Jim Jagielski wrote:
On Mar 15, 2007, at 9:36 AM, Mladen Turk wrote:
Jim Jagielski wrote:
Do we *really* want 0666 on these things? Wouldn't 0644 be better?
Of course. I just made that compile time enabled for faulty kernels.
I'll check if the 0644 works for flock.
It should... these are opened early enough and since
the fd's are shared, the subprocesses/threads should
still have access. Under Apache 1.3 we even have
them 0600 :)
Right, this is for shared descriptors. The patch does
not work unless you set umask(0), so it's actually 0666.
By default umask is 0022, so lock file was 0644 and the
open( O_RDWR) in child fails with EPERM.
Anyhow, this is for rare cases where there is a kernel bug
with shared files and flock, and disabled unless compiled
manually with -DJK_SHM_LOCK_REOPEN.
Of course this lowers the security of the system, cause
you have /tmp/jkshmlock.XXXXX file with -rw-rw-rw
Regards,
Mladen.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
