This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 7f2d71126c0cf7baaba37d195b3005b5bad4b730 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Thu Nov 13 14:03:21 2014 +0100 Properly set (/var)/run/x2gobroker directory permissions when started via systemd. --- bin/x2gobroker | 17 +++++++++++++---- debian/changelog | 2 ++ sbin/x2gobroker-authservice | 6 +++++- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/bin/x2gobroker b/bin/x2gobroker index a0c79af..f89c92c 100755 --- a/bin/x2gobroker +++ b/bin/x2gobroker @@ -39,6 +39,8 @@ try: except ImportError: CAN_DAEMONIZE = False +from grp import getgrnam + def prep_http_mode(): global urls @@ -148,9 +150,6 @@ if __name__ == "__main__": cmdline_args = p.parse_args() - if os.getuid() == 0 and cmdline_args.drop_privileges: - drop_privileges(uid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, gid=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP) - if cmdline_args.config_file is not None: x2gobroker.defaults.X2GOBROKER_CONFIG = cmdline_args.config_file @@ -216,7 +215,13 @@ if __name__ == "__main__": os.makedirs(os.path.dirname(pidfile)) except: pass - if not os.access(os.path.dirname(pidfile), os.W_OK) or (os.path.exists(pidfile) and not os.access(pidfile, os.W_OK)): + try: + os.chown(os.path.dirname(pidfile), 0, getgrnam(x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP).gr_gid) + os.chmod(os.path.dirname(pidfile), 0770) + except OSError: + pass + + if not (os.access(os.path.dirname(pidfile), os.W_OK) and os.access(os.path.dirname(pidfile), os.X_OK)) or (os.path.exists(pidfile) and not os.access(pidfile, os.W_OK)): print("") p.print_usage() print("Insufficent privileges. Cannot create PID file {pidfile} path".format(pidfile=pidfile)) @@ -241,6 +246,10 @@ if __name__ == "__main__": bind_address, bind_port = x2gobroker.utils.split_host_address(cmdline_args.bind, default_address=None, default_port=8080) cmdline_args.bind = "[{address}]:{port}".format(address=bind_address, port=bind_port) + if os.getuid() == 0 and cmdline_args.drop_privileges: + drop_privileges(uid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, gid=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP) + + urls = () settings = {} diff --git a/debian/changelog b/debian/changelog index 4057286..ce40f8e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -195,6 +195,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low - During select_session: Re-add subdomain (if possible) to the hostname to make sure we can detect the host's <ip-address>:<port> further down in the code. + - Properly set (/var)/run/x2gobroker directory permissions when started + via systemd. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice index 8e21cab..012af4b 100755 --- a/sbin/x2gobroker-authservice +++ b/sbin/x2gobroker-authservice @@ -272,9 +272,13 @@ if __name__ == '__main__': if not os.path.exists(os.path.dirname(socket_file)): os.makedirs(os.path.dirname(socket_file)) + runtimedir_permissions = int(cmdline_args.permissions, 8) + if runtimedir_permissions & 0400: runtimedir_permissions = runtimedir_permissions | 0100 + if runtimedir_permissions & 0040: runtimedir_permissions = runtimedir_permissions | 0010 + if runtimedir_permissions & 0004: runtimedir_permissions = runtimedir_permissions | 0001 try: os.chown(os.path.dirname(socket_file), getpwnam(cmdline_args.owner).pw_uid, getpwnam(cmdline_args.group).pw_gid) - os.chmod(os.path.dirname(socket_file), int(cmdline_args.permissions, 8)) + os.chmod(os.path.dirname(socket_file), runtimedir_permissions) except OSError: pass -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git