[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Introduction of a "lock" group

On Mon, Aug 15, 2011 at 06:03:59PM +0200, Iustin Pop wrote:
> On Mon, Aug 15, 2011 at 04:11:49PM +0100, Roger Leigh wrote:
> > Hi folks,
> > 
> > Fedora has moved to having /var/lock (now /run/lock) owned by
> > root:lock 0775 rather than root:root 01777.  This has the advantage
> > of making a system directory writable only by root or setgid lock
> > programs, rather than the whole world.  However, due to the
> > potential for privilege escalation¹² it may be desirable to adopt
> > what has been done subsequently in Fedora:
> >   /var/lock          root:root 0755
> >   /var/lock/lockdev  root:lock 0775
> >   /var/lock/subsys   root:root 0755
> If /var/lock won't be 1777 anymore, where should then applications store
> application-specific lock files (e.g. synchronisation between daemons)
> if they can't/won't run as setgid lock?
> Is the intention that the init script creates a /var/lock/$NAME
> directory, chgrp's it to the right GIDs and only then start the daemons?

I'll have to inspect what Fedora is doing more closely to give you
a definitive answer.

If you always start the daemon as root, it can continue to use
/var/lock without trouble if it does its file handling before changing
to a less privileged user.  Creating a daemon-specific subdirectory is
also fine, though you could nowadays also use /run/<daemon> for daemon-
specific things, including locks.  Or even /var/lib/<daemon> if they
should persist.

In some respects, /var/lock is a bit of an anachronism; /var/run
exists for pidfiles, and actual UUCP-style lockfiles are badly
broken--we should be moving to direct device locks.  If it's a
daemon-specific lock, rather than one with system-wide effects
such as device locking, it probably doesn't belong under /var/lock.
If we eliminate device locking using lockfiles, what's left to go
under /var/lock?  [I don't always agree with Lennart Poettering, but
his views on /var/lock and device lockfiles being obsolete are, I
think, entirely correct.]


  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Attachment: signature.asc
Description: Digital signature

Reply to: