[launchd-dev] Launchd and logging and users and groups

Wed Jul 15 13:44:29 PDT 2009

On Jul 15, 2009, at 1:34 PM, Damien Sorresso wrote:

> On Jul 15, 2009, at 1:06 PM, Scott Haneda wrote:
>> Please be gentle, this is outside my comfort level in launchd.
>>
>> I have a spam proxy written in perl that needs to be started by  
>> launchd.
>>
>> When it starts, a few 100 lines of startup data is sent to whatever  
>> started it.  If I start with with launchd, all that data will end  
>> up in /var/log/system.log
>>
>> I set the 'StandardOutPath'
>> 	<key>StandardOutPath</key>
>> 	<string>/dev/null</string>
>> but I am not sure that is the correct way to deal with this.  All  
>> the startup data is also sent to the proxy's log file, so to me, it  
>> seems redundant.  However, I think the above StandardOutPath change  
>> may also mask away some important bits of launchd that may be  
>> desirable to be seen.
>
> launchd doesn't do anything to changethe log data it redirects. It  
> just blurts it out to syslog. You should set your StandardOutPath to  
> your log file path.

The proxy logs to /opt/local/var/ASSP/logs/maillog.txt
I have not tested, and I will shortly, but I believe, I would then get  
the log data from launchd being sent there, as well as the log data  
from the proxy.  I did not want to double up the log data.

>> All the files the proxy uses are owned by _assp:_assp, so I set:
>> 	<key>UserName</key>
>> 	<string>_assp</string>
>> according to the docs, I need not se the group, it will auto set to  
>> the user.  When I do that, launchd restarts repeatedly,
>
> Do you mean that the job restarts repeatedly?

Exactly.

>> and the logs that the perl file logs to aka: the proxy logs, will  
>> get this line repeated:
>>
>> Jul-14-09 23:58:03 Requested to switch to user/group '_assp/_assp'  
>> but cannot set effective uid to 0 -- quitting; uid is 504
>>
>> If the proxy is automatically dropping into the correct user and  
>> group, then does that mean there is no need to run with the lunachd  
>> settings for UserName?
>>
>> Can I get some guidance on the best way to deal with this?  Any  
>> suggestions on how this should be set up to be most ideal, is most  
>> appreciated.
>
> Your daemon is calling setuid(2), but you've requested that you be  
> run as the _assp user, which will cause setuid(2) to fail. launchd  
> does not save your EUID when applying the UserName key. See the  
> setuid(2) man page.
>
> Also please see launchd.plist(5). Daemons should not call setuid(2).  
> Your daemon should decide what set of credentials (root or non-root)  
> it wants and stick with that decision.

If I interpret that correct, and of course, I will read the man pages  
shortly, but you are stating to simply let the daemon decide?

I will have a follow up question about daemons, and if this proxy is  
even a daemon, but will need clarification from the proxy developer  
first.

Thank you.
-- 
Scott * If you contact me off list replace talklists@ with scott@ *