Can you flock a file that is readonly for your user ? It doesn't make sense, it would allow a lot of (local) Denial of Services, I think ? Kostik Belousov schreef: > On Wed, Apr 16, 2008 at 03:12:03PM +0200, Jille wrote: >> Hello, >> >> Today I found out some pidfiles of 'system daemons', have a 'weird' chmod. >> >> [quis_at_istud ~]$ ls -l /var/run/cron.pid >> -rw------- 1 root wheel 4 Mar 1 19:25 /var/run/cron.pid >> >> Can somebody tell me why it is 0600 ? >> I don't think it will harm if it is 0644 ? >> >> I think this is only useful if the security.bsd.see_other_uids sysctl is >> set to 0. > > They are 0600 so that the advisory locking works reliably on them. > More details: > the daemons flock() the pidfile to indicate that it is alive. Any other > process may lock the file that can be opened for reading. Having more > permissive mode would allow anybody to lock the pidfile, falsely indicating > that the daemon is still alive, while it in fact died.Received on Wed Apr 16 2008 - 11:24:00 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:29 UTC