[Chilli] uid and gid not working
david at coova.com
Fri Apr 30 07:33:06 UTC 2010
Thanks, will review before putting out 1.2.3.
The use of the binary configuration file comes from the desire to split
off the "parsing and resolving" of the configuration file from the main
chilli server. Previously, when chilli re-read it's configuration
(either from HUP or --interval), it would stall the main loop (meaning,
all traffic stops) while rereading the configuration - which involves
DNS lookups, etc. Now, chilli server kicks off the command line util
chilli_opt for configuration file parsing, resolving, and writing to a
binary file, which chilli server (and other chilli_* servers) can reread
with no waiting. It is also possible to run chilli_opt yourself and give
chilli the SIGUSR1 to have it reread the binary configuration.
On Thu, 2010-04-29 at 08:40 +0200, Daniel Berteaud wrote:
> I use coova-chilli 1.0.13 on my server, with uid and gid options to
> limit the privileges (I'm not very found of publically accessible
> daemons with root privileges). It's working, even if I get the following
> message in the log when I start chilli:
> coova-chilli: chilli.c: 3766: 1 (Operation not permitted)
> setgid(460) failed while running with gid = 0
> So it seems that droping uid works but not gid
> I've tried with coova-chilli 1.2.2, but now uid and gid don't work at
> all because chilli generate the binary configuration in /tmp/chilli-XXX
> and this directory is 700 root:root
> Are the uid/gid options not supported anymore ?
> And why chilli now uses this binary config file in /tmp ?
> Regards, Daniel
More information about the Chilli