[
https://issues.apache.org/jira/browse/QPID-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ted Ross updated QPID-1114:
---------------------------
Description:
This update improves daemon-mode operation of the C++ broker.
When run as a daemon (--daemon), the broker currently creates a PID file
specific to the port the broker is listening on. This allows multiple daemons
to run simultaneously on the same system. The PID file is stored in "/var/run"
if the broker is running as root, otherwise, it is stored in "/tmp".
The problem with this is that since it is recommended that the broker not run
as root for security reasons, installed/deployed brokers write their PID files
to /tmp. This is not the right place for such a file and may run afoul of the
security policy on the system it is installed on. It also means that root
users can't use the --quit option to stop daemons that were started by non-root
users.
This update does the following:
1) Removes the root/not-root distinction and always defaults to "/tmp". This
is useful for developers who run the broker from SVN and not as a service.
2) Provides a new option "--pid-dir" that allows the configuration (command
line, file, or env-variables) to control the directory for PID file storage.
3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets
the pid-dir to "/var/run/qpidd". This is useful for real deployment.
4) Adds commands in the install spec-file to create /var/run/qpidd with read
and write access for user "qpidd"
was:
This update improves daemon-mode operation of the C++ broker.
When run as a daemon (--daemon), the broker currently creates a PID file
specific to the port the broker is listening on. This allows multiple daemons
to run simultaneously on the same system. The PID file is stored in "/var/run"
if the broker is running as root, otherwise, it is stored in "/tmp".
The problem with this is that since it is recommended that the broker not run
as root for security reasons, installed/deployed brokers write their PID files
to /tmp. This is not the right place for such a file and may run afoul of the
security policy on the system it is installed on. It also means that root
users can't use the --quit option to stop daemons that were started by non-root
users.
This update does the following:
1) Removes the root/not-root distinction and always defaults to "/tmp". This
is useful for developers who run the broker from SVN and not as a service.
2) Provides a new option "--pid-dir" that allows the configuration (command
line, file, or env-variables) to control the directory for PID file storage.
3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets
the pid-dir to "/var/run/qpidd". This is useful for real deployment.
4) Adds commands in the install spec-file to create /var/run/qpidd with read
and write access for user "qpidd"
Note that there is also a bug-fix in the qpidd startup script. Instead of
using the "daemon" command to spawn the service (which retrieves the PID of the
qpidd parent process, not the child), the runuser command is used instead.
> Improvements to daemon mode operations
> --------------------------------------
>
> Key: QPID-1114
> URL: https://issues.apache.org/jira/browse/QPID-1114
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: M3
> Reporter: Ted Ross
> Assignee: Ted Ross
> Priority: Minor
> Fix For: M3
>
>
> This update improves daemon-mode operation of the C++ broker.
> When run as a daemon (--daemon), the broker currently creates a PID file
> specific to the port the broker is listening on. This allows multiple
> daemons to run simultaneously on the same system. The PID file is stored in
> "/var/run" if the broker is running as root, otherwise, it is stored in
> "/tmp".
> The problem with this is that since it is recommended that the broker not run
> as root for security reasons, installed/deployed brokers write their PID
> files to /tmp. This is not the right place for such a file and may run afoul
> of the security policy on the system it is installed on. It also means that
> root users can't use the --quit option to stop daemons that were started by
> non-root users.
> This update does the following:
> 1) Removes the root/not-root distinction and always defaults to "/tmp". This
> is useful for developers who run the broker from SVN and not as a service.
> 2) Provides a new option "--pid-dir" that allows the configuration (command
> line, file, or env-variables) to control the directory for PID file storage.
> 3) Adds a line to the default configuration file (/etc/qpidd.conf) that sets
> the pid-dir to "/var/run/qpidd". This is useful for real deployment.
> 4) Adds commands in the install spec-file to create /var/run/qpidd with read
> and write access for user "qpidd"
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
