diff --git a/Releases b/Releases index e11ebe4..518fc21 100644 --- a/Releases +++ b/Releases @@ -12,6 +12,9 @@ kill them automatically it if they do not stop within a given time (force_kill_waittime). Use the option --no_wait to not wait for processes to stop. +* Set log files mode to 0644 (mikehale). +* Set pid file permissions to 0644 (mikehale). +* Added ability to change process uid/gid (mikehale). == Release 1.0.10: March 21, 2008 diff --git a/lib/daemons.rb b/lib/daemons.rb index 1228ee0..171d9ce 100644 --- a/lib/daemons.rb +++ b/lib/daemons.rb @@ -12,6 +12,7 @@ require 'daemons/application_group' require 'daemons/controller' +require 'timeout' # All functions and classes that Daemons provides reside in this module. # diff --git a/lib/daemons/application.rb b/lib/daemons/application.rb index 25fd3fe..1792f2c 100644 --- a/lib/daemons/application.rb +++ b/lib/daemons/application.rb @@ -1,5 +1,6 @@ require 'daemons/pidfile' require 'daemons/pidmem' +require 'daemons/change_privilege' require 'timeout' @@ -44,6 +45,12 @@ def initialize(group, add_options = {}, pid = nil) end end + def change_privilege + user = options[:user] + group = options[:group] + CurrentProcess.change_privilege(user, group) if user + end + def script @script || @group.script end @@ -52,13 +59,19 @@ def pidfile_dir Pid.dir(@dir_mode || @group.dir_mode, @dir || @group.dir, @script || @group.script) end + def logdir + logdir = options[:log_dir] + unless logdir + logdir = options[:dir_mode] == :system ? '/var/log' : pidfile_dir + end + logdir + end + def output_logfile - logdir = options[:dir_mode] == :system ? '/var/log' : pidfile_dir (options[:log_output] && logdir) ? File.join(logdir, @group.app_name + '.output') : nil end def logfile - logdir = options[:dir_mode] == :system ? '/var/log' : pidfile_dir logdir ? File.join(logdir, @group.app_name + '.log') : nil end @@ -266,6 +279,7 @@ def start_proc def start + change_privilege @group.create_monitor(@group.applications[0] || self) unless options[:ontop] # we don't monitor applications in the foreground case options[:mode] @@ -364,7 +378,7 @@ def stop(no_wait = false) begin Process.kill(SIGNAL, pid) rescue Errno::ESRCH => e - puts "#{e} #{@pid.pid}" + puts "#{e} #{pid}" puts "deleting pid-file." end diff --git a/lib/daemons/change_privilege.rb b/lib/daemons/change_privilege.rb new file mode 100644 index 0000000..34f02e6 --- /dev/null +++ b/lib/daemons/change_privilege.rb @@ -0,0 +1,19 @@ +require 'daemons/etc_extension' + +class CurrentProcess + def self.change_privilege(user, group=user) + puts "Changing process privilege to #{user}:#{group}" + + uid, gid = Process.euid, Process.egid + target_uid = Etc.getpwnam(user).uid + target_gid = Etc.getgrnam(group).gid + + if uid != target_uid || gid != target_gid + Process.initgroups(user, target_gid) + Process::GID.change_privilege(target_gid) + Process::UID.change_privilege(target_uid) + end + rescue Errno::EPERM => e + raise "Couldn't change user and group to #{user}:#{group}: #{e}" + end +end \ No newline at end of file diff --git a/lib/daemons/daemonize.rb b/lib/daemons/daemonize.rb index 197a5a6..53b497e 100644 --- a/lib/daemons/daemonize.rb +++ b/lib/daemons/daemonize.rb @@ -247,6 +247,7 @@ def redirect_io(logfile_name) if logfile_name begin STDOUT.reopen logfile_name, "a" + File.chmod(0644, logfile_name) STDOUT.sync = true rescue ::Exception begin; STDOUT.reopen "/dev/null"; rescue ::Exception; end diff --git a/lib/daemons/etc_extension.rb b/lib/daemons/etc_extension.rb new file mode 100644 index 0000000..37340fc --- /dev/null +++ b/lib/daemons/etc_extension.rb @@ -0,0 +1,12 @@ +require 'etc' + +Etc.instance_eval do + def groupname(gid) + Etc.group {|e| return e.name if gid == e.gid } + nil + end + def username(uid) + Etc.passwd {|e| return e.name if uid == e.uid } + nil + end +end diff --git a/lib/daemons/pidfile.rb b/lib/daemons/pidfile.rb index faaa339..1b9cebe 100644 --- a/lib/daemons/pidfile.rb +++ b/lib/daemons/pidfile.rb @@ -92,6 +92,7 @@ def exist? def pid=(p) File.open(filename, 'w') {|f| + f.chmod(0644) f.puts p #Process.pid } end