x2gobroker.git - master (branch) updated: 0.0.0.1-19-g1fe7447 - x2go-commits

19 Feb 2013

The branch, master has been updated
       via  1fe7447ef8efa17ac2fd290cc449c6d1b9078edc (commit)
       via  43e490a1fa111dde08d7b05d73fe144c3ca24b52 (commit)
       via  58da6a1d6504def84dccbc9f3328cca439fefa3b (commit)
       via  f1ea959ac2800e88d57018b80b648f7ab48fc9a8 (commit)
       via  80fd7e03f7094ef1dcc3e61d9d4e30a5020ed78a (commit)
      from  b5df92c61e0c84ec314b29acc60e635d43f3b7b0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1fe7447ef8efa17ac2fd290cc449c6d1b9078edc
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Tue Feb 19 19:57:56 2013 +0100

    /debian/x2gobroker-daemon.init: Handle stale PID file and already running daemon.

commit 43e490a1fa111dde08d7b05d73fe144c3ca24b52
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Tue Feb 19 19:44:01 2013 +0100

    Make sure the unprivileged daemon user (x2gobroker) has access to the PID file directory.

commit 58da6a1d6504def84dccbc9f3328cca439fefa3b
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Tue Feb 19 19:28:31 2013 +0100

    Handle different situation for X2GOBROKER_DAEMON_USER. Make sure the getpass.getuser() function sees the correct effective UID.

commit f1ea959ac2800e88d57018b80b648f7ab48fc9a8
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Tue Feb 19 18:58:52 2013 +0100

    typo fix

commit 80fd7e03f7094ef1dcc3e61d9d4e30a5020ed78a
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Tue Feb 19 18:52:27 2013 +0100

    Make the daemon user ID configurable through x2gobroker-daemon.default.

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                 |    7 +++++++
 debian/x2gobroker-daemon.default |    6 ++++++
 debian/x2gobroker-daemon.init    |   30 +++++++++++++++++++++++++-----
 x2gobroker/defaults.py           |   14 ++++++++++++--
 x2gobroker/loggers.py            |    9 +++++----
 5 files changed, 55 insertions(+), 11 deletions(-)
 mode change 100644 => 100755 debian/x2gobroker-daemon.init

The diff of changes is:

diff --git a/debian/changelog b/debian/changelog
index 9ed8b0d..ba7337d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,8 +7,15 @@ x2gobroker (0.0.0.2-0~x2go1) UNRELEASED; urgency=low
     - Add foundation for logging support.
     - Add man page for x2gobroker executable.
     - Add logrotate configuration for x2gobroker log files.
+    - Make the daemon user ID configurable through x2gobroker-daemon.default.
+    - Handle different situation for X2GOBROKER_DAEMON_USER. Make sure
+      the getpass.getuser() function sees the correct effective UID.
+    - Make sure the unprivileged daemon user (x2gobroker) has access to the
+      PID file directory.
   * /debian/control:
     + Add bin:package x2gobroker-agent.
+  * /debian/x2gobroker-daemon.init:
+    + Handle stale PID file and already running daemon.
 
  -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Wed, 13 Feb 2013 12:03:25 +0100
 
diff --git a/debian/x2gobroker-daemon.default b/debian/x2gobroker-daemon.default
index 452a75b..8b8bea2 100644
--- a/debian/x2gobroker-daemon.default
+++ b/debian/x2gobroker-daemon.default
@@ -3,6 +3,12 @@
 # Uncomment to enable the X2Go Session Broker standalone daemon
 START_DAEMON=true
 
+# the posix user ID the broker runs under (do not change!)
+# if you change it nonetheless, make sure that the log file
+# directory (default: /var/log/x2gobroker) and files in there are
+# writable by that user
+#X2GOBROKER_DAEMON_USER=x2gobroker
+
 # run XGo Session Broker in debug mode, this will make the broker
 # available through http GET method calls (otherwise: POST method
 # only) and you will be able to test the broker through your web
diff --git a/debian/x2gobroker-daemon.init b/debian/x2gobroker-daemon.init
old mode 100644
new mode 100755
index d14bb8f..1c2d724
--- a/debian/x2gobroker-daemon.init
+++ b/debian/x2gobroker-daemon.init
@@ -19,8 +19,8 @@
 set -eu
 
 DAEMON=/usr/sbin/x2gobroker
-test -d /run && RUNDIR=/run/ || RUNDIR=/var/run
-PIDFILE=$RUNDIR/x2gobroker-daemon.pid
+test -d /run && RUNDIR=/run || RUNDIR=/var/run
+PIDFILE=$RUNDIR/x2gobroker/x2gobroker-daemon.pid
 DEBIANCONFIG=/etc/default/x2gobroker-daemon
 
 test -x "$DAEMON" || exit 0
@@ -28,6 +28,7 @@ test -x "$DAEMON" || exit 0
 START_DAEMON=false
 DAEMON_BIND_ADDRESS=127.0.0.1:8080
 X2GOBROKER_DEBUG=0
+X2GOBROKER_DAEMON_USER='x2gobroker'
 X2GOBROKER_DEFAULT_BACKEND="zeroconf"
 X2GOBROKER_CONFIG="/etc/x2go/x2gobroker.conf"
 X2GOBROKER_SESSIONPROFILES="/etc/x2go/broker/x2gobroker-sessionprofiles.conf"
@@ -36,7 +37,19 @@ X2GOBROKER_SSL_CERTFILE=
 X2GOBROKER_SSL_KEYFILE=
 test -f $DEBIANCONFIG && . $DEBIANCONFIG
 
