On 09/05/2017 05:38 PM, Ryan Tandy wrote:
If you would like to propose a patch, we could review that. For myself I don't think I would attach a high priority to this.
I understand that it's a low priority, I'm just trying to clean up the hundred or so cases of this that we have in Gentoo. In a few, it's impossible to do so because of the way the daemon creates the PID file (like it is here), so I'm doing bugs/CVEs to keep track of them. This way that distribution maintainers have something to watch and will know when they can fix their init scripts.
Howard pointed out on IRC that if the directory containing the pid file is sticky, making it owned by root means slapd can no longer remove it on exit. I'm not sure how common that is but it's a setup that works right now.
Typically the PID file would go directly in /run (or /var/run) and be owned by root. That means that you can't clean it up when the daemon exits, but no one expects a daemon to do that.
Practically, the PID file exists solely for the benefit of init systems. Given the choice between,
1. How do I determine if I can trust the contents of this file owned by an untrusted user?
2. How do I remove the PID file after killing the daemon?
the second is much easier to do. The first is next to impossible to get right; so if we have to pick one, that's the way to go IMO.