[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 0.0.0.1-17-g58da6a1

X2Go dev team git-admin at x2go.org
Sun May 19 13:03:10 CEST 2013


The branch, build-main has been updated
       via  58da6a1d6504def84dccbc9f3328cca439fefa3b (commit)
      from  f1ea959ac2800e88d57018b80b648f7ab48fc9a8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                 |    2 ++
 debian/x2gobroker-daemon.default |    5 ++++-
 debian/x2gobroker-daemon.init    |    8 +++++++-
 x2gobroker/defaults.py           |   14 ++++++++++++--
 x2gobroker/loggers.py            |    1 -
 5 files changed, 25 insertions(+), 5 deletions(-)
 mode change 100644 => 100755 debian/x2gobroker-daemon.init

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 467aa58..c7be8e3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ x2gobroker (0.0.0.2-0~x2go1) UNRELEASED; urgency=low
     - Add man page for x2gobroker executable.
     - Add logrotate configuration for x2gobroker log files.
     - Make the daemon user ID configurable through x2gobroker-daemon.default.
+    - Handle different situation for X2GOBROKER_DAEMON_USER. Make sure
+      the getpass.getuser() function sees the correct effective UID.
   * /debian/control:
     + Add bin:package x2gobroker-agent.
 
diff --git a/debian/x2gobroker-daemon.default b/debian/x2gobroker-daemon.default
index 589aedb..8b8bea2 100644
--- a/debian/x2gobroker-daemon.default
+++ b/debian/x2gobroker-daemon.default
@@ -3,7 +3,10 @@
 # Uncomment to enable the X2Go Session Broker standalone daemon
 START_DAEMON=true
 
-# the posix user ID the broker runs under
+# the posix user ID the broker runs under (do not change!)
+# if you change it nonetheless, make sure that the log file
+# directory (default: /var/log/x2gobroker) and files in there are
+# writable by that user
 #X2GOBROKER_DAEMON_USER=x2gobroker
 
 # run XGo Session Broker in debug mode, this will make the broker
diff --git a/debian/x2gobroker-daemon.init b/debian/x2gobroker-daemon.init
old mode 100644
new mode 100755
index 4d89e64..789291b
--- a/debian/x2gobroker-daemon.init
+++ b/debian/x2gobroker-daemon.init
@@ -37,6 +37,12 @@ X2GOBROKER_SSL_CERTFILE=
 X2GOBROKER_SSL_KEYFILE=
 test -f $DEBIANCONFIG && . $DEBIANCONFIG
 
+if ! getent passwd $X2GOBROKER_DAEMON_USER 1>/dev/null 2>/dev/null; then
+	X2GOBROKER_DAEMON_USER=nobody
+fi
+
+export LOGNAME=$X2GOBROKER_DAEMON_USER
+
 export X2GOBROKER_DEBUG
 export X2GOBROKER_DAEMON_USER
 export X2GOBROKER_CONFIG
@@ -62,7 +68,7 @@ case "${1:-}" in
       log_daemon_msg "Starting X2Go Session Broker standalone daemon" "x2gobroker"
       mkdir -p $RUNDIR
       set +e
-      start-stop-daemon -u $X2GOBROKER_DAEMON_USER -b -m -S -p $PIDFILE -x $DAEMON -- -b $DAEMON_BIND_ADDRESS
+      start-stop-daemon --chuid $X2GOBROKER_DAEMON_USER -b -m -S -p $PIDFILE -x $DAEMON -- -b $DAEMON_BIND_ADDRESS
       log_end_msg $?
       set -e
     fi
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index 1f250c2..4099d57 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -39,15 +39,25 @@ else:
     X2GOBROKER_DEBUG = False
 if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER:
     X2GOBROKER_DEBUG = True
-
+X2GOBROKER_DEBUG = True
 if X2GOBROKER_DEBUG:
     logger_broker.setLevel(logging.DEBUG)
     logger_access.setLevel(logging.DEBUG)
     logger_error.setLevel(logging.DEBUG)
 
-if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER:
+logger_broker.warn('os.getuid() = %s' % os.getuid())
+logger_broker.warn('os.geteuid() = %s' % os.geteuid())
+logger_broker.warn('getpass.getuser() = %s' % getpass.getuser())
+
+# check effective UID the broker runs as and complain appropriately...
+if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER and os.geteuid() != 0:
     logger_broker.warn('X2Go Session Broker has been started interactively by user {username}, better run as user {daemon_username}.'.format(username=X2GOBROKER_USER, daemon_username=X2GOBROKER_DAEMON_USER))
     logger_broker.info('Automatically switching to DEBUG mode due to interactive launch of this application.')
+elif X2GOBROKER_DAEMON_USER != 'root' and os.geteuid() == 0:
+    logger_broker.warn('X2Go Session Broker should not be run as root, better run as user {daemon_username}.'.format(daemon_username=X2GOBROKER_DAEMON_USER))
+elif os.geteuid() == 0:
+    logger_broker.warn('X2Go Session Broker should not be run as root, better run as non-privileged user')
+
 logger_broker.info('Setting up the broker\'s environment...')
 logger_broker.info('  X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
 
diff --git a/x2gobroker/loggers.py b/x2gobroker/loggers.py
index d7fb60a..7791bbd 100644
--- a/x2gobroker/loggers.py
+++ b/x2gobroker/loggers.py
@@ -65,4 +65,3 @@ else:
     logger_error = logging.getLogger('error')
     logger_error.addHandler(stdout_handler)
     logger_error.propagate = 0
-


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list