Re: automatically restarting dying daemons?
On Thu, Jul 01 at 09:31PM +0100, Thomas Adam wrote:
> --- Will Trillich <will@serensoft.com> wrote:
> > for daemon-config-file-settings, i'm more comfortable
> > specifying the whole path. less chance of intervention or
> > misdirection based on $PATH mungings...
>
> /etc/init.d is not in $PATH, and as such scripts are run as
> root anyway, invoke-rc.d is perfect still.
you probably already know this, being the expert du jour and
everything, but just in case: when a command specification
starts with a slash, it's an absolute reference, no
uncertainties about it; if it does NOT start with a slash, then
your environmental variable $PATH is called upon to supply
likely directories to scan, looking for an executable by the
name you specified. (if you have perl, say, in both
/usr/local/bin and /usr/bin you'll never see the one in
/usr/bin.)
the trouble, of course, is that script kiddies can find ways to
munge your $PATH; you might think you're asking for "ls" or
"more" in their standard /bin/* location, but in fact the
black-hats can prepend your $PATH with a directory of their own
making, which runs a fake "ls" or "more" which can do worse
things yet.
so in system scripts, it's good to
1) specify exact, full, absolute paths, and
2) set your own $PATH variable, and finally
3) specify exact, full, absolute paths anyhow.
using "invoke-rc.d" in a system/daemon script is as dangerous as
using "ls" or "more" -- without a full path. and invoking it
with a full path is better than calling /etc/init.d/* scripts
directly ... in what way?
> > is invoke-rc.d similar to the "service" function on other
> > distros? (sarge already has a "_service" for bash to
> > facilitate command-line word completion... and i understand
> > that the "service" function/script/alias is on its way.)
>
> It's a little similar, yes.
a little? how little? is this invoke-rc.d something we
understand, or something we repeat?
[re: daemontools--]
> > 1) there seems to be no facility for checking for a
> > daemon process, only the ./run process (i.e. child
> > processes of supervise)
>
> If that is the case, then the script (and overall design) is
> very broken, and I would avoid it.
i would, too. and since it does seem the case, i do.
> > unless i misunderstand, this seems to be a "run-and-monitor
> > home grown programs and scripts, do your system daemon
> > resurrection elsewhere"... no?
>
> monit has already been suggested along with 'daemontools'.
and "daemontools" was actually the subject under discussion.
unless "monit" has something ingenious to offer, we'll be
staying with "restartd" for now.
--
I use Debian/GNU Linux version 3.0;
Linux boss 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i586 unknown
DEBIAN NEWBIE TIP #87 from Joost Kooij <joost@topaz.mdcc.cx>
:
Did you CHMOD -R / and destroy your permissions? Bad dog!
If you have access to a newly-installed Debian machine, run
this script there, and copy the resulting script to the box
with the bad permissions; run it, and all should be back to
normal:
find / -regex '/\(mnt\|proc\|tmp\)/.*' -prune -or \
-not -type l -not -type s \
-printf 'chown %u.%g %p\nchmod %m %p\n' \
> fixperms.sh
Also see http://newbieDoc.sourceForge.net/ ...
Reply to: