From nobody@FreeBSD.org  Mon Mar  2 15:40:58 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3A6D9106572D
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  2 Mar 2009 15:40:58 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 27C0D8FC25
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  2 Mar 2009 15:40:58 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n22Fevid072250
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 2 Mar 2009 15:40:57 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n22FeviW072249;
	Mon, 2 Mar 2009 15:40:57 GMT
	(envelope-from nobody)
Message-Id: <200903021540.n22FeviW072249@www.freebsd.org>
Date: Mon, 2 Mar 2009 15:40:57 GMT
From: Daniel Feenberg <feenberg@nber.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: dhcpd pid not stored in documented location
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         132260
>Category:       docs
>Synopsis:       dhcpd(8) pid not stored in documented location
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 02 15:50:01 UTC 2009
>Closed-Date:    Sat Dec 21 18:48:17 UTC 2013
>Last-Modified:  Sat Dec 21 18:48:17 UTC 2013
>Originator:     Daniel Feenberg
>Release:        7.0-RELEASE-p5
>Organization:
NBER
>Environment:
FreeBSD ldap.nber.org 7.0-RELEASE-p5 FreeBSD 7.0-RELEASE-p5 #0: Wed Oct  1 10:10:12 UTC 2008     root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
The man page for dhcpd in /usr/local/man/cat8 includes the sentence:

 >To restart dhcpd,  send  a  SIGTERM  (signal  15)  to  the
 >process  ID  contained in /var/run/dhcpd.pid, and then re-invoke dhcpd.

however the default location for dhcpd.pid seems to be:

  /var/run/dhcpd/dhcpd.pid

(note the added dhcpd directory).

Daniel Feenberg
NBER
>How-To-Repeat:
man dhcpd

  and look for "run" then 

ls -l /var/run/dhcpd
>Fix:
Either change the documentation or the default location. Personally I think the location is the problem. What is the point of a directory with only one file? The directory doesn't hold the other dhcpd files (leases).

>Release-Note:
>Audit-Trail:

From: Giorgos Keramidas <keramida@freebsd.org>
To: Daniel Feenberg <feenberg@nber.org>
Cc: bug-followup@freebsd.org
Subject: Re: docs/132260: dhcpd pid not stored in documented location
Date: Sat, 07 Mar 2009 04:38:12 +0200

 On Mon, 2 Mar 2009 15:40:57 GMT, Daniel Feenberg <feenberg@nber.org> wrote:
 >>Number:         132260
 >>Category:       docs
 >>Synopsis:       dhcpd pid not stored in documented location
 
 >>Description:
 > The man page for dhcpd in /usr/local/man/cat8 includes the sentence:
 >
 >    To restart dhcpd, send a SIGTERM (signal 15) to the process ID
 >    contained in /var/run/dhcpd.pid, and then re-invoke dhcpd.
 >
 > however the default location for dhcpd.pid seems to be:
 >
 >   /var/run/dhcpd/dhcpd.pid
 
 > Either change the documentation or the default location. Personally I
 > think the location is the problem. What is the point of a directory
 > with only one file? The directory doesn't hold the other dhcpd files
 > (leases).
 
 Hi Daniel,
 
 Which dhcpd port are you using?  There is no dhcpd in the base system,
 so it would be nice to patch the correct port.  Personally, I agree with
 you that the pidfile should be `/var/run/dhcpd.pid' and I can prepare a
 patch for the relevant port for review by our ports committers.
 

From: Daniel Feenberg <feenberg@nber.org>
To: Giorgos Keramidas <keramida@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: docs/132260: dhcpd pid not stored in documented location
Date: Sat, 7 Mar 2009 06:48:50 -0500 (EST)

 On Sat, 7 Mar 2009, Giorgos Keramidas wrote:
 
 > On Mon, 2 Mar 2009 15:40:57 GMT, Daniel Feenberg <feenberg@nber.org> wrote:
 >>> Number:         132260
 >>> Category:       docs
 >>> Synopsis:       dhcpd pid not stored in documented location
 >
 >>> Description:
 >> The man page for dhcpd in /usr/local/man/cat8 includes the sentence:
 >>
 >>    To restart dhcpd, send a SIGTERM (signal 15) to the process ID
 >>    contained in /var/run/dhcpd.pid, and then re-invoke dhcpd.
 >>
 >> however the default location for dhcpd.pid seems to be:
 >>
 >>   /var/run/dhcpd/dhcpd.pid
 >
 >> Either change the documentation or the default location. Personally I
 >> think the location is the problem. What is the point of a directory
 >> with only one file? The directory doesn't hold the other dhcpd files
 >> (leases).
 >
 > Hi Daniel,
 >
 > Which dhcpd port are you using?  There is no dhcpd in the base system,
 > so it would be nice to patch the correct port.  Personally, I agree with
 > you that the pidfile should be `/var/run/dhcpd.pid' and I can prepare a
 > patch for the relevant port for review by our ports committers.
 >
 
 
 I should have thought of that - here is the copyright line from the dhcpd
 we are using:
 
 ldap# dhcpd -v
 Internet Systems Consortium DHCP Server V3.0.5
 Copyright 2004-2006 Internet Systems Consortium.
 
