cs at zip.com.au
Thu Nov 13 09:49:42 CET 2008
On 12Nov2008 22:30, Jeffrey Barish <jeff_barish at earthlink.net> wrote:
| Cameron Simpson wrote:
| > Or, more simply, get root to make an empty pid file once and chown it to
| > the daemon user. Then the daemon can rewrite the file as needed. You need
| > to move to truncating the file instead of removing it on daemon shutdown,
| > but that is trivial. And no mucking with privileges, like starting the
| > daemon as root instead of directly as the daemon user, need be done.
| Although the file locking that I described is happening during boot (which I
| did not make clear), so I believe that the user is root already.
| Accordingly, I need to drop privileges to a user anyway. Still, I like
| your suggestion, so I'll remember it for another occasion.
Even during boot I tend to do this if its feasible, eg:
# boot script, running as root
chown thingdaemon /var/run/thing.pid
su thingdaemon -c 'start the daemon...'
It avoids a lot of privilege code inside the daemon (presuming it doesn't
need to do other privileged anyway). i.e. have the daemon be "just a
tool" if possible.
Cameron Simpson <cs at zip.com.au> DoD#743
More information about the Python-list