Re: run_kannel_box - forcing umask to be 077

Mon, 17 Nov 2008 00:45:55 -0800 

Ah great - thanks Alex, I will have a look at this.

Cheers,
Alan

Alexander Malysh wrote:

Hi Alan,

please stop using run_kannel_box because it's deprecated, just use:
/.../bearerbox --daemon
/.../smsbox --daemon

Thanks,
Alex
P.S. A new init scripts for debian using --daemon option are highly welcome... 

Alan McNatty schrieb:

Hi All,
We're been on stock standard debian kannel installs for awhile now so it's simply a matter of using kannel out of the box these days which is great.
However we've had an ongoing annoyance running kannel on servers which we don't maintain. I won't go into the annoying details of why but the long and short of it is that we have to do some user hopping to tail the logs (you have to be able to become the kannel user or root to view the logs, group access is not enough).
The log permissons seem to be set in run_kannel_box (which is used by default), it hard wires the umask (overriding anything set in an init.d script or login.defs, etc) to be 077. My belief here is that this sort of thing is an installation / configuration setting and shouldn't be dictated in code. But better managed in (for example) postinstall scripts and umask setting, etc. Thus making it configurable to individual requirements, server set-up, etc.
Consider the default debian policy (for better or worse) is 022 but the kannel user gets added with the group 'nogroup' and then finally the umask is set to 077 by run_kannel_box for the running boxes. Would it not make more sense / be simpler / more configurable to be kannel.adm with an init.d umask setting to 077 (or 027). Note the logrotate script sets the rotated logs to kannel.adm with mode 640.
Ultimately I guess I'm asking if anyone would object if this enforcing was removed in an upstream release? All thoughts, comments, etc welcome/appreciated. 

Consider (from utils/run_kannel_box.c):

@@ -384,10 +384,6 @@
        atexit(remove_pidfile);
        write_pidfile();

-       /* Set the umask to a known value, rather than inheriting
-        * an unknown one. */
-       umask(077);
-
        /* Leave file descriptors 0, 1, and 2 pointing to harmless
         * places, and close all other file descriptors. */
        rebind_standard_streams();
I am happy to submit some debian patches to get the discussion going also. 

Cheers,
Alan








--
Alan McNatty
Catalyst IT

DDI: +64 (0)4 8032201, or
TEL: +64 (0)4 4992267

Reply via email to