[Zope-dev] Re: [ZODB-Dev] ZEO signal feature

[Guido van Rossum]

> > Well, there goes zLOG's MinimalLogger implementation.
> 
> The module name might be 'MinimalLogger', but everywhere else it is
> known as 'the stupid log'.

And stupid it is.  But it's the only one we've got in the Zope core. :-(

> > (This only holds for log files owned by a root, right?)
> 
> No, I dont think ownership is relevant. Any log file which the zope
> process can overwrite it of little use in proving that your zope
> process has not been compromised.

Fair enough.  But then why did you specifically refer to file
descriptors?

> > > > Pidfiles too.
> > >
> > > Currently it is common practice for Zope's 'stop' scripts to be run
> > > as root.  We cant allow the pid files to be written by non-root
> > > users, otherwise those users could trick root into killing an
> > > arbitrary process.
> >
> > The current design, for whatever reason, writes the pidfile as *late*
> > as possible.  That's often bugged me, because there's a failure mode
> > where the process dies before the pidfile is written; zdaemon restarts
> > it over and over (that's what prompted my zdaemon hack proposal), and
> > the stop script won't stop it.
> 
> There is a trick here - it writes two pid files. One is written by
> the server process (as you point out, this one is written very
> late), the other is written by the supervisor process immediately
> after forking. By default this is in var/zProcessManager.pid

This is done by zdaemon, right?  I think that ZEO at least disables
this.

> You should be able to send SIGTERM to the supervisor process, and it
> should pass it on to the server process. Ive only just discovered
> that:
> 
> a. The signal forwarding doesnt seem to work for me
> 
> b. The default stop script doesnt use this pid.

How typical.

One problem here, as always, is that the conventions are undocumented,
or at least not documented where I would look for the
documentation. :-(

--Guido van Rossum (home page: http://www.python.org/~guido/)