Package: bacula-director-common
Version: 3.0.3-1
Severity: normal
Tags: patch
if bacula-director is started as root with options "-u bacula -g bacula", it
will drop permissions near startup, however many of the /proc/$pid files
will continue to be owned by root (as that was UID that started the
process), which will break bacula-director internal functionality to produce
backtrace using gdb if it crashes, that is /var/lib/bacula/*.traceback files
will contain errors like:
ptrace: Operation not permitted.
/var/lib/bacula/25734: No such file or directory.
$1 = 0
/etc/bacula/scripts/btraceback.gdb:2: Error in sourced command file:
No symbol table is loaded. Use the "file" command.
instead of traceback which could be used to find bug.
If however bacula is started as user bacula and group bacula (by using
start-stop-daemon functionality), the permissions on /proc/$pid are set
correctly to user bacula and group bacula, and ptrace(2) works.
Attached is a simple patch which modifies startup scripts for
bacula-director (and bacula-sd) in that way, so ptrace(2) would work if
needed.
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-bpo.1-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages bacula-director-common depends on:
ii adduser 3.110 add and remove users and groups
ii bacula-common 3.0.3-1 network backup, recovery and verif
ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent
ii debconf [debconf-2 1.5.24 Debian configuration management sy
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libssl0.9.8 0.9.8g-15+lenny5 SSL shared libraries
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii libwrap0 7.6.q-16 Wietse Venema's TCP wrappers libra
ii mailx 1:20071201-3 Transitional package for mailx ren
bacula-director-common recommends no packages.
bacula-director-common suggests no packages.
-- no debconf information
--- debian/bacula-director-common.bacula-director.init~ 2009-11-14
10:39:28.000000000 +0100
+++ debian/bacula-director-common.bacula-director.init 2009-11-14
10:39:28.000000000 +0100
@@ -19,7 +19,7 @@
NAME="bacula-dir"
PORT=9101
DESC="Bacula Director"
-ARGS="-c /etc/bacula/bacula-dir.conf -u bacula -g bacula"
+ARGS="-c /etc/bacula/bacula-dir.conf"
test -f $DAEMON || exit 0
@@ -54,7 +54,7 @@
# do_start()
do_start()
{
- start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ start-stop-daemon -c bacula:bacula --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $ARGS
}
@@ -62,7 +62,7 @@
do_stop()
{
get_pid $PIDFILE ;
- start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
+ start-stop-daemon -c bacula:bacula --oknodo --stop --quiet --pidfile
$PIDFILE \
--exec $DAEMON
# make sure daemon is stopped/killed
if [ -n "$pid" ]; then
--- debian/bacula-sd.init~ 2009-11-14 10:39:33.000000000 +0100
+++ debian/bacula-sd.init 2009-11-14 10:39:33.000000000 +0100
@@ -18,7 +18,7 @@
NAME="bacula-sd"
PORT=9103
DESC="Bacula Storage daemon"
-ARGS="-c /etc/bacula/bacula-sd.conf -u bacula -g tape"
+ARGS="-c /etc/bacula/bacula-sd.conf"
test -f $DAEMON || exit 0
@@ -41,23 +41,23 @@
fi
echo -n "Starting $DESC: "
- start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ start-stop-daemon -c bacula:tape --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $ARGS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
- start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
+ start-stop-daemon -c bacula:tape --oknodo --stop --quiet --pidfile
$PIDFILE \
--exec $DAEMON -- $ARGS
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
- start-stop-daemon --stop --quiet --pidfile $PIDFILE \
+ start-stop-daemon -c bacula:tape --stop --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $ARGS
sleep 1
- start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ start-stop-daemon -c bacula:tape --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $ARGS
echo "$NAME."
;;
