On Fri, 23 Sep 2016 20:41, Sebastian wrote:
Hi,
I'm downstream and upstream maintainer of a software which consists of many python modules, which are started individually and are non-root. Previously, we used /opt, but we'd like to drop this now and use LSB-paths.
But I'm facing problems with the pidfiles, which should be saved under `/run/name/component.pid`*. But the unprivileged programs can't create the directory or change permissions, so root must do this. I now see these possibilities: 1) Use /opt/name/ - kind of fishy 2) Use /tmp - Better than the solution above and still simple. 3) Saved them somewhere in /var/lib/name, which is writable to the users. 4) Start all components as root, create /run/name if needed and then drop privileges. Has unnecessary complexity in the software, which I'd like to avoid 5) Allow the programs to create the directory /run/name via sudoers
Are there other possibilites or best practices? Does systemd has a solution here? Note that units need the pidfiles, not services. I know that systemd can handle the pidfile of the latter. But then I'd again need root to create it.
Any ideas are appreciated, Sebastian
* as far as I understand non-existing guidelines. But it seems to be handled so by other progams. Some hints that this should be done, can be found here: https://en.opensuse.org/openSUSE:Systemd_services#dnscrypt https://en.opensuse.org/SDB:LXC#Populate_the_container_filesystem https://en.opensuse.org/openSUSE:Packaging_init_scripts#Status_Functions
AFAIK, you can create the needed dirs with the needed (user writeable) permissions by dropping a snippet in /etc/tmpdirs.d/ (for files use /etc/tmpfiles.d/) and they will be created after boot by systemd-tmpfiles-setup.service. Docu: man:tmpfiles.d(5) man:systemd-tmpfiles(8) This /could/ be what you want (use /run/name/blah.pid) without forceing extra tricks. Otherwise using /var/lib/name/blah.pid would also be a valid, traceable, accountable, and comprehensible solution. Please make note of the why and how of the solution in the man-page / readme / docu of your program, that spares many headaches later. - Yamaban. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org