tags patch thanks > Installing tinyproxy with default configuration. Startup is fine, but > shutdown > produces a warning message about not being able to cleanup the PID file, > presumably because it is running as nobody.
That's correct. The pidfile is created before tinyproxy does the setuid call. An additional chown on the pidfile is not sufficient since removing the pidfile in /var/run requires write access on that directory itself. A solution therefore has to: - create a pidfile directory like /var/run/tinyproxy. - change the pidfile location into that directory. - chown that directory according to the user/group definition in the config file. - chown the pidfile in the same way. See the attached patch - although one might also say this problem is rather cosmetic since stopping tinyproxy works anyway. Christoph
diff -urN tinyproxy-1.6.3.ORIG/debian/changelog tinyproxy-1.6.3/debian/changelog --- tinyproxy-1.6.3.ORIG/debian/changelog 2006-09-16 05:43:19.000000000 +0000 +++ tinyproxy-1.6.3/debian/changelog 2006-09-16 09:32:36.000000000 +0000 @@ -1,3 +1,10 @@ +tinyproxy (1.6.3-2patch1) unstable; urgency=low + + * Have a pidfile directory /var/run/tinyproxy, chown the pidfile so + tinycode can clean it upon exit (Closes: #284704) + + -- Christoph Biedl <[EMAIL PROTECTED]> Sat, 16 Sep 2006 08:41:58 +0000 + tinyproxy (1.6.3-2) unstable; urgency=low * Remove debugging grammar.[ch] and scanner.c as diff -urN tinyproxy-1.6.3.ORIG/debian/dirs tinyproxy-1.6.3/debian/dirs --- tinyproxy-1.6.3.ORIG/debian/dirs 2006-09-16 05:43:19.000000000 +0000 +++ tinyproxy-1.6.3/debian/dirs 2006-09-16 09:32:36.000000000 +0000 @@ -2,3 +2,4 @@ usr/share/man/man8 usr/share/doc/tinyproxy etc/tinyproxy +var/run/tinyproxy diff -urN tinyproxy-1.6.3.ORIG/debian/tinyproxy.init tinyproxy-1.6.3/debian/tinyproxy.init --- tinyproxy-1.6.3.ORIG/debian/tinyproxy.init 2006-09-16 05:43:19.000000000 +0000 +++ tinyproxy-1.6.3/debian/tinyproxy.init 2006-09-16 09:32:36.000000000 +0000 @@ -9,6 +9,7 @@ NAME=tinyproxy DESC=tinyproxy FLAGS= +CONFIG=/etc/tinyproxy/tinyproxy.conf if [ -r /etc/default/tinyproxy ] then . /etc/default/tinyproxy @@ -18,6 +19,25 @@ set -e +# assert pidfile directory and permissions +if [ "$1" != "stop" ] ; then + USER=`grep -i '^User[[:space:]]' "$CONFIG" | awk '{print $2}'` + GROUP=`grep -i '^Group[[:space:]]' "$CONFIG" | awk '{print $2}'` + PIDFILE=`grep -i '^PidFile[[:space:]]' "$CONFIG" | awk '{print $2}' | sed -e 's/"//g'` + PIDDIR=`dirname "$PIDFILE"` + if [ "$PIDDIR" -a "$PIDDIR" != "/var/run" ] ; then + if [ ! -d "$PIDDIR" ] ; then + mkdir "$PIDDIR" + fi + if [ "$USER" ] ; then + chown "$USER" "$PIDDIR" + fi + if [ "$GROUP" ] ; then + chgrp "$GROUP" "$PIDDIR" + fi + fi +fi + case "$1" in start) echo -n "Starting $DESC: " diff -urN tinyproxy-1.6.3.ORIG/src/tinyproxy.c tinyproxy-1.6.3/src/tinyproxy.c --- tinyproxy-1.6.3.ORIG/src/tinyproxy.c 2004-08-06 16:23:51.000000000 +0000 +++ tinyproxy-1.6.3/src/tinyproxy.c 2006-09-16 09:32:36.000000000 +0000 @@ -341,6 +341,12 @@ argv[0], config.username); exit(EX_NOUSER); } + if (chown (config.pidpath, thisuser->pw_uid, thisgroup ? thisgroup->gr_gid : 0) < 0) { + fprintf(stderr, + "%s: Unable to change PID file to user \"%s\".", + argv[0], config.username); + exit(EX_CANTCREAT); + } if (setuid(thisuser->pw_uid) < 0) { fprintf(stderr, "%s: Unable to change to user \"%s\".", --- tinyproxy-1.6.3.ORIG//doc/tinyproxy.conf 2004-08-06 16:23:48.000000000 +0000 +++ tinyproxy-1.6.3//doc/tinyproxy.conf 2006-09-16 10:15:07.000000000 +0000 @@ -85,7 +85,7 @@ # PidFile: Write the PID of the main tinyproxy thread to this file so it # can be used for signalling purposes. # -PidFile "/var/run/tinyproxy.pid" +PidFile "/var/run/tinyproxy/tinyproxy.pid" # # Include the X-Tinyproxy header, which has the client's IP address when
signature.asc
Description: Digital signature