemon option are highly
welcome...
Alan McNatty schrieb:
Hi All,
We're been on stock standard debian kannel installs for awhile now so
it's simply a matter of using kannel out of the box these days which
is great.
However we've had an ongoing annoyance running kannel on servers which
we don't maintain. I won't go into the annoying details of why but the
long and short of it is that we have to do some user hopping to tail
the logs (you have to be able to become the kannel user or root to
view the logs, group access is not enough).
The log permissons seem to be set in run_kannel_box (which is used by
default), it hard wires the umask (overriding anything set in an
init.d script or login.defs, etc) to be 077. My belief here is that
this sort of thing is an installation / configuration setting and
shouldn't be dictated in code. But better managed in (for example)
postinstall scripts and umask setting, etc. Thus making it
configurable to individual requirements, server set-up, etc.
Consider the default debian policy (for better or worse) is 022 but
the kannel user gets added with the group 'nogroup' and then finally
the umask is set to 077 by run_kannel_box for the running boxes. Would
it not make more sense / be simpler / more configurable to be
kannel.adm with an init.d umask setting to 077 (or 027). Note the
logrotate script sets the rotated logs to kannel.adm with mode 640.
Ultimately I guess I'm asking if anyone would object if this enforcing
was removed in an upstream release? All thoughts, comments, etc
welcome/appreciated.
Consider (from utils/run_kannel_box.c):
@@ -384,10 +384,6 @@
atexit(remove_pidfile);
write_pidfile();
- /* Set the umask to a known value, rather than inheriting
- * an unknown one. */
- umask(077);
-
/* Leave file descriptors 0, 1, and 2 pointing to harmless
* places, and close all other file descriptors. */
rebind_standard_streams();
I am happy to submit some debian patches to get the discussion going
also.
Cheers,
Alan
--
Alan McNatty
Catalyst IT
DDI: +64 (0)4 8032201, or
TEL: +64 (0)4 4992267