[X2Go-Commits] [x2gobroker] 01/02: Properly set (/var)/run/x2gobroker directory permissions when started via systemd.
git-admin at x2go.org
git-admin at x2go.org
Thu Nov 13 14:05:37 CET 2014
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2gobroker.
commit 7f2d71126c0cf7baaba37d195b3005b5bad4b730
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Thu Nov 13 14:03:21 2014 +0100
Properly set (/var)/run/x2gobroker directory permissions when started via systemd.
---
bin/x2gobroker | 17 +++++++++++++----
debian/changelog | 2 ++
sbin/x2gobroker-authservice | 6 +++++-
3 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/bin/x2gobroker b/bin/x2gobroker
index a0c79af..f89c92c 100755
--- a/bin/x2gobroker
+++ b/bin/x2gobroker
@@ -39,6 +39,8 @@ try:
except ImportError:
CAN_DAEMONIZE = False
+from grp import getgrnam
+
def prep_http_mode():
global urls
@@ -148,9 +150,6 @@ if __name__ == "__main__":
cmdline_args = p.parse_args()
- if os.getuid() == 0 and cmdline_args.drop_privileges:
- drop_privileges(uid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, gid=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP)
-
if cmdline_args.config_file is not None:
x2gobroker.defaults.X2GOBROKER_CONFIG = cmdline_args.config_file
@@ -216,7 +215,13 @@ if __name__ == "__main__":
os.makedirs(os.path.dirname(pidfile))
except:
pass
- if not os.access(os.path.dirname(pidfile), os.W_OK) or (os.path.exists(pidfile) and not os.access(pidfile, os.W_OK)):
+ try:
+ os.chown(os.path.dirname(pidfile), 0, getgrnam(x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP).gr_gid)
+ os.chmod(os.path.dirname(pidfile), 0770)
+ except OSError:
+ pass
+
+ if not (os.access(os.path.dirname(pidfile), os.W_OK) and os.access(os.path.dirname(pidfile), os.X_OK)) or (os.path.exists(pidfile) and not os.access(pidfile, os.W_OK)):
print("")
p.print_usage()
print("Insufficent privileges. Cannot create PID file {pidfile} path".format(pidfile=pidfile))
@@ -241,6 +246,10 @@ if __name__ == "__main__":
bind_address, bind_port = x2gobroker.utils.split_host_address(cmdline_args.bind, default_address=None, default_port=8080)
cmdline_args.bind = "[{address}]:{port}".format(address=bind_address, port=bind_port)
+ if os.getuid() == 0 and cmdline_args.drop_privileges:
+ drop_privileges(uid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, gid=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP)
+
+
urls = ()
settings = {}
diff --git a/debian/changelog b/debian/changelog
index 4057286..ce40f8e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -195,6 +195,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
- During select_session: Re-add subdomain (if possible) to the hostname to
make sure we can detect the host's <ip-address>:<port> further down in
the code.
+ - Properly set (/var)/run/x2gobroker directory permissions when started
+ via systemd.
* debian/control:
+ Provide separate bin:package for SSH brokerage: x2gobroker-ssh.
+ Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice
index 8e21cab..012af4b 100755
--- a/sbin/x2gobroker-authservice
+++ b/sbin/x2gobroker-authservice
@@ -272,9 +272,13 @@ if __name__ == '__main__':
if not os.path.exists(os.path.dirname(socket_file)):
os.makedirs(os.path.dirname(socket_file))
+ runtimedir_permissions = int(cmdline_args.permissions, 8)
+ if runtimedir_permissions & 0400: runtimedir_permissions = runtimedir_permissions | 0100
+ if runtimedir_permissions & 0040: runtimedir_permissions = runtimedir_permissions | 0010
+ if runtimedir_permissions & 0004: runtimedir_permissions = runtimedir_permissions | 0001
try:
os.chown(os.path.dirname(socket_file), getpwnam(cmdline_args.owner).pw_uid, getpwnam(cmdline_args.group).pw_gid)
- os.chmod(os.path.dirname(socket_file), int(cmdline_args.permissions, 8))
+ os.chmod(os.path.dirname(socket_file), runtimedir_permissions)
except OSError:
pass
--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
More information about the x2go-commits
mailing list