From 0070a46214010a677d8b89ff1091113fa550850d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Nussbaumer?= <rn@google.com>
Date: Tue, 27 Jul 2010 11:36:24 +0200
Subject: [PATCH] Revert "Make it possible to call utils.Daemonize with uid and
gid to run as"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This reverts commit 743b53d4eb9f3de46edb5e54738dab287b1979ac.
Conflicts:
lib/daemon.py
Trivial conflict resolved. This patch reverts changes from earlier permissions
separation stage. This is not needed anymore as start-stop-daemon takes care
of user switching
Signed-off-by: RenΓ© Nussbaumer <rn@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
---
lib/daemon.py | 21 ++-------------------
lib/utils.py | 11 +----------
2 files changed, 3 insertions(+), 29 deletions(-)
diff --git a/lib/daemon.py b/lib/daemon.py
index 6f67dc6ab..9897ee297 100644
--- a/lib/daemon.py
+++ b/lib/daemon.py
@@ -25,9 +25,7 @@
import asyncore
import asynchat
import collections
-import grp
import os
-import pwd
import signal
import logging
import sched
@@ -43,10 +41,6 @@ from ganeti import netutils
from ganeti import ssconf
-_DEFAULT_RUN_USER = "root"
-_DEFAULT_RUN_GROUP = "root"
-
-
class SchedulerBreakout(Exception):
"""Exception used to get out of the scheduler loop
@@ -495,8 +489,7 @@ class Mainloop(object):
def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn,
multithreaded=False, console_logging=False,
- default_ssl_cert=None, default_ssl_key=None,
- user=_DEFAULT_RUN_USER, group=_DEFAULT_RUN_GROUP):
+ default_ssl_cert=None, default_ssl_key=None):
"""Shared main function for daemons.
@type daemon_name: string
@@ -522,10 +515,6 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn,
@param default_ssl_cert: Default SSL certificate path
@type default_ssl_key: string
@param default_ssl_key: Default SSL key path
- @param user: Default user to run as
- @type user: string
- @param group: Default group to run as
- @type group: string
"""
optionparser.add_option("-f", "--foreground", dest="fork",
@@ -602,14 +591,8 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn,
utils.EnsureDirs(dirs)
if options.fork:
- try:
- uid = pwd.getpwnam(user).pw_uid
- gid = grp.getgrnam(group).gr_gid
- except KeyError:
- raise errors.ConfigurationError("User or group not existing on system:"
- " %s:%s" % (user, group))
utils.CloseFDs()
- utils.Daemonize(constants.DAEMONS_LOGFILES[daemon_name], uid, gid)
+ utils.Daemonize(logfile=constants.DAEMONS_LOGFILES[daemon_name])
utils.WritePidFile(daemon_name)
try:
diff --git a/lib/utils.py b/lib/utils.py
index f4a3db5d4..9c43a388f 100644
--- a/lib/utils.py
+++ b/lib/utils.py
@@ -2113,7 +2113,7 @@ def Mlockall(_ctypes=ctypes):
logging.debug("Memory lock set")
-def Daemonize(logfile, run_uid, run_gid):
+def Daemonize(logfile):
"""Daemonize the current process.
This detaches the current process from the controlling terminal and
@@ -2121,10 +2121,6 @@ def Daemonize(logfile, run_uid, run_gid):
@type logfile: str
@param logfile: the logfile to which we should redirect stdout/stderr
- @type run_uid: int
- @param run_uid: Run the child under this uid
- @type run_gid: int
- @param run_gid: Run the child under this gid
@rtype: int
@return: the value zero
@@ -2138,11 +2134,6 @@ def Daemonize(logfile, run_uid, run_gid):
pid = os.fork()
if (pid == 0): # The first child.
os.setsid()
- # FIXME: When removing again and moving to start-stop-daemon privilege drop
- # make sure to check for config permission and bail out when invoked
- # with wrong user.
- os.setgid(run_gid)
- os.setuid(run_uid)
# this might fail
pid = os.fork() # Fork a second child.
if (pid == 0): # The second child.
--
GitLab