unbound does not write pidfile

LibertyX · May 1, 2023, 10:20am

Hi,

It has worked a realy long time, but since the last debian (bullseye) Update, unbound does not write the pidfile anymore.

My Setup:

Debian GNU/Linux 11 (bullseye)

Linux 5.10.0-22-amd64

unbound stable V1.13.1

In the unbound Config i have configured the pidfile
pidfile: “/var/run/unbound/unbound.pid”

i have make the dir “unbound” under /var/run as 775 unbound:unbound

There is no Message in syslog or the unbound log regarding the pidfile

What have to be done, that the pidfile will be wrote to the condigured dir?

Simon_Deziel2 · May 1, 2023, 12:45pm

Hi,

Hi,

It has worked a realy long time, but since the last debian (bullseye)
Update, unbound does not write the pidfile anymore.

My Setup:

Debian GNU/Linux 11 (bullseye)
Linux 5.10.0-22-amd64
unbound stable V1.13.1

In the unbound Config i have configured the pidfile
pidfile: "/var/run/unbound/unbound.pid"

i have make the dir "unbound" under /var/run as 775 unbound:unbound

There is no Message in syslog or the unbound log regarding the pidfile

The systemd service tells unbound not to create a pid (-p), see:

https://salsa.debian.org/dns-team/unbound/-/blob/master/debian/unbound.service#L14

What have to be done, that the pidfile will be wrote to the condigured dir?

That came up recently in a Debian bug which contains the explanation of what to do if you want the PID: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034494

HTH,
Simon

Michael_Tokarev · May 2, 2023, 7:03am

01.05.2023 13:20, LibertyX via Unbound-users пишет:

Hi,

It has worked a realy long time, but since the last debian (bullseye) Update, unbound does not write the pidfile anymore.

My Setup:

Debian GNU/Linux 11 (bullseye)
Linux 5.10.0-22-amd64
unbound stable V1.13.1

In the unbound Config i have configured the pidfile
pidfile: "/var/run/unbound/unbound.pid"

FWIW, in a recent package of unbound in debian, I patched out unbound
code which creates the pid file. Because apparently unbound is the only
service out there which still tries to chown pidfile to the unpriv user
and clean it up at exit, which is unnecessary but makes whole thing
open to various security issues. If you want to have unbound pid file,
I suggest to use start-stop-daemon with --make-pidfile to manage
unbound pid file in a reliable way.

/mjt