springboot pid_file file is created with root user ownership even if RUN_AS_USER provided

pid_file is created using checkPermissions() in launch.script file.

# Utility functions
checkPermissions() {
  touch "$pid_file" &> /dev/null || { echoRed "Operation not permitted (cannot access pid file)"; return 4; }
  touch "$log_file" &> /dev/null || { echoRed "Operation not permitted (cannot access log file)"; return 4; }
}

ownership is not changed for 'pid_file' if RUN_AS_USER exist.

same is done for 'log_file' on line 181

if [[ ! -e "$log_file" ]]; then
    touch "$log_file" &> /dev/null
    if [[ -n "$run_user" ]]; then
      chown "$run_user" "$log_file"
    fi
  fi

ideally, pid_file ownership should be change if RUN_AS_USER provided.

Comment From: wilkinsona

ideally, pid_file ownership should be change if RUN_AS_USER provided.

Thanks for the suggestion. Why would that be ideal? What would it allow you to do that cannot be done with the current behaviour?

Comment From: csankhala

Spring boot application running with non-root user is not able to write PID file with ApplicationPidFileWriter.

Comment From: wilkinsona

Thanks. How are you using the launch script? The expectation is that the script (or start-stop-daemon that it invokes) will write the pid file to the directory that it has created.

Comment From: csankhala

My app is using ApplicationPidFileWriter to write PID file.

It was working fine until i upgraded to 2.1.x

Comment From: wilkinsona

Thanks, but that doesn't answer my question. I'd like to understand how you're using the launch script. It's not clear to me why you're using ApplicationPidFileWriter when the launch script may well have already written the pid file for you.

Comment From: wilkinsona

It would also be useful to know from what Spring Boot version you have upgraded. I believe that the PID file and folder ownership has been as it is now since 1.5.10.

Comment From: csankhala

Well, in that case, my legacy application has redundant implementation for pid write. I should remove that.

I have upgraded from 1.5.7.

Pid file ownership related code has been change as in earlier launch script sets ownership as runuser:root, now its root:root.

Comment From: wilkinsona

Well, in that case, my legacy application has redundant implementation for pid write. I should remove that.

Given that things have been the way they currently are since 1.5.10 (January 2018), I think that's the best thing to do here. We're not aware of it causing problems for anyone else so it'd hard to justify making a change.