Re: Pidfiles for daemons running as daemon or noboby
On Sat, 22 May 1999, Bob Hilliard wrote:
>For security reasons, it is frequently recommended that daemons
>that do not require root privileges be run as `noboby' or as
>`daemon'. Since root privileges are required to write to /var/run,
>such daemons can not write a standard pidfile.
>
> One obvious solution is to hack the source so it can be started
>as root, then, after writing the pidfile and doing any other chores
>that require root permissions, drop those permissions and become
>'nobody'. This makes it necessary to leave the stale pidfile on
>termination, or re-assume the root privileges, which may be a small
>security hole. This solution, of course, requires that the maintainer
>possess the necessary skills to hack the source, which is beyond the
>capabilities of many maintainers.
>
> For those daemons whose Makefile provides for setting the `pid'
>variable, I propose that Makefile.in be modified to define
>`hid=/var/run/daemon/<packagename>.pid. The postinst would create the
>sudirectory `/var/run/daemon', if it doesn't exist, with 1755
>permissions and owned by 'daemon'. This would allow any process
>running as `daemon' to write a pidfile to this directory.
I've already suggested on debian-devel that we change /var/run to be group
daemon and mode 1775, then every daemon can have it's own UID (so a compromised
daemon can't easily corrupt other daemons).
Some discussion ensued, but no positive results.
--
I am in London and would like to meet any Linux users here.
I plan to work in London until April and then move to another
place where the pay is good.
Reply to: