tags patch thanks > Installing tinyproxy with default configuration. Startup is fine, but > shutdown > produces a warning message about not being able to cleanup the PID file, > presumably because it is running as nobody.
That's correct. The pidfile is created before tinyproxy does the setuid
call. An additional chown on the pidfile is not sufficient since
removing the pidfile in /var/run requires write access on that directory
itself.
A solution therefore has to:
- create a pidfile directory like /var/run/tinyproxy.
- change the pidfile location into that directory.
- chown that directory according to the user/group definition in the
config file.
- chown the pidfile in the same way.
See the attached patch - although one might also say this problem is
rather cosmetic since stopping tinyproxy works anyway.
Christoph
diff -urN tinyproxy-1.6.3.ORIG/debian/changelog tinyproxy-1.6.3/debian/changelog
--- tinyproxy-1.6.3.ORIG/debian/changelog 2006-09-16 05:43:19.000000000
+0000
+++ tinyproxy-1.6.3/debian/changelog 2006-09-16 09:32:36.000000000 +0000
@@ -1,3 +1,10 @@
+tinyproxy (1.6.3-2patch1) unstable; urgency=low
+
+ * Have a pidfile directory /var/run/tinyproxy, chown the pidfile so
+ tinycode can clean it upon exit (Closes: #284704)
+
+ -- Christoph Biedl <[EMAIL PROTECTED]> Sat, 16 Sep 2006 08:41:58 +0000
+
tinyproxy (1.6.3-2) unstable; urgency=low
* Remove debugging grammar.[ch] and scanner.c as
diff -urN tinyproxy-1.6.3.ORIG/debian/dirs tinyproxy-1.6.3/debian/dirs
--- tinyproxy-1.6.3.ORIG/debian/dirs 2006-09-16 05:43:19.000000000 +0000
+++ tinyproxy-1.6.3/debian/dirs 2006-09-16 09:32:36.000000000 +0000
@@ -2,3 +2,4 @@
usr/share/man/man8
usr/share/doc/tinyproxy
etc/tinyproxy
+var/run/tinyproxy
diff -urN tinyproxy-1.6.3.ORIG/debian/tinyproxy.init
tinyproxy-1.6.3/debian/tinyproxy.init
--- tinyproxy-1.6.3.ORIG/debian/tinyproxy.init 2006-09-16 05:43:19.000000000
+0000
+++ tinyproxy-1.6.3/debian/tinyproxy.init 2006-09-16 09:32:36.000000000
+0000
@@ -9,6 +9,7 @@
NAME=tinyproxy
DESC=tinyproxy
FLAGS=
+CONFIG=/etc/tinyproxy/tinyproxy.conf
if [ -r /etc/default/tinyproxy ]
then
. /etc/default/tinyproxy
@@ -18,6 +19,25 @@
set -e
+# assert pidfile directory and permissions
+if [ "$1" != "stop" ] ; then
+ USER=`grep -i '^User[[:space:]]' "$CONFIG" | awk '{print $2}'`
+ GROUP=`grep -i '^Group[[:space:]]' "$CONFIG" | awk '{print $2}'`
+ PIDFILE=`grep -i '^PidFile[[:space:]]' "$CONFIG" | awk '{print $2}' | sed
-e 's/"//g'`
+ PIDDIR=`dirname "$PIDFILE"`
+ if [ "$PIDDIR" -a "$PIDDIR" != "/var/run" ] ; then
+ if [ ! -d "$PIDDIR" ] ; then
+ mkdir "$PIDDIR"
+ fi
+ if [ "$USER" ] ; then
+ chown "$USER" "$PIDDIR"
+ fi
+ if [ "$GROUP" ] ; then
+ chgrp "$GROUP" "$PIDDIR"
+ fi
+ fi
+fi
+
case "$1" in
start)
echo -n "Starting $DESC: "
diff -urN tinyproxy-1.6.3.ORIG/src/tinyproxy.c tinyproxy-1.6.3/src/tinyproxy.c
--- tinyproxy-1.6.3.ORIG/src/tinyproxy.c 2004-08-06 16:23:51.000000000
+0000
+++ tinyproxy-1.6.3/src/tinyproxy.c 2006-09-16 09:32:36.000000000 +0000
@@ -341,6 +341,12 @@
argv[0], config.username);
exit(EX_NOUSER);
}
+ if (chown (config.pidpath, thisuser->pw_uid, thisgroup
? thisgroup->gr_gid : 0) < 0) {
+ fprintf(stderr,
+ "%s: Unable to change PID file to user
\"%s\".",
+ argv[0], config.username);
+ exit(EX_CANTCREAT);
+ }
if (setuid(thisuser->pw_uid) < 0) {
fprintf(stderr,
"%s: Unable to change to user \"%s\".",
--- tinyproxy-1.6.3.ORIG//doc/tinyproxy.conf 2004-08-06 16:23:48.000000000
+0000
+++ tinyproxy-1.6.3//doc/tinyproxy.conf 2006-09-16 10:15:07.000000000 +0000
@@ -85,7 +85,7 @@
# PidFile: Write the PID of the main tinyproxy thread to this file so it
# can be used for signalling purposes.
#
-PidFile "/var/run/tinyproxy.pid"
+PidFile "/var/run/tinyproxy/tinyproxy.pid"
#
# Include the X-Tinyproxy header, which has the client's IP address when
signature.asc
Description: Digital signature
