Package: runit Version: 1.8.0-2 Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I think that the current practice of replacing any supervise directories in the service directory with links to /var/run is probably the right thing to do. However, this has the adverse consequence of not being able to maintain non-default permissions on supervise directories (if, for instance, it is desired to set looser permissions on service supervise directories so that non-privileged users may be allowed to check the state of a service). If using update-service, any permissions set on the supervise directories before they are added are removed when update-service removes the old supervise directories and replaces them with links to /var/run. When runit then creates the supervise directories in /var/run, it then does so with default permissions. At this point the permissions could be manually changed, but if the service is later removed from system-wide supervision and re-added with update-service, then the permissions will again be reset. Similarly, if /var/run is a tmpfs that is created at boot (as is the case for systems that use the "RAMRUN=yes" option in /etc/init.d/rcS), permissions set after the service has been added will not be retained across reboot. The supervise directories will be purged at shutdown and recreated at boot with default permissions. It occurs to me that the permission on the supervise directories *could* be set by the run scripts themselves. However, this kind of futzing by a service on it's own supervision seems a little undesirable to me. I'm not sure what the proper way to handle this is, though. The only thing I can think of at the moment is a runit configuration directive that can be placed in the service directory that tell the supervising daemon the permissions to use when creating the supervise directory if it's not there; something like: $ cat <servicedir>/<service>/supervise_perms 0755 $ I would be happy to have a discussion on the issue. I would like to figure out a solution, since it is occasionally desirable to make the supervise directories readable for non-privileged users (we use this in cereal[0], for instance). Thanks again for such great maintaining work on such a great package. jamie. [0] http://packages.debian.org/cereal - -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (101, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash runit depends on no packages. Versions of packages runit recommends: ii fgetty 0.6-5 very small, efficient, console-onl - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQIVAwUBR7217e00zqvie6q8AQIXQA//dqiLfbl4gcxEJAdOAX5oow0EjfKU/iKg OfCUIw+K9rclUbXUip9IaJuQ56oA171mgWfOn+KgqwpXpmdr9tJpB7zqJpOkPtOD PP+BTuzpJUFhR3H9muImmINgwnCZuzRL5SsJ3n6swh3fv2ixk2CGVdFjeTmy2hjh czOdmjqJDouyTFGLugrfge4yfTCd8lIvlp48s72r/rxu3aV59dB+zQe9qmwVALe1 DqAY0uYpee7ImwN5SfR1F1w+tNaIQHpPWBjvdhIs7T8sO1+gfzvj2UKZU7LSjoqj lsq3jkCzFqwPKu3qwY//oAlyo3Ay7j8IOld9Mv22JjSwDRv4Hdqi0xrJfW9lTv1s sQaO2jKGd1n0Jku73aO9aYol1497Whk5QZls484cOpqAqhq4AK5mVrzDHXoE6feQ qOgFP9SAsSTEPVX+qE35pHIbwVaJsY2/GjxAH0NOKOpwEII2vgchZmB8PGIrw9DZ XheorZqkrZPcDRGtqMd5QXO10lQ22xBpUmEI4tPXoUPmK/3Bnwrcf+ttol/lynrt EedN6XZv0KHpc+U/oo8hXZ5RTIKa7k62RxTt4Y32FPdTa0g4bgFzkg8a5k7qnKw4 CN69/nGqDovsiyy2bqRuLq4JNxpCuYfJrzrOYYkcFmo0mlvNBMhoAiTB/jtjPPDD H6/5Fhub5CQ= =UpOe -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
