Re: /var/run permissions

To: debian-devel@lists.debian.org
Subject: Re: /var/run permissions
From: Jean Pierre LeJacq <jplejacq@quoininc.com>
Date: Mon, 12 Apr 1999 23:31:25 -0400 (EDT)
Message-id: <[🔎] m10Wtv8-000b9jC@mail.quoininc.com>
In-reply-to: <[🔎] 99041112491401.18695@lyta>

On Sun, 11 Apr 1999, Russell Coker wrote:

> I have just been playing with the new authbind package (excellent work Ian). 
> It works fine however I do have problems with daemons wanting to write to
> /var/run.  If daemons were configured to truncate the pid file in /var/run on
> exit then I could just put appropriate files in there with appropriate
> ownership and things would be fine.
> However most daemons want to create a file in /var/run at startup and delete it
> at exit.  This means that the daemon needs write access to /var/run.  On my
> test machine I have changed /var/run to be owned by group daemon, world and
> group writable, and have the sticky bit set.  This means that any daemon can
> write a file there but daemons can't overwrite each other's files.
> 
> What do you think of this idea?  To take advantage of authbind we need to do
> something about /var/run.  My changes work, I believe that they (or some better
> alternative that someone here comes up with) should be implemented.

I have the same problem with the WN HTTP server.

My reading of the FHS doesn't address the permissions issue so I
believe your proposal would be FHS compatible.

What would make your proposal different than the /tmp directory?
Could we have the same well known security issues with /var/run?

-- 
Jean Pierre

Reply to:

Follow-Ups:
- Re: /var/run permissions
  - From: Russell Coker <russell@coker.com.au>

References:
- /var/run permissions
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Intent to package GNU Finger
Next by Date: Re: not using debian as firewall!
Previous by thread: /var/run permissions
Next by thread: Re: /var/run permissions
Index(es):
- Date
- Thread