From owner-freebsd-hackers@FreeBSD.ORG Tue Nov 11 17:52:42 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A2C7C16A4CE for ; Tue, 11 Nov 2003 17:52:42 -0800 (PST) Received: from lakemtao04.cox.net (lakemtao04.cox.net [68.1.17.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05B9A43F3F for ; Tue, 11 Nov 2003 17:52:41 -0800 (PST) (envelope-from A.J.Caines@halplant.com) Received: from mail.halplant.com ([68.100.200.14]) by lakemtao04.cox.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031112015240.NBDI19895.lakemtao04.cox.net@mail.halplant.com> for ; Tue, 11 Nov 2003 20:52:40 -0500 Received: by mail.halplant.com (Postfix, from userid 1001) id B6A33A4; Tue, 11 Nov 2003 20:52:39 -0500 (EST) Date: Tue, 11 Nov 2003 20:52:39 -0500 From: Andrew J Caines To: freebsd-hackers@freebsd.org Message-ID: <20031112015239.GM22572@hal9000.halplant.com> Mail-Followup-To: freebsd-hackers@freebsd.org References: <3F9CF3F6.8307.ABC1250@localhost> <20031111071944.GA5778@lizzy.catnook.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031111071944.GA5778@lizzy.catnook.com> Organization: H.A.L. Plant X-PGP-Fingerprint: C59A 2F74 1139 9432 B457 0B61 DDF2 AA61 67C3 18A1 X-Powered-by: FreeBSD 4.9-STABLE X-URL: http://halplant.com:88/ X-Yahoo-Profile: AJ_Z0 X-ICQ: 283813972 Importance: Normal User-Agent: Mutt/1.5.4i Subject: Re: non-root process and PID files X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrew J Caines List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Nov 2003 01:52:42 -0000 On Mon, Oct 27, 2003 at 10:31:18AM -0500, Dan Langille wrote: > If a process starts up and does a setuid, should it be writing the > PID file before or after the setuid? After of course, since to do so before is using UID 0 to solve the wrong problem and creates the removal problem. > Any suggestions? Set /var/run to 1777 if you don't have untrusted users, or 1770 with daemons in the owning group if you do. I don't see any obvious serious problem introduced by doing this. My /var/run is on a small mfs. I don't recall if this is (now) default on install. Jos Backus said... > Why use pid files at all if you could be using a process supervisor instead? Because this requires the overhead of making the system, tools and admins familiar with the supervisor system. Then there's the resource overhead, the extra stuff to configure, etc. That hasn't stopped me putting my DNS cache, web server and distributed.net client under the watchful eye of supervise(8) (from DJB's daemontools[1]), though. [1] sysutils/daemontools, http://cr.yp.to/daemontools.html -Andrew- -- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@halplant.com | | "They that can give up essential liberty to obtain a little temporary | | safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |