[X2Go-Commits] [x2gobroker] 01/02: Properly set (/var)/run/x2gobroker directory permissions when started via systemd.

git-admin at x2go.org git-admin at x2go.org
Thu Nov 13 14:05:37 CET 2014


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2gobroker.

commit 7f2d71126c0cf7baaba37d195b3005b5bad4b730
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Thu Nov 13 14:03:21 2014 +0100

    Properly set (/var)/run/x2gobroker directory permissions when started via systemd.
---
 bin/x2gobroker              |   17 +++++++++++++----
 debian/changelog            |    2 ++
 sbin/x2gobroker-authservice |    6 +++++-
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/bin/x2gobroker b/bin/x2gobroker
index a0c79af..f89c92c 100755
--- a/bin/x2gobroker
+++ b/bin/x2gobroker
@@ -39,6 +39,8 @@ try:
 except ImportError:
     CAN_DAEMONIZE = False
 
+from grp import getgrnam
+
 def prep_http_mode():
 
     global urls
@@ -148,9 +150,6 @@ if __name__ == "__main__":
 
     cmdline_args = p.parse_args()
 
-    if os.getuid() == 0 and cmdline_args.drop_privileges:
-        drop_privileges(uid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, gid=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP)
-
     if cmdline_args.config_file is not None:
         x2gobroker.defaults.X2GOBROKER_CONFIG = cmdline_args.config_file
 
@@ -216,7 +215,13 @@ if __name__ == "__main__":
                     os.makedirs(os.path.dirname(pidfile))
                 except:
                     pass
-            if not os.access(os.path.dirname(pidfile), os.W_OK) or (os.path.exists(pidfile) and not os.access(pidfile, os.W_OK)):
+            try:
+                os.chown(os.path.dirname(pidfile), 0, getgrnam(x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP).gr_gid)
+                os.chmod(os.path.dirname(pidfile), 0770)
+            except OSError:
+                pass
+
+            if not (os.access(os.path.dirname(pidfile), os.W_OK) and os.access(os.path.dirname(pidfile), os.X_OK)) or (os.path.exists(pidfile) and not os.access(pidfile, os.W_OK)):
                 print("")
                 p.print_usage()
                 print("Insufficent privileges. Cannot create PID file {pidfile} path".format(pidfile=pidfile))
@@ -241,6 +246,10 @@ if __name__ == "__main__":
         bind_address, bind_port = x2gobroker.utils.split_host_address(cmdline_args.bind, default_address=None, default_port=8080)
         cmdline_args.bind = "[{address}]:{port}".format(address=bind_address, port=bind_port)
 
+    if os.getuid() == 0 and cmdline_args.drop_privileges:
+        drop_privileges(uid=x2gobroker.defaults.X2GOBROKER_DAEMON_USER, gid=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP)
+
+
 urls = ()
 settings = {}
 
diff --git a/debian/changelog b/debian/changelog
index 4057286..ce40f8e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -195,6 +195,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low
     - During select_session: Re-add subdomain (if possible) to the hostname to
       make sure we can detect the host's <ip-address>:<port> further down in
       the code.
+    - Properly set (/var)/run/x2gobroker directory permissions when started
+      via systemd.
   * debian/control:
     + Provide separate bin:package for SSH brokerage: x2gobroker-ssh.
     + Replace LDAP support with session brokerage support in LONG_DESCRIPTION.
diff --git a/sbin/x2gobroker-authservice b/sbin/x2gobroker-authservice
index 8e21cab..012af4b 100755
--- a/sbin/x2gobroker-authservice
+++ b/sbin/x2gobroker-authservice
@@ -272,9 +272,13 @@ if __name__ == '__main__':
     if not os.path.exists(os.path.dirname(socket_file)):
         os.makedirs(os.path.dirname(socket_file))
 
+    runtimedir_permissions = int(cmdline_args.permissions, 8)
+    if runtimedir_permissions & 0400: runtimedir_permissions = runtimedir_permissions | 0100
+    if runtimedir_permissions & 0040: runtimedir_permissions = runtimedir_permissions | 0010
+    if runtimedir_permissions & 0004: runtimedir_permissions = runtimedir_permissions | 0001
     try:
         os.chown(os.path.dirname(socket_file), getpwnam(cmdline_args.owner).pw_uid, getpwnam(cmdline_args.group).pw_gid)
-        os.chmod(os.path.dirname(socket_file), int(cmdline_args.permissions, 8))
+        os.chmod(os.path.dirname(socket_file), runtimedir_permissions)
     except OSError:
         pass
 

--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git


More information about the x2go-commits mailing list