http://blog.lighttpd.net/articles/tag/angel en-us 40 <p>In <a href="http://trac.lighttpd.net/trac/changeset/1981">changeset [1981]</a> I added a angel process to the lighttpd build. It solves several problems when we have everything running as expected:</p> <ul> <li><span class="caps">SIGHUP</span> leads to a graceful restart (config reloads)</li> <li><span class="caps">SIGINT</span> is graceful shutdown as now</li> <li>all unhandled signals lead to a restart of the lighttpd process</li> </ul> <p>We have to be careful with the angel as it will stay alive and stay running as the user it is started as (usually root). That&#8217;s the only way we can restart lighttpd from scratch on restart.</p> <p>This will also solve other problems in 1.5.0:</p> <ul> <li><a href="http://trac.lighttpd.net/trac/ticket/1271">bug #1271, unsafe logfiles</a></li> <li>... and perhaps others</li> </ul> <p>The angel has to implement some security measures to stay clean:</p> <ul> <li>the angel can only start the lighttpd binary which is compiled into the angel at compile time</li> <li>if run as root the starting user has to be root too or be in the same group as the owner of the lighttpd binary</li> <li>... and perhaps more restrictions</li> </ul> <p>As extra features we will add ulimit support to let lighttpd die in case it is using to much memory. But that&#8217;s for later.</p> Sun, 02 Sep 2007 22:36:00 +0000 urn:uuid:e0c50ba0-763d-4ab4-af0e-bf7ef161f803 jan http://blog.lighttpd.net/articles/2007/09/02/there-is-an-angel-for-lighty lighttpd angel http://blog.lighttpd.net/articles/trackback/4739