Date: Tue, 11 Nov 2003 20:52:39 -0500 From: Andrew J Caines <A.J.Caines@halplant.com> To: freebsd-hackers@freebsd.org Subject: Re: non-root process and PID files Message-ID: <20031112015239.GM22572@hal9000.halplant.com> In-Reply-To: <20031111071944.GA5778@lizzy.catnook.com> References: <3F9CF3F6.8307.ABC1250@localhost> <20031111071944.GA5778@lizzy.catnook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 27, 2003 at 10:31:18AM -0500, Dan Langille wrote: > If a process starts up and does a setuid, should it be writing the > PID file before or after the setuid? After of course, since to do so before is using UID 0 to solve the wrong problem and creates the removal problem. > Any suggestions? Set /var/run to 1777 if you don't have untrusted users, or 1770 with daemons in the owning group if you do. I don't see any obvious serious problem introduced by doing this. My /var/run is on a small mfs. I don't recall if this is (now) default on install. Jos Backus said... > Why use pid files at all if you could be using a process supervisor instead? Because this requires the overhead of making the system, tools and admins familiar with the supervisor system. Then there's the resource overhead, the extra stuff to configure, etc. That hasn't stopped me putting my DNS cache, web server and distributed.net client under the watchful eye of supervise(8) (from DJB's daemontools[1]), though. [1] sysutils/daemontools, http://cr.yp.to/daemontools.html -Andrew- -- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@halplant.com | | "They that can give up essential liberty to obtain a little temporary | | safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031112015239.GM22572>