[Zope-dev] Re: [ZODB-Dev] ZEO signal feature

Toby Dickenson tdickenson@geminidataloggers.com
Mon, 7 Oct 2002 13:39:29 +0100


On Monday 07 Oct 2002 1:14 pm, Guido van Rossum wrote:

> Well, there goes zLOG's MinimalLogger implementation.

The module name might be 'MinimalLogger', but everywhere else it is known=
 as=20
'the stupid log'.=20

> (This only holds for log files owned by a root, right?)

No, I dont think ownership is relevant. Any log file which the zope proce=
ss=20
can overwrite it of little use in proving that your zope process has not =
been=20
compromised.

> > > Pidfiles too.
> >
> > Currently it is common practice for Zope's 'stop' scripts to be run
> > as root.  We cant allow the pid files to be written by non-root
> > users, otherwise those users could trick root into killing an
> > arbitrary process.
>
> The current design, for whatever reason, writes the pidfile as *late*
> as possible.  That's often bugged me, because there's a failure mode
> where the process dies before the pidfile is written; zdaemon restarts
> it over and over (that's what prompted my zdaemon hack proposal), and
> the stop script won't stop it.

There is a trick here - it writes two pid files. One is written by the se=
rver=20
process (as you point out, this one is written very late), the other is=20
written by the supervisor process immediately after forking. By default t=
his=20
is in var/zProcessManager.pid

You should be able to send SIGTERM to the supervisor process, and it shou=
ld=20
pass it on to the server process. Ive only just discovered that:

a. The signal forwarding doesnt seem to work for me

b. The default stop script doesnt use this pid.