Replacing inndstart
Alex Kiernan
alexk at demon.net
Mon Jan 6 09:38:51 UTC 2003
Russ Allbery <rra at stanford.edu> writes:
> Here's my latest toy. This is probably an INN 2.5 thing.
>
> The basic idea is one suggested by Andrew Gierth. In Unix, what is and
> isn't shared with child processes is a touch complicated, but works out in
> such a fashion that a parent can create a socket, fork a child, have the
> child do a bind, and then go back and listen in the parent and everything
> works, because the socket has an existence outside of either process.
>
> This provides an opportunity to *vastly* simplify how port binding is
> handled. If you look at the code for inndstart, most of the complexity
> comes from the fact that it's a wrapper around innd, and therefore has to
> parse command-line arguments, construct arguments to pass to innd, fiddle
> with the environment, have code to allow for a debugger to be run, and so
> forth. And in order to find innd, and to set up the environment properly,
> it has to parse inn.conf, with all of the code that entails. All in a
> setuid program.
>
> All we really need setuid for is the bind, though (see below for resource
> limits). So a different approach is to just write a simple setuid program
> that only does binds and nothing else, and hence doesn't have to parse any
> sort of configuration file. Then, rc.news can set up the environment for
> innd, and innd can just run that program to bind any low-numbered ports
> that it needs to bind.
>
> Furthermore, we can then use that same program for nnrpd in daemon mode,
> which should then not have to start as root.
>
This is so cool... we should also be able to get nnrpd auto-started as
a daemon correctly this way (as opposed to today where I use a foul
kludge on our production boxes).
> For the resource limits, I think this is better taken care of by putting
> ulimit calls into the sample init script that we provide and documenting
> that in the installation instructions. That lets us get rid of
> startinnfeed as well, and that's a more common way of solving that
> problem.
>
Works for me.
--
Alex Kiernan, Principal Engineer, Development, THUS plc
More information about the inn-workers
mailing list