| SCN # | SCN-00000008 |
| Title of SCN | Privileged ‘exacqd’ process |
| TRAC # | #15536 |
| Effective Version | 9.5.25 – Public 9.6 |
| Products Affected | Server |
| Reason for Change (Summary) | CyberProtection requirement that software not run with elevated privileges by default. |
Change
Traditionally, one process runs when the exacqVision Server Service starts: ‘core’ (Linux) or ‘core.exe’ (Windows). Beginning in 9.6, tasks that require activating a binary or script will be moving (over time) to the new ‘exacqd’ (Linux) or ‘exacqd.exe’ (Windows) process. This includes executables packaged with the Server installer, as well as OS-level programs.
The following binaries will be executed by exacqd in 9.6 (others will move in upcoming releases):
curl (updates and emails), curl.exe (updates and emails), dvdrwtools, dvd+rw-mediainfo.exe, failover.ps1, failover.sh, mdnsd, mDNSResponder.exe, netconfig.ps1, netconfig.sh, ntpd, ntpdate, update.ps1, tzutil.exe, update.sh, w32time, wodim, wodim.exe
UPDATE: Beginning in dev trunk 19.05.4 and Public 19.06 the following are also moved to exacqd:
curl (all), curl.exe (all), dhcpconfig.sh, driveprep.ps1, driveprep.sh, evselftest, evselftest.exe, failover.ps1, failover.sh, iscsiprep.ps1, iscsiprep.sh, lshw, mkbadst_config.sh, mount, opendhcpd, opendhcpserver.exe, parted, rmfs.sh, smartctl, smartctl.exe, sysinfo.ps.1, teaming.ps.1
On Service start, the exacqd process will start first, which will then start core. Additionally, exacqd will restart core if it crashes. These two processes will communicate with each other through a protected pipe (IPC). The user experience should be exactly the same after upgrading.
One improvement due to this change is that the exacqVision Server start/stop is now significantly faster.
Eventually, the ‘core’ process will be able to run without elevated privileges. In problem scenarios, ‘exacqd’ will be able to restart ‘core’, but ‘core’ cannot restart ‘exacqd’. While unlikely, if the ‘exacqd’ process dies, the Server logs will show:
exacqd ipc pipe disconnectedsleeping for one minute to allow active watchdogs to expire...
The watchdog will expire and the OS will reboot.
Additional Documentation
https://trac.exacq.com/DVR/wiki/ServerElevatePrivilegedOperations
https://trac.exacq.com/DVR/ticket/1876
Other information
Here is a non-exhaustive list of some of the functions that will be moving to the ‘exacqd’ process over the next several releases:
| Feature | Windows Binaries | Linux Binaries |
|---|---|---|
| Network Configuration | netconfig.ps1 teaming.ps1 | netconfig.sh |
| Remote Updates | curl.exe update.ps1 | curl update.sh |
| Auto Export (to CD/DVD) | dvd+rw-mediainfo.exe wodim.exe | dvdrwtools wodim |
| Notifications (Email) | curl.exe | curl |
| Archiving/Extended | curl.exe | curl parted mount |
| DHCP Server | opendhcpserver.exe | opendhcpd dhcpconfig.sh |
| IP Camera Detection | mDNSResponder.exe | mdnsd |
| Extended Drives | iscsiprep.ps1 | iscsiprep.py mkbadst_config.sh |
| Disk Monitoring | evselftest.exe smartctl.exe | evselftest smartctl |
| Disk Prep | driveprep.ps1 | driveprep.sh rmfs.sh |
| Failover | failover.ps1 | failover.sh |
| Hardware Monitoring | sysinfo.ps1 | lshw |
| Time/Date/Timezone/NTP | tzutil.exe w32time | ntpd ntpdate |
| LDAP Queries | curl.exe | curl |