SMP workers in trunk start without root privileges. This results in
startup failures when workers need to use a privileged port (e.g., 443)
or other root-only features such as TPROXY.
This bug added with my Moved PID file management from Coordinator to
Master patch.
The problem is inside watch_child function which called after a
enter_suid() call, but the writePidFile() call, inside the
watch_child(), will leave suid mode before exit.
This patch removes the enter_suid/leave_suid cals from the writePidFile
and make the caller responsible for setting the root privileges if
required.
start workers as root
SMP workers in trunk start without root privileges. This results in startup
failures when workers need to use a privileged port (e.g., 443) or other
root-only features such as TPROXY.
The watch_child function, responsible to watch and start squid workers for
the squid monitor process, called after a enter_suid() call, but the
writePidFile() call, inside the watch_child(), will leave suid mode before exit.
This patch removes the enter_suid()/leave_suid() cals from the writePidFile and
make the caller responsible for setting the root privileges if required.
This is a Measurement Factory project
=== modified file 'src/main.cc'
--- src/main.cc 2015-02-09 18:12:51 +
+++ src/main.cc 2015-03-05 17:40:17 +
@@ -922,42 +922,45 @@
storeDirOpenSwapLogs();
mimeInit(Config.mimeTablePathname);
if (unlinkdNeeded())
unlinkdInit();
#if USE_DELAY_POOLS
Config.ClientDelay.finalize();
#endif
if (Config.onoff.announce) {
if (!eventFind(start_announce, NULL))
eventAdd(start_announce, start_announce, NULL, 3600.0, 1);
} else {
if (eventFind(start_announce, NULL))
eventDelete(start_announce, NULL);
}
-if (!InDaemonMode())
+if (!InDaemonMode()) {
+enter_suid();
writePidFile(); /* write PID file */
+leave_suid();
+}
reconfiguring = 0;
}
static void
mainRotate(void)
{
icmpEngine.Close();
redirectShutdown();
#if USE_AUTH
authenticateRotate();
#endif
externalAclShutdown();
_db_rotate_log(); /* cache.log */
storeDirWriteCleanLogs(1);
storeLogRotate(); /* store.log */
accessLogRotate(); /* access.log */
#if ICAP_CLIENT
icapLogRotate(); /*icap.log*/
@@ -1174,42 +1177,45 @@
#if USE_WCCP
wccpInit();
#endif
#if USE_WCCPv2
wccp2Init();
#endif
}
serverConnectionsOpen();
neighbors_init();
// neighborsRegisterWithCacheManager(); //moved to neighbors_init()
if (Config.chroot_dir)
no_suid();
-if (!configured_once !InDaemonMode())
+if (!configured_once !InDaemonMode()) {
+enter_suid();
writePidFile(); /* write PID file */
+leave_suid();
+}
#if defined(_SQUID_LINUX_THREADS_)
squid_signal(SIGQUIT, rotate_logs, SA_RESTART);
squid_signal(SIGTRAP, sigusr2_handle, SA_RESTART);
#else
squid_signal(SIGUSR1, rotate_logs, SA_RESTART);
squid_signal(SIGUSR2, sigusr2_handle, SA_RESTART);
#endif
squid_signal(SIGHUP, reconfigure, SA_RESTART);
squid_signal(SIGTERM, shut_down, SA_RESTART);
squid_signal(SIGINT, shut_down, SA_RESTART);
@@ -1985,39 +1991,41 @@
asnFreeMemory();
clientdbFreeMemory();
httpHeaderCleanModule();
statFreeMemory();
eventFreeMemory();
mimeFreeMemory();
errorClean();
#endif
// clear StoreController
Store::Root(NULL);
fdDumpOpen();
comm_exit();
RunRegisteredHere(RegisteredRunner::finishShutdown);
memClean();
if (!InDaemonMode()) {
+enter_suid();
removePidFile();
+leave_suid();
}
debugs(1, DBG_IMPORTANT, Squid Cache (Version version_string ): Exiting normally.);
/*
* DPW 2006-10-23
* We used to fclose(debug_log) here if it was set, but then
* we forgot to set it to NULL. That caused some coredumps
* because exit() ends up calling a bunch of destructors and
* such. So rather than forcing the debug_log to close, we'll
* leave it open so that those destructors can write some
* debugging if necessary. The file will be closed anyway when
* the process truly exits.
*/
exit(shutdown_status);
}
=== modified file 'src/tools.cc'
--- src/tools.cc 2015-02-10 03:44:32 +
+++ src/tools.cc 2015-03-05 17:42:25 +
@@ -696,69 +696,63 @@
roles.append( worker);
if (IamDiskProcess())
roles.append( disker);
return roles;
}
void
writePidFile(void)
{
int fd;
const char *f = NULL;
mode_t old_umask;
char buf[32];
if ((f = Config.pidFilename) == NULL)
return;
if (!strcmp(Config.pidFilename, none))
return;
-enter_suid();
-
old_umask = umask(022);