Pidfiles for daemons running as daemon or noboby

[Bob Hilliard <hilliard@flinet.com>]

     For security reasons, it is frequently recommended that daemons
that do not require root privileges be run as `noboby' or as
`daemon'.  Since root privileges are required to write to /var/run,
such daemons can not write a standard pidfile.

     One obvious solution is to hack the source so it can be started
as root, then, after writing the pidfile and doing any other chores
that require root permissions, drop those permissions and become
'nobody'.  This makes it necessary to leave the stale pidfile on
termination, or re-assume the root privileges, which may be a small
security hole.  This solution, of course, requires that the maintainer
possess the necessary skills to hack the source, which is beyond the
capabilities of many maintainers.

     For those daemons whose Makefile provides for setting the `pid'
variable, I propose that Makefile.in be  modified to define
`hid=/var/run/daemon/<packagename>.pid.  The postinst would create the
sudirectory `/var/run/daemon', if it doesn't exist, with 1755
permissions and owned by 'daemon'.  This would allow any process
running as `daemon' to write a pidfile to this directory.

     Is there any technical objection to this scheme?  As far as I can
see, this is not prohibited by policy.  If there are no serious
technical objections raised, I will raise the question on
debian-policy.

Bob
-- 
   _
  |_)  _  |_       Robert D. Hilliard    <hilliard@flinet.com>
  |_) (_) |_)      Palm City, FL  USA    PGP Key ID: A8E40EB9