Changeset 1200

Show
Ignore:
Timestamp:
07/19/08 02:43:24 (1 month ago)
Author:
nickandrew
Message:

Run mogstored as a non-root user

This patch was submitted by Jonathan Share.

The mogstored daemon shouldn't run as root. This patch adds a
configuration option to specify the username to run as, instead
of root. The user is created if it doesn't already exist.

Signed-off-by: Nick Andrew <nick@nick-andrew.net>

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/server/CHANGES

    r1198 r1200  
     1        * Specify username to run the mogstored daemon (Jonathan Share) 
     2 
    13        * Many spelling errors corrected. 
    24 

  • trunk/server/debian/mogilefsd.init

    r1192 r1200  
    2222[ -x "$DAEMON" ] || exit 0 
    2323 
    24 if [ ! -e $DEFAULTS ] 
    25   then 
    26         echo "Can't start $NAME. Defaults file ($DEFAULTS) doesn't exist." 
    27         echo "Please run dpkg-reconfigure $NAME to correct the problem." 
    28         exit 0 
     24# Read configuration variable file if it is present 
     25if [ -r $DEFAULTS ] ; then 
     26 
     27    . $DEFAULTS 
     28 
     29    if [ -z "$MOGILEFSD_RUNASUSER" ]; then 
     30        echo "Cannot determine user to run as, even though defaults file ($DEFAULTS) exists." 
     31        echo "Please run dpkg-reconfigure $NAME to correct the problem." 
     32        exit 0 
     33    fi 
     34else 
     35    echo "Can't start $NAME. Defaults file ($DEFAULTS) doesn't exist." 
     36    echo "Please run dpkg-reconfigure $NAME to correct the problem." 
     37    exit 0 
    2938fi 
    30  
    31 # Read configuration variable file if it is present 
    32 [ -r /etc/default/$NAME ] && . /etc/default/$NAME 
    3339 
    3440# Load the VERBOSE setting and other rcS variables 
    3541. /lib/init/vars.sh 
    36  
    37 if [ "$MOGILEFSD_RUNASUSER" == "" ] 
    38   then 
    39  
    40         echo "Cannot determine user to run as, even though defaults file ($DEFAULTS) exists." 
    41         echo "Please run dpkg-reconfigure $NAME to correct the problem." 
    42         exit 0   
    43 fi 
    4442 
    4543set -e 
     
    5250        if [ -e $PIDFILE ] 
    5351                then 
    54                  
     52 
    5553                if [ -d /proc/`cat $PIDFILE`/ ] 
    5654                then 

  • trunk/server/debian/mogstored.config

    r167 r1200  
    88db_input medium $PACKAGE/docroot || true 
    99db_go 
     10 
     11RUNASUSER="" 
     12 
     13while [ "$RUNASUSER" = "" ] 
     14  do 
     15 
     16        db_input medium $PACKAGE/runasuser || true 
     17        db_go 
     18 
     19        db_get $PACKAGE/runasuser 
     20        RUNASUSER="$RET" 
     21 
     22        if [ "$RUNASUSER" = "root" ] 
     23                then 
     24 
     25                db_reset $PACKAGE/runasuser 
     26                db_fset $PACKAGE/runasuser seen false 
     27        fi 
     28 
     29  done 

  • trunk/server/debian/mogstored.init

    r1192 r1200  
    1515NAME=mogstored 
    1616DESC=mogstored 
     17DEFAULTS=/etc/default/$NAME 
    1718PIDFILE=/var/run/$NAME.pid 
    1819SCRIPTNAME=/etc/init.d/$NAME 
     
    2223 
    2324# Read configuration variable file if it is present 
    24 [ -r /etc/default/$NAME ] && . /etc/default/$NAME 
     25if [ -r $DEFAULTS ] ; then 
     26 
     27    . $DEFAULTS 
     28 
     29    if [ -z "$MOGSTORED_RUNASUSER" ]; then 
     30        echo "Cannot determine user to run as, even though defaults file ($DEFAULTS) exists." 
     31        echo "Please run dpkg-reconfigure $NAME to correct the problem." 
     32        exit 0 
     33    fi 
     34else 
     35    echo "Can't start $NAME. Defaults file ($DEFAULTS) doesn't exist." 
     36    echo "Please run dpkg-reconfigure $NAME to correct the problem." 
     37    exit 0 
     38fi 
    2539 
    2640# Load the VERBOSE setting and other rcS variables 
     
    3650        if [ -e $PIDFILE ] 
    3751                then 
    38                  
     52 
    3953                if [ -d /proc/`cat $PIDFILE`/ ] 
    4054                then 
     
    4862        fi 
    4963 
    50         start-stop-daemon --start --quiet --exec $DAEMON --pidfile $PIDFILE -b -m --name $NAME 
     64        start-stop-daemon --start --quiet --exec $DAEMON --pidfile $PIDFILE -b -m --name $NAME --chuid $MOGSTORED_RUNASUSER 
    5165} 
    5266 
     
    5670do_stop() 
    5771{ 
    58         start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --name $NAME 
     72        start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --name $NAME --user $MOGSTORED_RUNASUSER 
    5973        rm -f $PIDFILE 
    6074} 

  • trunk/server/debian/mogstored.postinst

    r1190 r1200  
    1818                db_get $PKG/docroot 
    1919                MOGSTORED_DOCROOT=$RET 
     20                db_get $PKG/runasuser 
     21                RUNASUSER="$RET" 
    2022 
    2123                if [ ! -d "$MOGSTORED_DOCROOT" ] 
    2224                        then 
    23                  
     25 
    2426                        mkdir -p $MOGSTORED_DOCROOT 
     27                        chown $RUNASUSER $MOGSTORED_DOCROOT 
    2528                        chmod 755 $MOGSTORED_DOCROOT 
    2629                fi 
     
    4548 
    4649#DEBHELPER# 
    47  

  • trunk/server/debian/mogstored.templates

    r167 r1200  
    44_Description: Document root for mogstored: 
    55 The mogstored daemon needs a directory for the root of its filetree. 
     6 
     7Template: mogstored/runasuser 
     8Type: string 
     9_Default: mogstored 
     10_Description: User to run mogstored as: 
     11 The mogstored storage daemon cannot be run as root. What user should it be 
     12 run as? This user will be created for you as a system user if it does not 
     13 yet exist.