[ZODB-Dev] Daemon manager design issues

[Guido van Rossum]

> > I currently do this via the name of the unix domain socket used for
> > communication.
> 
> So where are you storing/expecting the sockets to reside?  I
> believe currently Zope/PCGI stores them in the var directory
> of each instance.

It's a command line argument.  It currently defaults to "zdsock" in
the current directory; perhaps I should put it in /tmp.  I'm making
sure the socket is created with mode 0700.

> The Filesystem Hierarchy Standard for Linux suggests /var/run:
> 
>    http://www.pathname.com/fhs/2.2/fhs-5.13.html
> 
> for storing transient UNIX-domain sockets that get cleared on
> each boot.

I'll leave that to a site policy; I like zdaemon.py to be usable by
non-root users too.  In practice, sties will have to write a brief
shell script for each process they are interested in that passes the
desired arguments to zdaemon.py.

> Or do you keep the sockets persistently across boots,
> to maintain instance identity, unlike the way PCGI works?

I don't understand this; I have no idea what PCGI does.  I have no
problem with clearing the socket on reboot, but it will be recreated
with the same name.

> One item of note is that /var/run *MUST* be non-writable by
> normal users or security suffers.  Will the Daemon Manager
> always run as root?

No.  What is the attack scenario you're guarding against?

> Persistent non-logging, non-spooled, non-user-manipulatable,
> boot-surviving per-app data should be kept in /var/lib/<appname>.
> 
>     http://www.pathname.com/fhs/2.2/fhs-5.8.html

That's a site policy again.  I note that Zope currently doesn't do it
this way.

> The permissions on the <appname> directory can be anything
> you want, which may be more suitable to Zope usage patterns.

Whatever.  I'm not fighting that fight. :-)

--Guido van Rossum (home page: http://www.python.org/~guido/)