Well, there goes zLOG's MinimalLogger implementation.
The module name might be 'MinimalLogger', but everywhere else it is known as 'the stupid log'.
And stupid it is. But it's the only one we've got in the Zope core. :-(
(This only holds for log files owned by a root, right?)
No, I dont think ownership is relevant. Any log file which the zope process can overwrite it of little use in proving that your zope process has not been compromised.
Fair enough. But then why did you specifically refer to file descriptors?
Pidfiles too.
Currently it is common practice for Zope's 'stop' scripts to be run as root. We cant allow the pid files to be written by non-root users, otherwise those users could trick root into killing an arbitrary process.
The current design, for whatever reason, writes the pidfile as *late* as possible. That's often bugged me, because there's a failure mode where the process dies before the pidfile is written; zdaemon restarts it over and over (that's what prompted my zdaemon hack proposal), and the stop script won't stop it.
There is a trick here - it writes two pid files. One is written by the server process (as you point out, this one is written very late), the other is written by the supervisor process immediately after forking. By default this is in var/zProcessManager.pid
This is done by zdaemon, right? I think that ZEO at least disables this.
You should be able to send SIGTERM to the supervisor process, and it should pass it on to the server process. Ive only just discovered that:
a. The signal forwarding doesnt seem to work for me
b. The default stop script doesnt use this pid.
How typical. One problem here, as always, is that the conventions are undocumented, or at least not documented where I would look for the documentation. :-( --Guido van Rossum (home page: http://www.python.org/~guido/)