[X2Go-Commits] x2gobroker.git - build-main (branch) updated: 0.0.0.1-17-g58da6a1

The branch, build-main has been updated via 58da6a1d6504def84dccbc9f3328cca439fefa3b (commit) from f1ea959ac2800e88d57018b80b648f7ab48fc9a8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: debian/changelog | 2 ++ debian/x2gobroker-daemon.default | 5 ++++- debian/x2gobroker-daemon.init | 8 +++++++- x2gobroker/defaults.py | 14 ++++++++++++-- x2gobroker/loggers.py | 1 - 5 files changed, 25 insertions(+), 5 deletions(-) mode change 100644 => 100755 debian/x2gobroker-daemon.init The diff of changes is: diff --git a/debian/changelog b/debian/changelog index 467aa58..c7be8e3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,8 @@ x2gobroker (0.0.0.2-0~x2go1) UNRELEASED; urgency=low - Add man page for x2gobroker executable. - Add logrotate configuration for x2gobroker log files. - Make the daemon user ID configurable through x2gobroker-daemon.default. + - Handle different situation for X2GOBROKER_DAEMON_USER. Make sure + the getpass.getuser() function sees the correct effective UID. * /debian/control: + Add bin:package x2gobroker-agent. diff --git a/debian/x2gobroker-daemon.default b/debian/x2gobroker-daemon.default index 589aedb..8b8bea2 100644 --- a/debian/x2gobroker-daemon.default +++ b/debian/x2gobroker-daemon.default @@ -3,7 +3,10 @@ # Uncomment to enable the X2Go Session Broker standalone daemon START_DAEMON=true -# the posix user ID the broker runs under +# the posix user ID the broker runs under (do not change!) +# if you change it nonetheless, make sure that the log file +# directory (default: /var/log/x2gobroker) and files in there are +# writable by that user #X2GOBROKER_DAEMON_USER=x2gobroker # run XGo Session Broker in debug mode, this will make the broker diff --git a/debian/x2gobroker-daemon.init b/debian/x2gobroker-daemon.init old mode 100644 new mode 100755 index 4d89e64..789291b --- a/debian/x2gobroker-daemon.init +++ b/debian/x2gobroker-daemon.init @@ -37,6 +37,12 @@ X2GOBROKER_SSL_CERTFILE= X2GOBROKER_SSL_KEYFILE= test -f $DEBIANCONFIG && . $DEBIANCONFIG +if ! getent passwd $X2GOBROKER_DAEMON_USER 1>/dev/null 2>/dev/null; then + X2GOBROKER_DAEMON_USER=nobody +fi + +export LOGNAME=$X2GOBROKER_DAEMON_USER + export X2GOBROKER_DEBUG export X2GOBROKER_DAEMON_USER export X2GOBROKER_CONFIG @@ -62,7 +68,7 @@ case "${1:-}" in log_daemon_msg "Starting X2Go Session Broker standalone daemon" "x2gobroker" mkdir -p $RUNDIR set +e - start-stop-daemon -u $X2GOBROKER_DAEMON_USER -b -m -S -p $PIDFILE -x $DAEMON -- -b $DAEMON_BIND_ADDRESS + start-stop-daemon --chuid $X2GOBROKER_DAEMON_USER -b -m -S -p $PIDFILE -x $DAEMON -- -b $DAEMON_BIND_ADDRESS log_end_msg $? set -e fi diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py index 1f250c2..4099d57 100644 --- a/x2gobroker/defaults.py +++ b/x2gobroker/defaults.py @@ -39,15 +39,25 @@ else: X2GOBROKER_DEBUG = False if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER: X2GOBROKER_DEBUG = True - +X2GOBROKER_DEBUG = True if X2GOBROKER_DEBUG: logger_broker.setLevel(logging.DEBUG) logger_access.setLevel(logging.DEBUG) logger_error.setLevel(logging.DEBUG) -if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER: +logger_broker.warn('os.getuid() = %s' % os.getuid()) +logger_broker.warn('os.geteuid() = %s' % os.geteuid()) +logger_broker.warn('getpass.getuser() = %s' % getpass.getuser()) + +# check effective UID the broker runs as and complain appropriately... +if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER and os.geteuid() != 0: logger_broker.warn('X2Go Session Broker has been started interactively by user {username}, better run as user {daemon_username}.'.format(username=X2GOBROKER_USER, daemon_username=X2GOBROKER_DAEMON_USER)) logger_broker.info('Automatically switching to DEBUG mode due to interactive launch of this application.') +elif X2GOBROKER_DAEMON_USER != 'root' and os.geteuid() == 0: + logger_broker.warn('X2Go Session Broker should not be run as root, better run as user {daemon_username}.'.format(daemon_username=X2GOBROKER_DAEMON_USER)) +elif os.geteuid() == 0: + logger_broker.warn('X2Go Session Broker should not be run as root, better run as non-privileged user') + logger_broker.info('Setting up the broker\'s environment...') logger_broker.info(' X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG)) diff --git a/x2gobroker/loggers.py b/x2gobroker/loggers.py index d7fb60a..7791bbd 100644 --- a/x2gobroker/loggers.py +++ b/x2gobroker/loggers.py @@ -65,4 +65,3 @@ else: logger_error = logging.getLogger('error') logger_error.addHandler(stdout_handler) logger_error.propagate = 0 - hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).