From owner-freebsd-security  Fri Feb 18  0:33:14 2000
Delivered-To: freebsd-security@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id E5B9037B6F7
	for <freebsd-security@FreeBSD.ORG>; Fri, 18 Feb 2000 00:33:11 -0800 (PST)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.9.3/8.9.3) id BAA06030;
	Fri, 18 Feb 2000 01:01:04 -0800 (PST)
Date: Fri, 18 Feb 2000 01:01:04 -0800
From: Alfred Perlstein <bright@wintelcom.net>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: Andrey Novikov <novikov@webclub.ru>, freebsd-security@FreeBSD.ORG
Subject: Re: Nonpriveleged daemons and pid files
Message-ID: <20000218010104.L21720@fw.wintelcom.net>
References: <20000217220232.A53575@cc942873-a.ewndsr1.nj.home.com> <623.950862014@axl.noc.iafrica.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <623.950862014@axl.noc.iafrica.com>; from sheldonh@uunet.co.za on Fri, Feb 18, 2000 at 10:20:14AM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

* Sheldon Hearn <sheldonh@uunet.co.za> [000218 00:51] wrote:
> 
> Since nobody else seems to have mentioned the solution I use, I'll
> describe it here.
> 
> Quite simple really; I use /var/run/<daemon_name>/ for each
> non-priveledged daemon.  I still haven't run into a daemon that could be
> configured to run non-priveledged but could not be configured to use an
> arbitrary run state directory.  I suppose I'd run into more of them if I
> installed pre-compiled binaries.  However, many fine daemons allow for
> run-time specification of the pid_file location.
> 
> The drawback is that you don't have all your pid_files in one directory.
> However, if the daemon_name directory names are carefully chosen, it's
> not hard to find the pid_files with an ls command or even...
> 
> 	kill -HUP `find /var/run -name exim.pid -exec cat {} \;`

You could have symlinks in /var/run/ point to pidfiles in
/var/run/<daemon_name>/<daemon_name>.pid that way accesses will
sorta fail with file not found if the pid isn't there. :)

-Alfred


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message