Hi Faidon! > For future bug reports, please note that it's helpful to keep each issue > in a separate bug report that can be responded to and fixed > independently -- even if that means more bug reports for me to deal > with! :) Yes, perfectly understandable, I'll do that. Thanks for pointing it out. :)
> This sounds like a bug in systemd and should probably be addressed
> there. Do you know which versions are affected and/or do have a
> reference to that flaw?
A colleague of mine reported the bug, I'll ask him for a reference. I was only
aware of it because he mentioned it while we tried to streamline the unit file
of radsecproxy.
> As far as radsecproxy's unit goes, I think actually the right solution
> would be to avoid daemonization altogether and switch to Type=simple.
> I've experimented with that, but unfortunately, there are some nasty
> side effects with radsecproxy's -f (foreground) option with regards to
> logging. I've already raised that with Linus (upstream), as the first
> step.
We tried that but also weren't very successful. Running it as Type=forking is
no problem whatsoever because it won't spawn other processes with other PIDs.
In our production scenarios, omitting the PID file creation works flawlessly. I
agree with you that, at the end of the day, this problem should be fixed in
systemd. I'll test today whether this bug exists in the systemd that ships with
Debian 9.1. I'll come back to you with the results.
> That's a good point! I don't know how I've missed this. I'll have a look
> at doing this in the next upload.
Thanks, that sounds good. I looked at the init script, maybe this patch will
help:
--------8<--------8<--------8<--------8<--------8<--------
--- init.d.old 2017-08-23 08:11:33.238478309 +0200
+++ init.d 2017-08-23 08:16:16.778475605 +0200
@@ -15,6 +15,7 @@
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/radsecproxy
NAME="radsecproxy"
+USER="radsecproxy"
DESC="RadSec proxy"
PIDFILE=/run/$NAME.pid
@@ -36,7 +37,7 @@
fi
log_daemon_msg "Starting $DESC" "$NAME"
start-stop-daemon --start --quiet --pidfile $PIDFILE \
- --exec $DAEMON -- $DAEMON_OPTS
+ -c $USER --exec $DAEMON -- $DAEMON_OPTS
log_end_msg $?
;;
stop)
--------8<--------8<--------8<--------8<--------8<--------
I don't know if there're any other places in the source package where this has
to be addressed. At least I didn't seem to find more than the unit file and the
init script.
> If your goal is to build a backport for an older Debian version, you can
> either downgrade the dependency in your backport yourself, or even
> better, just install debhelper 10, a build-time only dependency, in your
> older system. 10.2.5 is available in jessie-backports, precisely because
> a lot of newer packages need newer version of debhelper.
Ok, thanks for the hint.
Cheers,
Christian
--
Dipl.-Math. Christian Strauf
Clausthal Univ. of Technology E-Mail: str...@rz.tu-clausthal.de
Rechenzentrum Web: www.rz.tu-clausthal.de
Erzstraße 18 Tel.: +49-5323-72-2086 Fax: -992086
D-38678 Clausthal-Zellerfeld
smime.p7s
Description: S/MIME cryptographic signature
