Forum OpenACS Q&A: inittab and daemontools in Intsall Documentation

Is inittab documentation going to be removed from the install documentation in favor of daemontools? Currently inittab setup is included in the OpenACS 4.6 Documentation however, I could not find it in Joel's OpenACS 4.6.2 Install Guide. This was discussed in this post, however, it seems no conclusion was reached. If possible, I would like to see the instructions for inittab stay in the documentation.

Assuming AOLserver started cleanly in the previous step, we'll 
set it up so that it's always running, and automatically restarts 
whenever it dies or is stopped. This step is strongly recommended, 
even for development sites, because it makes install and maintenance 
much simpler.

The Reference Platform uses Daemontools to control AOLserver. 
A simpler method, using init, is here

My reasoning was that 1) we should only document one approach in the main flow of the documentation, 2) the community seems pretty evenly split on which to use, 3) daemontools is more functional (appropriate for other programs, finer control). If it's too hard to find, please tell me how better to link it or place it. If there is demand to swap them so that inittab is in the main flow and daemontools is the alternate method, I can do that too.

Working with supervise at Collaboraid on the other hand I have had *tremendeous* difficulties and frustrations. It turns out the approach is extremely sensitive to the permission in your source tree and when there is a failure it is a silent one that is hard to diagnose. If Lars hadn't been there to help me out I think I would have abandoned the approach altogether.

Therefore, I'm not sure I would recommend supervise to a beginner on a development box, unless there are some really fool proof instructions around for how to set it up. AFAIK we don't currently have those.

The permission problem Peter talks about does not depend on how AOLServer was started (inittab or daemontool) but on the user as which it's running. My guess is that at ArsDigita they ran AOLServer as root (bad!) and at Collaboraid they ran it as a regular user. I'm only guessing here since ArsDigita had documentation on how to run it on a chroot environment (which I did once, but it was more painful than useful). One last thing, "init q" requires root priviledges, restarts init (unnecessary), and is also used for changing run-levels. If you setuid root init you're asking for trouble. On the other hand, "svc" does only one thing (restarts services) and even though it requires root priviledges it isn't as dangerous or prone to misuse as init. If you use the restart-aolserver script setuid root you limit the damage a regular user can do.

Daemontools is *very* simple to install and it comes as a package in most Operating Systems, in fact, it *works* in all operating systems. Inittab is a System V specific feature which is not available in the BSD's. I think the more generic approach is the daemontools approach.

Anyway, after all the blurb, here's the script:

---- cut here ----
#!/usr/bin/suidperl -Tw

use POSIX qw(strftime);

$LOGFILE = "/var/log/restart-aolserver.log";

$ENV{'PATH'} = "";

if ($#ARGV < 0) {
        print "usage: restart-aolserver <service_name>\n";
        exit(1);
}

if ( ! -d "/service/web-$ARGV[0]" ) {
        print "$ARGV[0]: service does not exist\n";
        exit(1);
}

$user = (getpwuid($<))[0];
$timestamp = strftime "%Y-%m-%d %H:%M:%S", localtime;

open(LOG, ">>$LOGFILE") || die "Could not open LogFile";
print LOG $timestamp, "\t", $user, " restarted ", $ARGV[0], "\n";
close(LOG);

print "restarting $ARGV[0]...";
system ("/usr/local/bin/svc", "-t", "/service/web-$ARGV[0]");
print "done.\n";
---- cut here ----

Regards.

However, you can currently set the primary group of a user to 'root', and then AOLserver will run with the group set to 'root'. Are there any problems with this? I have a patch for AOLserver that disallows this, and also allows only valid groups the user is in, but I have yet to submit it.

Joel, Thank you for your response. When I was reading through your install documentation I missed your link as I was used to seeing both methods on the same page as in the OpenACS4.6 Documentation. The link that you provide addressed my question/request.