From a4e78fbed539e83b639dd22b0662554c9e837e23 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Tue, 25 Sep 2012 16:56:08 -0400 Subject: drop privs options added, works in CherryPy --- src/lib/Bcfg2/Options.py | 34 +++++++++++++++++++++++++++++++++- src/lib/Bcfg2/Server/BuiltinCore.py | 4 +++- src/lib/Bcfg2/Server/CherryPyCore.py | 4 +++- 3 files changed, 39 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/Bcfg2/Options.py b/src/lib/Bcfg2/Options.py index a436472e1..4fda79dfb 100644 --- a/src/lib/Bcfg2/Options.py +++ b/src/lib/Bcfg2/Options.py @@ -7,6 +7,8 @@ import os import re import shlex import sys +import grp +import pwd import Bcfg2.Client.Tools from Bcfg2.Compat import ConfigParser from Bcfg2.version import __version__ @@ -332,6 +334,24 @@ def get_bool(val): raise ValueError +def get_gid(val): + """ This takes a group name or gid and returns the corresponding + gid. """ + try: + return int(val) + except ValueError: + return int(grp.getgrnam(val)[2]) + + +def get_uid(val): + """ This takes a group name or gid and returns the corresponding + gid. """ + try: + return int(val) + except ValueError: + return int(pwd.getpwnam(val)[2]) + + # Options accepts keyword argument list with the following values: # default: default value for the option # cmd: command line switch @@ -522,6 +542,16 @@ SERVER_BACKEND = \ Option('Server Backend', default='best', cf=('server', 'backend')) +SERVER_DAEMON_USER = \ + Option('User to run the server daemon as', + default=0, + cf=('server', 'user'), + cook=get_uid) +SERVER_DAEMON_GROUP = \ + Option('Group to run the server daemon as', + default=0, + cf=('server', 'group'), + cook=get_gid) # database options DB_ENGINE = \ @@ -1000,7 +1030,9 @@ CLI_COMMON_OPTIONS = dict(configfile=CFILE, syslog=LOGGING_SYSLOG) DAEMON_COMMON_OPTIONS = dict(daemon=DAEMON, - listen_all=SERVER_LISTEN_ALL) + listen_all=SERVER_LISTEN_ALL, + daemon_uid=SERVER_DAEMON_USER, + daemon_gid=SERVER_DAEMON_GROUP) SERVER_COMMON_OPTIONS = dict(repo=SERVER_REPOSITORY, plugins=SERVER_PLUGINS, diff --git a/src/lib/Bcfg2/Server/BuiltinCore.py b/src/lib/Bcfg2/Server/BuiltinCore.py index 61edd9cf7..b62312828 100644 --- a/src/lib/Bcfg2/Server/BuiltinCore.py +++ b/src/lib/Bcfg2/Server/BuiltinCore.py @@ -30,7 +30,9 @@ class Core(BaseCore): BaseCore.__init__(self, setup) self.server = None self.context = \ - daemon.DaemonContext(pidfile=PidFile(self.setup['daemon'])) + daemon.DaemonContext(uid=self.setup['daemon_uid'], + gid=self.setup['daemon_gid'], + pidfile=PidFile(self.setup['daemon'])) def _dispatch(self, method, args, dispatch_dict): """Custom XML-RPC dispatcher for components. diff --git a/src/lib/Bcfg2/Server/CherryPyCore.py b/src/lib/Bcfg2/Server/CherryPyCore.py index a840d5ae9..79e939344 100644 --- a/src/lib/Bcfg2/Server/CherryPyCore.py +++ b/src/lib/Bcfg2/Server/CherryPyCore.py @@ -7,7 +7,7 @@ from Bcfg2.Server.Core import BaseCore import cherrypy from cherrypy.lib import xmlrpcutil from cherrypy._cptools import ErrorTool -from cherrypy.process.plugins import Daemonizer, PIDFile +from cherrypy.process.plugins import Daemonizer, DropPrivileges, PIDFile def on_error(*args, **kwargs): # pylint: disable=W0613 @@ -90,6 +90,8 @@ class Core(BaseCore): return cherrypy.serving.response.body def _daemonize(self): + DropPrivileges(cherrypy.engine, uid=self.setup['daemon_uid'], + gid=self.setup['daemon_gid']).subscribe() Daemonizer(cherrypy.engine).subscribe() PIDFile(cherrypy.engine, self.setup['daemon']).subscribe() -- cgit v1.2.3-1-g7c22