[launchd-dev] Launchd and logging and users and groups
Scott Haneda
talklists at newgeo.com
Wed Jul 15 13:44:29 PDT 2009
On Jul 15, 2009, at 1:34 PM, Damien Sorresso wrote:
> On Jul 15, 2009, at 1:06 PM, Scott Haneda wrote:
>> Please be gentle, this is outside my comfort level in launchd.
>>
>> I have a spam proxy written in perl that needs to be started by
>> launchd.
>>
>> When it starts, a few 100 lines of startup data is sent to whatever
>> started it. If I start with with launchd, all that data will end
>> up in /var/log/system.log
>>
>> I set the 'StandardOutPath'
>> <key>StandardOutPath</key>
>> <string>/dev/null</string>
>> but I am not sure that is the correct way to deal with this. All
>> the startup data is also sent to the proxy's log file, so to me, it
>> seems redundant. However, I think the above StandardOutPath change
>> may also mask away some important bits of launchd that may be
>> desirable to be seen.
>
> launchd doesn't do anything to changethe log data it redirects. It
> just blurts it out to syslog. You should set your StandardOutPath to
> your log file path.
The proxy logs to /opt/local/var/ASSP/logs/maillog.txt
I have not tested, and I will shortly, but I believe, I would then get
the log data from launchd being sent there, as well as the log data
from the proxy. I did not want to double up the log data.
>> All the files the proxy uses are owned by _assp:_assp, so I set:
>> <key>UserName</key>
>> <string>_assp</string>
>> according to the docs, I need not se the group, it will auto set to
>> the user. When I do that, launchd restarts repeatedly,
>
> Do you mean that the job restarts repeatedly?
Exactly.
>> and the logs that the perl file logs to aka: the proxy logs, will
>> get this line repeated:
>>
>> Jul-14-09 23:58:03 Requested to switch to user/group '_assp/_assp'
>> but cannot set effective uid to 0 -- quitting; uid is 504
>>
>> If the proxy is automatically dropping into the correct user and
>> group, then does that mean there is no need to run with the lunachd
>> settings for UserName?
>>
>> Can I get some guidance on the best way to deal with this? Any
>> suggestions on how this should be set up to be most ideal, is most
>> appreciated.
>
> Your daemon is calling setuid(2), but you've requested that you be
> run as the _assp user, which will cause setuid(2) to fail. launchd
> does not save your EUID when applying the UserName key. See the
> setuid(2) man page.
>
> Also please see launchd.plist(5). Daemons should not call setuid(2).
> Your daemon should decide what set of credentials (root or non-root)
> it wants and stick with that decision.
If I interpret that correct, and of course, I will read the man pages
shortly, but you are stating to simply let the daemon decide?
I will have a follow up question about daemons, and if this proxy is
even a daemon, but will need clarification from the proxy developer
first.
Thank you.
--
Scott * If you contact me off list replace talklists@ with scott@ *
More information about the launchd-dev
mailing list