Hi Alan,
your patch looks ok, but I would like to see a user settings in the init
script because it's not good if kannel runs as root.
Could you add some configuration or something like this to use kannel's
start option '--user XYZ'?
Thanks,
Alex
Alan McNatty schrieb:
Hi Alex,
How about this simple change for default kannel init.d script. Does this
look sensible?
If this looks ok I can proceed to remove run_kannel_box from the
relevant builds, etc (I guess it can stay in utils and docs).
Cheers,
Alan
Alexander Malysh wrote:
Hi Alan,
please stop using run_kannel_box because it's deprecated, just use:
/.../bearerbox --daemon
/.../smsbox --daemon
Thanks,
Alex
P.S. A new init scripts for debian using --daemon option are highly
welcome...
Alan McNatty schrieb:
Hi All,
We're been on stock standard debian kannel installs for awhile now so
it's simply a matter of using kannel out of the box these days which
is great.
However we've had an ongoing annoyance running kannel on servers
which we don't maintain. I won't go into the annoying details of why
but the long and short of it is that we have to do some user hopping
to tail the logs (you have to be able to become the kannel user or
root to view the logs, group access is not enough).
The log permissons seem to be set in run_kannel_box (which is used by
default), it hard wires the umask (overriding anything set in an
init.d script or login.defs, etc) to be 077. My belief here is that
this sort of thing is an installation / configuration setting and
shouldn't be dictated in code. But better managed in (for example)
postinstall scripts and umask setting, etc. Thus making it
configurable to individual requirements, server set-up, etc.
Consider the default debian policy (for better or worse) is 022 but
the kannel user gets added with the group 'nogroup' and then finally
the umask is set to 077 by run_kannel_box for the running boxes.
Would it not make more sense / be simpler / more configurable to be
kannel.adm with an init.d umask setting to 077 (or 027). Note the
logrotate script sets the rotated logs to kannel.adm with mode 640.
Ultimately I guess I'm asking if anyone would object if this
enforcing was removed in an upstream release? All thoughts, comments,
etc welcome/appreciated.
Consider (from utils/run_kannel_box.c):
@@ -384,10 +384,6 @@
atexit(remove_pidfile);
write_pidfile();
- /* Set the umask to a known value, rather than inheriting
- * an unknown one. */
- umask(077);
-
/* Leave file descriptors 0, 1, and 2 pointing to harmless
* places, and close all other file descriptors. */
rebind_standard_streams();
I am happy to submit some debian patches to get the discussion going
also.
Cheers,
Alan
