1 |
Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
2 |
> On 07/10/2015 18:27, Grant wrote: |
3 |
>> I have to chown munin:nginx and chmod g+x on directory /run/munin/ |
4 |
>> after every reboot. The munin list suggests altering the initscript |
5 |
>> but is there a better way? |
6 |
> |
7 |
> There are ways, but I wouldn't call them better. |
8 |
|
9 |
The way to do it nowadays would be by placing a file with the content |
10 |
d /run/munin 0775 munin nginx |
11 |
into /usr/lib/tmpfiles.d (if done by the distribution) or into |
12 |
/etc/tmpfiles.d (if this is only needed for your special setup). |
13 |
|
14 |
> /run is often a tmpfs so the dir has to be mkdir'ed somehow after reboot |
15 |
> anyway. The initscript is the perfect place to do it. |
16 |
|
17 |
No, it is not the perfect place, because such a thing would |
18 |
be strange to do if e.g. the initscript is restarted or |
19 |
started only very late for some reasons (possibly hours |
20 |
after the system start, if munin is not needed immediately.) |
21 |
(OK, in /run it is not a security risk, but in world-writable |
22 |
directories there exist symlink attacks or other bad things |
23 |
if you create dirs/files too late and with a predictable name. |
24 |
For dirs, it might be possible if you are *very* careful, |
25 |
but the obvious "mkdir ...; chown ...; chmod ..." would be a |
26 |
horrible security failure.) |
27 |
|
28 |
Moreover, it is an init-system specific solution |
29 |
while you can have a general solution. |
30 |
Meanwhile, at least openrc and systemd both support the |
31 |
tmpfiles.d subdirectories; I do not know the state of |
32 |
other init-systems, but it is not hard to extend any |
33 |
init-system of your choice to support these directories. |
34 |
In any case, they are more compatible than a solution |
35 |
which works with only *one* init-system. |