Re: [Wrapper-user] Ubuntu Upstart default script launches wrapper with "launchdinternal" option?

[Christian M. <chr...@ta...>]

Hello Holger,

I'm sorry for the trouble.

By default, after installing the service with upstart it will be run as root.
If the USE_UPSTART variable is set in the script, it will create on
install a default upstart conf file:
For instance:

# testwrapper - Test Wrapper Sample Application
description "Test Wrapper Sample Application"
author "Tanuki Software Ltd. <in...@ta...>"
start on runlevel [2345]
stop on runlevel [!2345]
env LANG=en_US.utf8

exec "/home/christian/tanuki/35xbranch/professional/bin/testwrapper"
launchdinternal

(This operation requires root.)

So after installing when you call the script with parameter "start" it
calls /sbin/start {program}
Calling /sbin/start also requires root privileges and the service
starts as root.

The launchdinternal option is actually not lauchd specific. The only
difference here between the "normal" start is that the script will
keep waiting until the Wrapper process, it launched, stopped.  It was
just named launchdinternal because we first added this function when
integrating the script with OS X's launchd. The way launchd and
upstart works was quite similar at this point, so we can use this
function on upstart as well. Furthermore changing the function name
could have caused problems for OSX users which upgrade the Wrapper
without reinstalling their application in launchd...


>From your mail, it seems you want to run the script as upstart service
as specified user.
I was going through the script and actually found indeed that there
was a problem running an application through upstart as different user
when you set the RUN_AS_USER variable to the user you want to run the
script.
The drop of the root privileges should happen at the entry at
launchdinternal rather than start

So you would have to move the line:
            checkUser "" "$COMMAND"
from
            elif [ "$DIST_OS" = "linux" -a -f
"/etc/init/${APP_NAME}.conf" ] ; then
                upstartstart
to here
        'launchdinternal')
            checkUser "" "$COMMAND"

I attached the revised script to this mail.

Please let me know if you have any further questions about this.

Thank you,

Christian Mueller
Tanuki Software, Ltd.




On Sat, Dec 10, 2011 at 12:09 AM, Holger Dippel
<hol...@um...> wrote:
> I've tried changing the upstart script to launch the wrapper with "start"
> instead of "launchdinternal". Didn't work.
>
> Digging through the wrapper shell script I found that:
>
>        'start')
>             if [ "$DIST_OS" = "macosx" -a -f
> "/Library/LaunchDaemons/${APP_PLIST}" ] ; then
>                 macosxstart
>             elif [ "$DIST_OS" = "linux" -a -f "/etc/init/${APP_NAME}.conf" ]
> ; then
>                 checkUser touchlock "$@"
> upstartstart
>             else
>                 checkUser touchlock "$@"
>                 if [ ! -n "$FIXED_COMMAND" ] ; then
>                     shift
>                 fi
>                 start "$@"
>             fi
>             ;;
>
> where for upstart configurations it will run:
>
>                 checkUser touchlock "$@"
> upstartstart
>
> where checkUser relaunches the wrapper shell script as the user I intend the
> script to run as then exits the first iteration without calling upstartstart
> -- at least that's how I interpret the code.
>
> The next iteration -- now running as the intended user -- calls checkUser
> again, but nothing will happen as the script is already running under the
> intended user account.
>
> It proceeds to upstartstart, but here it fails because the user running the
> script is no longer "root". And even if it would succeed past the "root"
> test, upstartstart just would try to launch /sbin/start <script> again
> instead of actually starting the wrapper application. The way I understand
> it, there's a flaw in this logic.
>
> I would omit this condition completely:
>
>             elif [ "$DIST_OS" = "linux" -a -f "/etc/init/${APP_NAME}.conf" ]
> ; then
>                 checkUser touchlock "$@"
> upstartstart
>
> and only distinguish between macos start and everything else.
>
> Why would starting the wrapper daemon with upstart be any different from
> starting it by any other means?
>
> Does anyone have any thoughts?
>
> Thank you,
>
>
> Holger
>
>
> Holger Dippel
> Assistant Director for Infrastructure Integration
> University of Massachusetts Dartmouth
> 285 Old Westport Road • North Dartmouth, MA 02747
>
> 508-999-9181 • hol...@um...
>
> http://www.umassd.edu/
> ________________________________
>
> CITS will never ask you for your password or other confidential information
> via email. Beware of phishing scams where email and/or malicious web sites
> try to trick users into entering their username and password.
> For more information about password security please visit:
> http://www.umassd.edu/cits/security/
>
>
> ________________________________
> From: "Holger Dippel" <hol...@um...>
> To: wra...@li...
> Sent: Friday, December 9, 2011 9:04:56 AM
> Subject: Ubuntu Upstart default script launches wrapper with
> "launchdinternal" option?
>
>
> Good morning,
>
> I am experimenting with the community edition of the wrapper to launch the
> Grouper Loader as a system service.
>
> After installing and launching the script as upstart service on Ubuntu with
> the default upstart settings for wrapper, I checked the running processes
> and was surprised that all wrapper processes run as root.
>
> Digging a little deeper I figured out that the wrapper is started with the
> "launchdinternal" option. In the wrapper shell script "launchdinternal" does
> not call the checkUser function. Also, "launchd" is MacOS X specific.
>
> Why would the "install" option of the wrapper script detect Ubuntu
> correctly, but then install a default upstart script that's MacOS X
> specific?
> Does anyone have an Ubuntu specific upstart script for the wrapper?
>
> Thank you,
>
>
> Holger Dippel
>
> Holger Dippel
> Assistant Director for Infrastructure Integration
> University of Massachusetts Dartmouth
> 285 Old Westport Road • North Dartmouth, MA 02747
>
> 508-999-9181 • hol...@um...
>
> http://www.umassd.edu/
> ________________________________
>
>
>
> ------------------------------------------------------------------------------
> Cloud Services Checklist: Pricing and Packaging Optimization
> This white paper is intended to serve as a reference, checklist and point of
> discussion for anyone considering optimizing the pricing and packaging model
> of a cloud services business. Read Now!
> http://www.accelacomm.com/jaw/sfnl/114/51491232/
> _______________________________________________
> Wrapper-user mailing list
> Wra...@li...
> https://lists.sourceforge.net/lists/listinfo/wrapper-user
>