From cf89686baee57368bf6b4e93a49284b376f4d84f Mon Sep 17 00:00:00 2001
From: Thomas Uehlinger <th.uehlinger@gmx.ch>
Date: Sat, 15 May 2010 15:11:56 +0000
Subject: [PATCH] Pull in changes form mikehale.

---
 Releases                        |  3 +++
 lib/daemons.rb                  |  1 +
 lib/daemons/application.rb      | 20 +++++++++++++++++---
 lib/daemons/change_privilege.rb | 19 +++++++++++++++++++
 lib/daemons/daemonize.rb        |  1 +
 lib/daemons/etc_extension.rb    | 12 ++++++++++++
 lib/daemons/pidfile.rb          |  1 +
 7 files changed, 54 insertions(+), 3 deletions(-)
 create mode 100644 lib/daemons/change_privilege.rb
 create mode 100644 lib/daemons/etc_extension.rb

diff --git a/Releases b/Releases
index e11ebe4..518fc21 100644
--- a/Releases
+++ b/Releases
@@ -12,6 +12,9 @@
   kill them automatically it if they do not stop within a given time 
   (force_kill_waittime). Use the option --no_wait to not wait for processes to 
   stop.
+* Set log files mode to 0644 (mikehale).
+* Set pid file permissions to 0644 (mikehale).
+* Added ability to change process uid/gid (mikehale).
 
 == Release 1.0.10: March 21, 2008
 
diff --git a/lib/daemons.rb b/lib/daemons.rb
index 1228ee0..171d9ce 100644
--- a/lib/daemons.rb
+++ b/lib/daemons.rb
@@ -12,6 +12,7 @@
 require 'daemons/application_group'
 require 'daemons/controller'
 
+require 'timeout'
 
 # All functions and classes that Daemons provides reside in this module.
 #
diff --git a/lib/daemons/application.rb b/lib/daemons/application.rb
index 25fd3fe..1792f2c 100644
--- a/lib/daemons/application.rb
+++ b/lib/daemons/application.rb
@@ -1,5 +1,6 @@
 require 'daemons/pidfile'
 require 'daemons/pidmem'
+require 'daemons/change_privilege'
 
 require 'timeout'
 
@@ -44,6 +45,12 @@ def initialize(group, add_options = {}, pid = nil)
       end
     end
     
+    def change_privilege
+      user = options[:user]
+      group = options[:group]
+      CurrentProcess.change_privilege(user, group) if user
+    end
+    
     def script
       @script || @group.script
     end
@@ -52,13 +59,19 @@ def pidfile_dir
       Pid.dir(@dir_mode || @group.dir_mode, @dir || @group.dir, @script || @group.script)
     end
     
+    def logdir
+      logdir = options[:log_dir]
+      unless logdir
+        logdir = options[:dir_mode] == :system ? '/var/log' : pidfile_dir
+      end
+      logdir
+    end
+    
     def output_logfile
-      logdir = options[:dir_mode] == :system ? '/var/log' : pidfile_dir
       (options[:log_output] && logdir) ? File.join(logdir, @group.app_name + '.output') : nil
     end
     
     def logfile
-      logdir = options[:dir_mode] == :system ? '/var/log' : pidfile_dir
       logdir ? File.join(logdir, @group.app_name + '.log') : nil
     end
     
@@ -266,6 +279,7 @@ def start_proc
     
     
     def start
+      change_privilege
       @group.create_monitor(@group.applications[0] || self) unless options[:ontop]  # we don't monitor applications in the foreground
       
       case options[:mode]
@@ -364,7 +378,7 @@ def stop(no_wait = false)
       begin
         Process.kill(SIGNAL, pid)
       rescue Errno::ESRCH => e
-        puts "#{e} #{@pid.pid}"
+        puts "#{e} #{pid}"
         puts "deleting pid-file."
       end
       
diff --git a/lib/daemons/change_privilege.rb b/lib/daemons/change_privilege.rb
new file mode 100644
index 0000000..34f02e6
--- /dev/null
+++ b/lib/daemons/change_privilege.rb
@@ -0,0 +1,19 @@
+require 'daemons/etc_extension'
+
+class CurrentProcess
+  def self.change_privilege(user, group=user)
+    puts "Changing process privilege to #{user}:#{group}"
+  
+    uid, gid = Process.euid, Process.egid
+    target_uid = Etc.getpwnam(user).uid
+    target_gid = Etc.getgrnam(group).gid
+
+    if uid != target_uid || gid != target_gid
+      Process.initgroups(user, target_gid)
+      Process::GID.change_privilege(target_gid)
+      Process::UID.change_privilege(target_uid)
+    end
+  rescue Errno::EPERM => e
+    raise "Couldn't change user and group to #{user}:#{group}: #{e}"
+  end
+end
\ No newline at end of file
diff --git a/lib/daemons/daemonize.rb b/lib/daemons/daemonize.rb
index 197a5a6..53b497e 100644
--- a/lib/daemons/daemonize.rb
+++ b/lib/daemons/daemonize.rb
@@ -247,6 +247,7 @@ def redirect_io(logfile_name)
     if logfile_name
       begin
         STDOUT.reopen logfile_name, "a" 
+        File.chmod(0644, logfile_name)
         STDOUT.sync = true
       rescue ::Exception
         begin; STDOUT.reopen "/dev/null"; rescue ::Exception; end
diff --git a/lib/daemons/etc_extension.rb b/lib/daemons/etc_extension.rb
new file mode 100644
index 0000000..37340fc
--- /dev/null
+++ b/lib/daemons/etc_extension.rb
@@ -0,0 +1,12 @@
+require 'etc'
+
+Etc.instance_eval do
+  def groupname(gid)
+    Etc.group {|e| return e.name if gid == e.gid }
+    nil
+  end
+  def username(uid)
+    Etc.passwd {|e| return e.name if uid == e.uid }
+    nil
+  end
+end
diff --git a/lib/daemons/pidfile.rb b/lib/daemons/pidfile.rb
index faaa339..1b9cebe 100644
--- a/lib/daemons/pidfile.rb
+++ b/lib/daemons/pidfile.rb
@@ -92,6 +92,7 @@ def exist?
     
     def pid=(p)
       File.open(filename, 'w') {|f|
+        f.chmod(0644)
         f.puts p   #Process.pid
       }
     end