+if ! getent passwd $X2GOBROKER_DAEMON_USER 1>/dev/null 2>/dev/null; then
+	X2GOBROKER_DAEMON_USER=nobody
+fi
+
+# create PID directory
+mkdir -p $RUNDIR/x2gobroker
+chown $X2GOBROKER_DAEMON_USER:nogroup $RUNDIR/x2gobroker
+chmod 0700 $RUNDIR/x2gobroker
+
+export LOGNAME=$X2GOBROKER_DAEMON_USER
+
 export X2GOBROKER_DEBUG
+export X2GOBROKER_DAEMON_USER
 export X2GOBROKER_CONFIG
 export X2GOBROKER_DEFAULT_BACKEND
 export X2GOBROKER_SESSIONPROFILES
@@ -56,11 +69,18 @@ is_true()
 
 case "${1:-}" in
   start)
+    if [ -e $PIDFILE ]; then
+	if ps -u $X2GOBROKER_DAEMON_USER | grep $(basename $DAEMON) 1>/dev/null 2>/dev/null; then
+	    log_warning_msg "X2Go Session Broker already running"
+	else
+	    log_warning_msg "X2Go Session Broker: stale PID file ($PIDFILE). Delete it manually!"
+	fi
+	START_DAEMON=no
+    fi
     if is_true $START_DAEMON; then
-      log_daemon_msg "Starting X2Go Session Broker standalone daemon" "x2gobroker"
-      mkdir -p $RUNDIR
+      log_daemon_msg "Starting X2Go Session Broker standalone daemon" $(basename $DAEMON)
       set +e
-      start-stop-daemon -b -m -S -p $PIDFILE -x $DAEMON -- -b $DAEMON_BIND_ADDRESS
+      start-stop-daemon --chuid $X2GOBROKER_DAEMON_USER -b -m -S -p $PIDFILE -x $DAEMON -- -b $DAEMON_BIND_ADDRESS
       log_end_msg $?
       set -e
     fi
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index 1f250c2..4099d57 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -39,15 +39,25 @@ else:
     X2GOBROKER_DEBUG = False
 if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER:
     X2GOBROKER_DEBUG = True
-
+X2GOBROKER_DEBUG = True
 if X2GOBROKER_DEBUG:
     logger_broker.setLevel(logging.DEBUG)
     logger_access.setLevel(logging.DEBUG)
     logger_error.setLevel(logging.DEBUG)
 
-if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER:
+logger_broker.warn('os.getuid() = %s' % os.getuid())
+logger_broker.warn('os.geteuid() = %s' % os.geteuid())
+logger_broker.warn('getpass.getuser() = %s' % getpass.getuser())
+
+# check effective UID the broker runs as and complain appropriately...
+if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER and os.geteuid() != 0:
     logger_broker.warn('X2Go Session Broker has been started interactively by user {username}, better run as user {daemon_username}.'.format(username=X2GOBROKER_USER, daemon_username=X2GOBROKER_DAEMON_USER))
     logger_broker.info('Automatically switching to DEBUG mode due to interactive launch of this application.')
+elif X2GOBROKER_DAEMON_USER != 'root' and os.geteuid() == 0:
+    logger_broker.warn('X2Go Session Broker should not be run as root, better run as user {daemon_username}.'.format(daemon_username=X2GOBROKER_DAEMON_USER))
+elif os.geteuid() == 0:
+    logger_broker.warn('X2Go Session Broker should not be run as root, better run as non-privileged user')
+
 logger_broker.info('Setting up the broker\'s environment...')
 logger_broker.info('  X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
 
diff --git a/x2gobroker/loggers.py b/x2gobroker/loggers.py
index e35a9a7..7791bbd 100644
--- a/x2gobroker/loggers.py
+++ b/x2gobroker/loggers.py
@@ -25,9 +25,11 @@ import getpass
 import logging
 import logging.config
 
-X2GOBROKER_DAEMON_USER = 'x2gobroker'
-
 # normally this would go into defaults.py, however, we do not want to create a dependency loop between loggers.py and defaults.py...
+if os.environ.has_key('X2GOBROKER_DAEMON_USER'):
+    X2GOBROKER_DAEMON_USER=os.environ['X2GOBROKER_DAEMON_USER']
+else:
+    X2GOBROKER_DAEMON_USER="x2gobroker"
 if os.environ.has_key('X2GOBROKER_LOGCONFIG'):
     X2GOBROKER_LOGCONFIG=os.environ['X2GOBROKER_LOGCONFIG']
 else:
@@ -37,7 +39,7 @@ else:
 if getpass.getuser() == X2GOBROKER_DAEMON_USER:
 
     # we run in standalone daemon mode, so let's use the system configuration for logging
-    logging.config.fileConfig(_X2GOBROKER_LOGCONFIG)
+    logging.config.fileConfig(X2GOBROKER_LOGCONFIG)
 
     # create loggers
     logger_broker = logging.getLogger('broker')
@@ -63,4 +65,3 @@ else:
     logger_error = logging.getLogger('error')
     logger_error.addHandler(stdout_handler)
     logger_error.propagate = 0
-


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).

    