[Dnsmasq-discuss] Problems with dnsmasq pid file

Simon Kelley simon at thekelleys.org.uk
Mon Mar 9 16:13:10 GMT 2009 

Oliver Metz wrote:
> Hi.
> 
> We are using dnsmasq on an embedded system (router, linux 2.6.19.2, uClibc-0.9.29). There is a problem with the pid file:
> # ls -al /var/run/dnsmasq.pid
> -rw-r--r--    1 root     root            5 Mar  9 00:02 /var/run/dnsmasq.pid
> 
> Although we are running dnsmasq with user nobody the pid file is created as root. Perhaps you can guess what happens on TERM signal:
> unlink("/var/run/dnsmasq.pid")          = -1 EACCES (Permission denied)
> 
> Do you have a solution for this?
> 

There is a solution.

The problem is not the permissions on the PID file, what matters for 
unlink() is the permission on the _directory_ (ie /var/run).

Clearly the only way to delete a file from /var/run is to be root, and 
dnsmasq doesn't run as root deliberately, for security reasons. It used 
to be that dnsmasq didn't even try to delete the PID file. Instead the 
start/stop script (which is running as root) did the deletion.

It became necessary to have dnsmasq delete the PID-file on Debian and 
Ubuntu, since the Debian/Ubuntu dnsmasq package now supports "fast 
shutdown" where the daemon is sent SIGTERM, but no start/stop script 
runs. To do that the unlink() call was added. To make this work, it's 
necessary to do the following.

1) Create a directory (say /var/run/dnsmasq)

2) Change ownership of /var/run/dnsmasq to the user dnsmasq will run as, 
either "nobody" or (much better) a unique system userid. Make it 
owner-writable.

3) Tell dnsmasq to store the PID file in /var/run/dnsmasq/dnsmasq.pid 
with a command-line or configuration option. If using a system user-id, 
tell dnsmasq to use that in the same way.

4) Make sure that the start/stop script is using the same location as 
the place where it expects to find the pid-file.

Note that the actual PID-file will still be owned by root: that doesn't 
matter, the important thing is the ownership of the directory 
/var/run/dnsmasq. Beware that on some systems /var/run gets cleared over 
a reboot, so the startup script may have to recreate the directory each 
time dnsmasq is started.


HTH

Simon.

More information about the Dnsmasq-discuss mailing list