Configuration.txt in kennethkalmer-daemon-kit-0.1.7.9 vs Configuration.txt in kennethkalmer-daemon-kit-0.1.7.10

- old
+ new

@@ -55,5 +55,56 @@ --config force_kill_wait=30 This happens after <em>config/environment.rb</em> is processed, so all command line arguments will overwrite those values. + +=== Daemon umask + +By default daemon processes run with a umask of 022, but this can be changed +on the command line or in +config/environment.rb+. + +To set a more restrictive umask via command line arguments, you can start your +daemon like this: + + $ ./bin/daemon start --config umask=0077 + +Or the same in +config/environment.rb+ + + DaemonKit::Initializer.run do |config| + # ... + + # restrictive umask + config.umask = 0077 + + # ... + end + +=== Privilege Separation + +By default daemon processes run as the user that starts them, inheriting all +their privileges (or lack thereof). Getting daemon-kit to drop privileges +can currently only be done using command-line parameters, and only works +reliable on *nix (OSX seemed cranky at the time of testing). + + $ ./bin/daemon start --config user=nobody --config group=nobody + +Privileges are dropped at the earliest possible phase of starting the daemon. + +Things to note on privilege separation: + +* You generally have to be root to be able to perform this +* File system permissions for +log/+ needs to be correct +* Daemon-kit will only shed privileges on the +start+ command, not on +run+ +* Make sure your code is secure if accepting stuff from the outside world +* The daemon will continue to run if it failed, this is because the feature is experimental and could change in the future. +* The damon logs the reduced privileges in the log file shortly after booting, please check it carefully + +The implementation stems from the advice given by Joe Damato on his blog post +http://timetobleed.com/tag/privilege-escalation/ + +IMPORTANT NOTE FOR OSX USERS: + +Testing on my iBook with OSX 10.5.8 using Ruby 1.8.6-p287 failed to drop +privileges correctly because of the 'nobody' user's UID being too large +(Bignum), however testing with Ruby 1.9.1-p129 on OSX 10.5.8 did work as +expected.