[X2Go-Commits] x2gobroker.git - tmp (branch) updated: 0.0.0.1-17-g58da6a1

X2Go dev team git-admin at x2go.org
Tue Apr 23 21:08:44 CEST 2013


The branch, tmp has been updated
       via  58da6a1d6504def84dccbc9f3328cca439fefa3b (commit)
      from  f1ea959ac2800e88d57018b80b648f7ab48fc9a8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                 |    2 ++
 debian/x2gobroker-daemon.default |    5 ++++-
 debian/x2gobroker-daemon.init    |    8 +++++++-
 x2gobroker/defaults.py           |   14 ++++++++++++--
 x2gobroker/loggers.py            |    1 -
 5 files changed, 25 insertions(+), 5 deletions(-)
 mode change 100644 => 100755 debian/x2gobroker-daemon.init

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 467aa58..c7be8e3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ x2gobroker (0.0.0.2-0~x2go1) UNRELEASED; urgency=low
     - Add man page for x2gobroker executable.
     - Add logrotate configuration for x2gobroker log files.
     - Make the daemon user ID configurable through x2gobroker-daemon.default.
+    - Handle different situation for X2GOBROKER_DAEMON_USER. Make sure
+      the getpass.getuser() function sees the correct effective UID.
   * /debian/control:
     + Add bin:package x2gobroker-agent.
 
diff --git a/debian/x2gobroker-daemon.default b/debian/x2gobroker-daemon.default
index 589aedb..8b8bea2 100644
--- a/debian/x2gobroker-daemon.default
+++ b/debian/x2gobroker-daemon.default
@@ -3,7 +3,10 @@
 # Uncomment to enable the X2Go Session Broker standalone daemon
 START_DAEMON=true
 
-# the posix user ID the broker runs under
+# the posix user ID the broker runs under (do not change!)
+# if you change it nonetheless, make sure that the log file
+# directory (default: /var/log/x2gobroker) and files in there are
+# writable by that user
 #X2GOBROKER_DAEMON_USER=x2gobroker
 
 # run XGo Session Broker in debug mode, this will make the broker
diff --git a/debian/x2gobroker-daemon.init b/debian/x2gobroker-daemon.init
old mode 100644
new mode 100755
index 4d89e64..789291b
--- a/debian/x2gobroker-daemon.init
+++ b/debian/x2gobroker-daemon.init
@@ -37,6 +37,12 @@ X2GOBROKER_SSL_CERTFILE=
 X2GOBROKER_SSL_KEYFILE=
 test -f $DEBIANCONFIG && . $DEBIANCONFIG
 
+if ! getent passwd $X2GOBROKER_DAEMON_USER 1>/dev/null 2>/dev/null; then
+	X2GOBROKER_DAEMON_USER=nobody
+fi
+
+export LOGNAME=$X2GOBROKER_DAEMON_USER
+
 export X2GOBROKER_DEBUG
 export X2GOBROKER_DAEMON_USER
 export X2GOBROKER_CONFIG
@@ -62,7 +68,7 @@ case "${1:-}" in
       log_daemon_msg "Starting X2Go Session Broker standalone daemon" "x2gobroker"
       mkdir -p $RUNDIR
       set +e
-      start-stop-daemon -u $X2GOBROKER_DAEMON_USER -b -m -S -p $PIDFILE -x $DAEMON -- -b $DAEMON_BIND_ADDRESS
+      start-stop-daemon --chuid $X2GOBROKER_DAEMON_USER -b -m -S -p $PIDFILE -x $DAEMON -- -b $DAEMON_BIND_ADDRESS
       log_end_msg $?
       set -e
     fi
diff --git a/x2gobroker/defaults.py b/x2gobroker/defaults.py
index 1f250c2..4099d57 100644
--- a/x2gobroker/defaults.py
+++ b/x2gobroker/defaults.py
@@ -39,15 +39,25 @@ else:
     X2GOBROKER_DEBUG = False
 if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER:
     X2GOBROKER_DEBUG = True
-
+X2GOBROKER_DEBUG = True
 if X2GOBROKER_DEBUG:
     logger_broker.setLevel(logging.DEBUG)
     logger_access.setLevel(logging.DEBUG)
     logger_error.setLevel(logging.DEBUG)
 
-if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER:
+logger_broker.warn('os.getuid() = %s' % os.getuid())
+logger_broker.warn('os.geteuid() = %s' % os.geteuid())
+logger_broker.warn('getpass.getuser() = %s' % getpass.getuser())
+
+# check effective UID the broker runs as and complain appropriately...
+if X2GOBROKER_USER != X2GOBROKER_DAEMON_USER and os.geteuid() != 0:
     logger_broker.warn('X2Go Session Broker has been started interactively by user {username}, better run as user {daemon_username}.'.format(username=X2GOBROKER_USER, daemon_username=X2GOBROKER_DAEMON_USER))
     logger_broker.info('Automatically switching to DEBUG mode due to interactive launch of this application.')
+elif X2GOBROKER_DAEMON_USER != 'root' and os.geteuid() == 0:
+    logger_broker.warn('X2Go Session Broker should not be run as root, better run as user {daemon_username}.'.format(daemon_username=X2GOBROKER_DAEMON_USER))
+elif os.geteuid() == 0:
+    logger_broker.warn('X2Go Session Broker should not be run as root, better run as non-privileged user')
+
 logger_broker.info('Setting up the broker\'s environment...')
 logger_broker.info('  X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
 
diff --git a/x2gobroker/loggers.py b/x2gobroker/loggers.py
index d7fb60a..7791bbd 100644
--- a/x2gobroker/loggers.py
+++ b/x2gobroker/loggers.py
@@ -65,4 +65,3 @@ else:
     logger_error = logging.getLogger('error')
     logger_error.addHandler(stdout_handler)
     logger_error.propagate = 0
-


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list