62

On Ubuntu:

touch: cannot touch `/var/run/test.pid': Permission denied

I am starting start-stop-daemon and like to write the PID file in /var/run start-stop-daemon is run as my-program-user

/var/run setting is drwxr-xr-x  9 root  root

I like to avoid putting my-program-user in the root group.

mhucka
  • 669
  • 4
  • 10
  • 21
s5804
  • 745
  • 1
  • 6
  • 8

6 Answers6

88

By default, you can only write to /var/run as a user with an effective user ID of 0 (ie as root). This is for good reasons, so whatever you do, don't go and change the permissions of /var/run... Instead, as root, create a directory under /var/run:

# mkdir /var/run/mydaemon

Then change its ownership to the user/group under which you wish to run your process:

# chown myuser:myuser /var/run/mydaemon

Now specify to use /var/run/mydaemon rather than /var/run.

You can always test this by running a test as the user in question.

upasaka
  • 1,365
  • 9
  • 6
  • 9
    This worked fine for me but when I restarted my server then the `/var/run/mydaemon` directory was gone. – myborobudur May 15 '14 at 14:22
  • 24
    This is not a complete answer, /var/run is tmpfs by default on Ubuntu. Each time the server is started up the mkdir and chown command need to be re-run. – Tim Feb 23 '15 at 07:31
  • 1
    @Tim how about [edit]ing the answer and complete it? – kaiser Mar 02 '16 at 20:29
  • If you're dealing with daemon then a clean solution would be to add the path /var/run/mydaemon to the systemd unit file as described [here](https://serverfault.com/a/779648/221801). An easier hacky solution would be to add the mkdir and chown commands to the init.d script (if one exists) – odedfos May 06 '18 at 12:22
  • 1
    A better extensive answer is here: https://superuser.com/a/1127720/71795 a wrong answer which seems very elegant is here: https://stackoverflow.com/a/5174433. Summary: use either `/tmp` or `~`. – Tim May 18 '18 at 20:53
  • 1
    For systemd users see https://serverfault.com/questions/779634/create-a-directory-under-var-run-at-boot – rogerdpack Jul 18 '19 at 21:34
18
mkdir /var/run/mydaemon
chown myuser:myuser /var/run/mydaemon

this will not work, since it will be lost at the next reboot (/var/run is a tmpfs on Ubuntu).

The only feasible solution is to run mkdir and chmod as part of the startup scripts.

voretaq7
  • 79,345
  • 17
  • 128
  • 213
Vladimir Nicolici
  • 181
  • 1
  • 3
  • Yes, you are right! CentOS will remove the dir when next reboot too. I like to set pid file to "/tmp", or just add "mkdir -p /var/run/mydaemon" to mydaemon.service – Zhuo YING Apr 03 '22 at 08:55
3

You can try this. Create a directory /var/run/test/ and then change the permission of this directory to the same user as your program runs. " chown /var/run/test/" . Now in your application change the location of the PID file to /var/run/test/test.pid. This should get things working for you.

proy
  • 1,179
  • 8
  • 10
3

What about using the "sticky" bit on /var/run ?

chmod +t /var/run ?

Probably mess up some other apps, but it seems like it would be another solution.

I'll stick with creating a separate /var/run folder for now, however.

user68971
  • 39
  • 1
2

Entries in the /etc/permissions are permanent. Make an entry there to make the ownership and permissions for a directory permanent.

Mr. Raspberry
  • 3,878
  • 12
  • 32
user432133
  • 21
  • 1
  • Apparently, this file only exists on SuSE. Source: https://www.linuxquestions.org/questions/linux-newbie-8/what-is-the-meaning-of-etc-permissions-745793/#post3635817 – Michael Herrmann Oct 29 '21 at 09:39
-7

To avoid putting your program-user in the root group, allow others write access:

# chmod 757
Ivan Chuchman
  • 322
  • 1
  • 3
  • 2
    This is a terrible idea. It would cause a potentially massive security problem – Tom O'Connor Dec 02 '10 at 11:17
  • 5
    Never do a chmod 757 on /var/run! This would cause a serious security problem – michel Dec 02 '10 at 10:57
  • Even if we ignore the security problem, `chmod 757` will also only work until the next reboot. Sorry about creating a new answer, but there seems to be no way to reply to the other comment. – Vladimir Nicolici Jan 07 '13 at 19:25
  • @michel, the author never said to do a `chmod` on `/var/run`. The author may have meant it for the application subdirectory. Not sure what all the fuss is about. – Asclepius Feb 25 '13 at 17:39