[Chilli] uid and gid not working

David Bird david at coova.com
Mon May 3 06:52:12 UTC 2010


Hi Daniel, See the subversion repo for some changes with regard to
uid/gid handling. Chilli will chown() the config.bin file
appropriately. 

On Fri, 2010-04-30 at 09:33 +0200, David Bird wrote:
> Thanks, will review before putting out 1.2.3. 
> 
> The use of the binary configuration file comes from the desire to split
> off the "parsing and resolving" of the configuration file from the main
> chilli server. Previously, when chilli re-read it's configuration
> (either from HUP or --interval), it would stall the main loop (meaning,
> all traffic stops) while rereading the configuration - which involves
> DNS lookups, etc. Now, chilli server kicks off the command line util
> chilli_opt for configuration file parsing, resolving, and writing to a
> binary file, which chilli server (and other chilli_* servers) can reread
> with no waiting. It is also possible to run chilli_opt yourself and give
> chilli the SIGUSR1 to have it reread the binary configuration. 
> 
> David
> 
> On Thu, 2010-04-29 at 08:40 +0200, Daniel Berteaud wrote:
> > Hi.
> > 
> > I use coova-chilli 1.0.13 on my server, with uid and gid options to
> > limit the privileges (I'm not very found of publically accessible
> > daemons with root privileges). It's working, even if I get the following
> > message in the log when I start chilli:
> > 
> > coova-chilli[11928]: chilli.c: 3766: 1 (Operation not permitted)
> > setgid(460) failed while running with gid = 0
> > 
> > So it seems that droping uid works but not gid
> > 
> > I've tried with coova-chilli 1.2.2, but now uid and gid don't work at
> > all because chilli generate the binary configuration in /tmp/chilli-XXX
> > and this directory is 700 root:root
> > 
> > Are the uid/gid options not supported anymore ?
> > 
> > And why chilli now uses this binary config file in /tmp ?
> > 
> > Regards, Daniel
> > 
> 
> 
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli




More information about the Chilli mailing list