On Jan 6, 2012, at 6:16 PM, Doug Barton wrote: > On 01/06/2012 08:18, Guy Helmer wrote: >> On Jan 5, 2012, at 8:58 PM, Doug Barton wrote: >> >>> On 01/05/2012 14:48, Guy Helmer wrote: >>>> Allow daemon(8) to run pidfile_open() before relenquishing >>>> privileges so pid files can be written in /var/run when started >>>> as root. >>> >>> I'm not sure how useful this is since when daemon is exiting it >>> won't be able to remove the pid file (unless I'm missing >>> something). >>> >>> Isn't it better to pre-create the pid file with the proper >>> permissions for the unprivileged user? >>> >> >> Would it be OK for daemon to hang around and wait for the child >> process to exit, then remove the pid file? > > Without having given it any kind of careful thought, that sounds Ok ... > but I don't understand how daemon could remove a pid file written as > root after it's already dropped privileges. (IOW that's the same problem > I was bringing up.) > >> The only other alternative I see would be to create a subdirectory >> that is writable by the user so the child can create and delete the >> pid file. > > That's functionally equivalent to pre-creating the pid file with the > right permissions, so it would be Ok. Various ports use each of these > approaches. I'm generally in favor of using the pid file only solution > since rc.d/cleanvar will clean all that stuff up at boot, and it's > preferable to not leave stale directories around for stuff that is no > longer running and/or installed.
Having thought about it for a while, I plan to revert the change to daemon.c that was suggested in the PR, and instead add this note to the man page: Index: daemon.8 =================================================================== --- daemon.8 (revision 230510) +++ daemon.8 (working copy) @@ -59,6 +59,10 @@ using the .Xr pidfile 3 functionality. +If the +.Fl u +option is used, the directory to contain the pidfile must be writable +by the specified user. Note, that the file will be created shortly before the process is actually executed, and will remain after the process exits (although it will be removed if the execution fails). Guy -------- This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure. _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"