[Pkg-giraffe-discuss] alioth repo updated
Guido Günther
agx at sigxcpu.org
Fri Sep 11 16:28:52 UTC 2015
Hi Mark,
On Wed, Aug 26, 2015 at 11:22:24AM +0200, Mark Dufour wrote:
> hi matthias,
>
> > We changed the default configs of most daemons, so that they drop their
> > privileges when started. I experienced problems doing that with the
> > zarafa-search service though, but have not looked into it in detail yet.
>
> yeah, search unfortunately works slightly different from the other services, as it is the only one at this point written in python (using python-zarafa, python-daemon, python-lockfile). the other services do their thing as 'root' in /var/run, before switching to the specified user. search does not (yet) do that, which sounded logical at the time.. ;-)
>
> we are considering moving to an approach where all services do their thing inside a subdirectory of /var/run, say /var/run/zarafa/.. this almost made it into 7.2.1 in fact. but it should currently work fine with the correct permissions. the following options in search.cfg which are important in this regard:
>
> -index_path (where does it store the xapian databases)
> -pid_file (note that the pid_file is also hardcoded in the init script.. :S)
> -server_bind_name (unix socket that Zarafa uses to talk to search)
> -log_file (clearly; btw you probably want to set log_level to 6 while testing)
>
> it's probably easiest to test this by running '/usr/sbin/zarafa-search -F' as user 'zarafa' (for example by using paths in search.cfg starting with /home/zarafa everywhere at first). then when everything works switch to running as root with without the -F.
>
> since we are moving to a subdirectory of /var/run, and assuming this is good practice under debian as well, perhaps you guys would like to make this move as well?
I'm not sure I understand what will end up in /var/run/zarafa? Just
non permanent files that will be recreated with each start (if missing)
like sockets?
Cheers,
-- Guido
More information about the Pkg-giraffe-discuss
mailing list