There is an Angel for lighty

There is an Angel for lighty 3

Posted by jan Sun, 02 Sep 2007 20:36:00 GMT

In changeset [1981] I added a angel process to the lighttpd build. It solves several problems when we have everything running as expected:

SIGHUP leads to a graceful restart (config reloads)
SIGINT is graceful shutdown as now
all unhandled signals lead to a restart of the lighttpd process

We have to be careful with the angel as it will stay alive and stay running as the user it is started as (usually root). That’s the only way we can restart lighttpd from scratch on restart.

This will also solve other problems in 1.5.0:

bug #1271, unsafe logfiles
... and perhaps others

The angel has to implement some security measures to stay clean:

the angel can only start the lighttpd binary which is compiled into the angel at compile time
if run as root the starting user has to be root too or be in the same group as the owner of the lighttpd binary
... and perhaps more restrictions

As extra features we will add ulimit support to let lighttpd die in case it is using to much memory. But that’s for later.

Posted in lighttpd
Tags angel
Meta no trackbacks, 3 comments, permalink, rss, atom

Trackbacks

Use the following link to trackback from your own site:
http://blog.lighttpd.net/articles/trackback/4739

Comments

Leave a response

alexander Mon, 03 Sep 2007 05:17:20 GMT

Excellent, Jan!!
hangy Mon, 03 Sep 2007 05:24:35 GMT

Do I understand it correctly, that the angel process is a small program just there to manage the lighty-process? Sounds cool. :)
moo Mon, 03 Sep 2007 09:04:49 GMT

yep, that's cool, and was what i think of all the time

lighty's life