Date: Thu, 30 Oct 2003 11:31:53 +1100 From: Christopher Vance <vance@aurema.com> To: "Dan Langille" <dan@langille.org> Cc: freebsd-hackers@freebsd.org Subject: Re: non-root process and PID files Message-ID: <20031030003153.GC16553@aurema.com> In-Reply-To: <3F9CF3F6.8307.ABC1250@localhost> References: <3F9CF3F6.8307.ABC1250@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 27, 2003 at 10:31:18AM -0500, Dan Langille wrote: >If a process starts up and does a setuid, should it be writing the >PID file before or after the setuid? > >Two methods exists AFAIK: > >1 - write your PID immediately, and the file is chown root:wheel >2 - write your PID to /var/run/myapp/myapp.pid where /var/run/myapp/ > is chown myapp:myapp > >Of the two, I think #1 is cleaner as it does not require another >directory with special permissions. You can already mark a fd 'close on exec'. May I suggest a different feature: the ability to mark an open file (not just its fd) 'remove on close', with permission checked at mark time rather than close time (this status forgotten if not permitted when set) and the unlink actually done at close time only if the file has exactly one link and one open file instance at that time. That way your server can start as root open file to write/update downgrade/reopen file to readonly mark remove on close setuid non-root Or you could call it a future unlink. I'm sure there are holes in it, and I won't claim to have tried it, ... -- Christopher Vance
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031030003153.GC16553>