Am 03.02.2018 um 14:35 schrieb Sven Hartge: > Um 14:00 Uhr am 03.02.18 schrieb Michael Biebl:
>> The alternative afaics would be, that the daemon writes the pid file as >> munin:munin then (or ulog:ulog for the above case). > > No, this would open a potential DoS vector. > > Image an attacker gaining access to the munin user. He would then be able > to write any PID to the PIDfile and the init system would kill the other > process when the munin-node service is stopped/restarted. > I don't think this applies to systemd though. If the process id listed in the pid file is not found in the service cgroup, systemd should not kill the process listed in the pid file. I suspect that MainPID will not be properly set and systemd will complain about it. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Description: OpenPGP digital signature