On Mon, 15 Nov 2004, Juan RP wrote:

> > > Use /tmp as directory for $pidfile, because the nobody user cannot write
> > > in /var/run!
> >
> > ! pidfile="/tmp/${name}.pid"
> > ! command_args="--daemon --pid-file ${pidfile} --user nobody"
> >
> > This does not look safe.
> >
> > I don't know if distccd is smart enough to generate the pid file safely,
> > but please verify that. (We wouldn't want it to overwrite someone's
> > important file because of some malicious pre-made symlink.)
>
> Do you suggest to create a specific directory to store the pidfile with
> $dpam_user:$dspam_group 755?

I am not sure if that is needed. I don't know how distccd creates its pid
file. But your idea of a pre-created directory for that sounds like an
excellent idea.

${VARBASE}/run/distccd/ would be similar to what is done in
net/freeradius/Makefile but using OWN_DIRS_PERMS and VARBASE instead.

 Jeremy C. Reed

 	  	 	 BSD News, BSD tutorials, BSD links
	  	 	 http://www.bsdnewsletter.com/