CNTLM fails after reboot on newer Linux distributions

[jongiddy]

On newer Linux distributions, /var/run links to /run which is a tmpfs directory cleared on each restart. This means that the /var/run/cntlm is deleted on reboot.

When the machine restarts, CNTLM first changes to the cntlm user, and then tries to create the pid file in this directory. Since the directory no longer exists, and /run is only writable by root, this fails.

The simplest solution would be for the daemon to write the pid-file as root, before changing to the non-privileged account.

A workaround is to modify /etc/sysconfig/cntlmd to point PIDFILE to a different location (e.g. PIDFILE="/tmp/cntlmd.pid").

[jongiddy]

In addition, the DEB and RPM packages set /var/run/cntlm as the cntlm user home directory, so it is probably a good idea to run usermod --home /home/cntlm --move-home cntlm to move the home directory.

[jongiddy]

Another fix is to re-create the directory structure before starting CNTLM.

For CentOS 7, see https://www.centos.org/forums/viewtopic.php?p=230529#p230529

[pantaoran]

Another fix is to re-create the directory structure before starting CNTLM.

Wouldn't that need to be arranged in the systemd service definition so that the service can still successfully start after boot? It sounds unnecessarily complicated.

This whole package seems to be a mess and basically broken on modern Linux...?

[sschuberth]

Wouldn't that need to be arranged in the systemd service definition so that the service can still successfully start after boot?

Indeed. I've done that by creating /usr/lib/tmpfiles.d/cntlm.conf with the following content:

d /run/cntlm 0775 root cntlm -