 
 Daniel Feenberg

From: Josh Paetzel <jpaetzel@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc: Giorgos Keramidas <keramida@freebsd.org>,
 feenberg@nber.org
Subject: Re: docs/132260: dhcpd(8) pid not stored in documented location
Date: Thu, 22 Oct 2009 12:13:53 -0500

 The reason that it puts the pidfile in /var/run/dhcpd is that you are  
 running with either paranoia or chmodded as the dhcpd user.  In either  
 case it can't write to /var/run as it starts up as the dhcpd user.
 
 If you look at the ownership of /var/run/dhcpd you'll see it is owned  
 by dhcpd:dhcpd
 
 If you run as root, or without paranoia it will in fact create the  
 pidfile in /var/run/
 
 I suppose we could patch the man pages depending on the compilation  
 options or something.
 
 Thanks,
 
 Josh Paetzel
 
 
 
 

From: Daniel Feenberg <feenberg@nber.org>
To: Josh Paetzel <jpaetzel@FreeBSD.org>
Cc: bug-followup@FreeBSD.org, Giorgos Keramidas <keramida@FreeBSD.org>
Subject: Re: docs/132260: dhcpd(8) pid not stored in documented location
Date: Thu, 22 Oct 2009 14:43:03 -0400 (EDT)

 On Thu, 22 Oct 2009, Josh Paetzel wrote:
 
 > The reason that it puts the pidfile in /var/run/dhcpd is that you are running 
 > with either paranoia or chmodded as the dhcpd user.  In either case it can't 
 > write to /var/run as it starts up as the dhcpd user.
 
 If you say so.
 
 >
 > If you look at the ownership of /var/run/dhcpd you'll see it is owned by 
 > dhcpd:dhcpd
 
 Yes
 
 >
 > If you run as root, or without paranoia it will in fact create the pidfile in 
 > /var/run/
 
 I do run dhcpd as root and without paranoia, so I question this claim. If 
 the daemon changes its uid for security purposes, I have no objection 
 (although there is no mention of this on the man page) but why not fill in 
 /var/run as documented before dropping priviledges?
 
 >
 > I suppose we could patch the man pages depending on the compilation options 
 > or something.
 >
 
 No need for anything so elaborate. You could just add a fourth file path 
 to the list of files used.
 
 Thanks for having a look. It isn't a big deal and I thought I was helping.
 
 Daniel Feenberg
 
 
 > Thanks,
 >
 > Josh Paetzel
 >
 >
 >

From: Josh Paetzel <jpaetzel@FreeBSD.org>
To: Daniel Feenberg <feenberg@nber.org>
Cc: bug-followup@FreeBSD.org,
 Giorgos Keramidas <keramida@FreeBSD.org>
Subject: Re: docs/132260: dhcpd(8) pid not stored in documented location
Date: Thu, 22 Oct 2009 14:33:42 -0500

 On Oct 22, 2009, at 1:43 PM, Daniel Feenberg wrote:
 
 >
 >
 > On Thu, 22 Oct 2009, Josh Paetzel wrote:
 >
 >> The reason that it puts the pidfile in /var/run/dhcpd is that you  
 >> are running with either paranoia or chmodded as the dhcpd user.  In  
 >> either case it can't write to /var/run as it starts up as the dhcpd  
 >> user.
 >
 > If you say so.
 >
 >>
 >> If you look at the ownership of /var/run/dhcpd you'll see it is  
 >> owned by dhcpd:dhcpd
 >
 > Yes
 >
 >>
 >> If you run as root, or without paranoia it will in fact create the  
 >> pidfile in /var/run/
 >
 > I do run dhcpd as root and without paranoia, so I question this  
 > claim. If the daemon changes its uid for security purposes, I have  
 > no objection (although there is no mention of this on the man page)  
 > but why not fill in /var/run as documented before dropping  
 > priviledges?
 >
 
  >ls -lah /var/run/dhcpd.pid
 -rw-r--r--  1 root  wheel     6B Oct 22 12:18 /var/run/dhcpd.pid
 
 The FreeBSD version of ISC-DHCP is heavily patched.   The man page is  
 straight from ISC, so it doesn't cover a lot of things, for instance  
 the mangling that is done to run in a jail.  I haven't had a chance to  
 fully analyze the startup script (which is also FreeBSD specific of  
 course)  I suspect that the reason /var/run/dhcpd.pid isn't always  
 used is there is code being shared that concerns the chroot option.   
 It could be that the use case you are encountering is a bug, maybe it  
 should be writing to /var/run/dhcpd.pid and it isn't by mistake.
 
 
 >>
 >> I suppose we could patch the man pages depending on the compilation  
 >> options or something.
 >>
 >
 > No need for anything so elaborate. You could just add a fourth file  
 > path to the list of files used.
 >
 > Thanks for having a look. It isn't a big deal and I thought I was  
 > helping.
 >
 > Daniel Feenberg
 >
 >
 
 Getting the path correct depends on compile time options.  If you  
 select PARANOIA from the menu when you build this port (which is the  
 default) (or use the package) it will use /var/run/dhcpd/dhcpd.conf
 
 Could you provide me with the output of cat /var/db/ports/isc-dhcp30- 
 server/options please?  If you are using a package there won't be an  
 options file.  I'd also be interested in whatever settings you have  
 in /etc/rc.conf that are relevant to the dhcpd so I can try and  
 duplicate this locally.
 
 Clearly the documentation does not match actual behavior in some  
 instances.  I'd like to fix that, and I appreciate you pointing it out.
 
 Thanks,
 
 Josh Paetzel
 
 
 
 

From: Daniel Feenberg <feenberg@nber.org>
To: Josh Paetzel <jpaetzel@FreeBSD.org>
Cc: bug-followup@FreeBSD.org, Giorgos Keramidas <keramida@FreeBSD.org>
Subject: Re: docs/132260: dhcpd(8) pid not stored in documented location
Date: Thu, 22 Oct 2009 18:37:13 -0400 (EDT)

 I think I will drop out of this discussion now, as it seems likely to go 
 over my head, and we are upgrading to 8.0 next month, and I never meant to 
 make trouble. If paranoia was the default, then I expect it was set for 
 our installation - I wasn't aware of that. I thought there was a minor 
 documentation slip, and thought it would be useful to file a report. I am 
 not qualified to do much more than that, although I do wonder at the 
 desirability of accepting patches to the code without requiring equivalent 
 patches to the documentation.
 
 Sorry for butting in on matters I don't understand.
 
 Daniel Feenberg
 
 On Thu, 22 Oct 2009, Josh Paetzel wrote:
 
 >
 > On Oct 22, 2009, at 1:43 PM, Daniel Feenberg wrote:
 >
 >> 
 >> 
 >> On Thu, 22 Oct 2009, Josh Paetzel wrote:
 >> 
 >>> The reason that it puts the pidfile in /var/run/dhcpd is that you are 
 >>> running with either paranoia or chmodded as the dhcpd user.  In either 
 >>> case it can't write to /var/run as it starts up as the dhcpd user.
 >> 
 >> If you say so.
 >> 
 >>> 
 >>> If you look at the ownership of /var/run/dhcpd you'll see it is owned by 
 >>> dhcpd:dhcpd
 >> 
 >> Yes
 >> 
 >>> 
 >>> If you run as root, or without paranoia it will in fact create the pidfile 
 >>> in /var/run/
 >> 
 >> I do run dhcpd as root and without paranoia, so I question this claim. If 
 >> the daemon changes its uid for security purposes, I have no objection 
 >> (although there is no mention of this on the man page) but why not fill in 
 >> /var/run as documented before dropping priviledges?
 >> 
 >
 >> ls -lah /var/run/dhcpd.pid
 > -rw-r--r--  1 root  wheel     6B Oct 22 12:18 /var/run/dhcpd.pid
 >
 > The FreeBSD version of ISC-DHCP is heavily patched.   The man page is 
 > straight from ISC, so it doesn't cover a lot of things, for instance the 
 > mangling that is done to run in a jail.  I haven't had a chance to fully 
 > analyze the startup script (which is also FreeBSD specific of course)  I 
 > suspect that the reason /var/run/dhcpd.pid isn't always used is there is code 
 > being shared that concerns the chroot option.  It could be that the use case 
 > you are encountering is a bug, maybe it should be writing to 
 > /var/run/dhcpd.pid and it isn't by mistake.
 >
 >
 >>> 
 >>> I suppose we could patch the man pages depending on the compilation 
 >>> options or something.
 >>> 
 >> 
 >> No need for anything so elaborate. You could just add a fourth file path to 
 >> the list of files used.
 >> 
 >> Thanks for having a look. It isn't a big deal and I thought I was helping.
 >> 
 >> Daniel Feenberg
 >> 
 >> 
 >
 > Getting the path correct depends on compile time options.  If you select 
 > PARANOIA from the menu when you build this port (which is the default) (or 
 > use the package) it will use /var/run/dhcpd/dhcpd.conf
 >
 > Could you provide me with the output of cat 
 > /var/db/ports/isc-dhcp30-server/options please?  If you are using a package 
 > there won't be an options file.  I'd also be interested in whatever settings 
 > you have in /etc/rc.conf that are relevant to the dhcpd so I can try and 
 > duplicate this locally.
 >
 > Clearly the documentation does not match actual behavior in some instances. 
 > I'd like to fix that, and I appreciate you pointing it out.
 >
 > Thanks,
 >
 > Josh Paetzel
 >
 >
 >
State-Changed-From-To: open->closed 
State-Changed-By: crees 
State-Changed-When: Sat Dec 21 18:48:16 UTC 2013 
State-Changed-Why:  
Numerous ports store pidfiles inside directories created in /var/run, as 
Josh points out usually due to unprivileged running.  This is not at all 
isolated to this port. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=132260 
>Unformatted:
