Menu
▾
▴
Re: [Wrapper-user] RUN_AS_USER question
|
From: <nic...@uk...> - 2005-12-08 12:30:50
|
By the way, when do you think the release will go out? -Nick Internet le...@ta...@lists.sourceforge.net - 08/12/2005 05:44 Please respond to wra...@li... Sent by: wra...@li... To: wrapper-user cc: Subject: Re: [Wrapper-user] RUN_AS_USER question Nick, nic...@uk... wrote: > Do you want me to do that? > I can do it and email it in a moment... > I actually have been working on it. I decided to change the way the setting of the user is handled completely so the script now recursively calls itself if the user has been set and needs to be changed. This simplifies the script and makes it easier to guarantee that everything is set up correctly. Neale, thanks for bringing up your thread from last year. It was useful to go back and see what I had been thinking at the time. From reading my response, it looks like I had thought it all out but had not been taking into account the possibility of running as a user which had a password from a non-root user. That should be handled correctly now. Here is a link to that thread: http://sourceforge.net/mailarchive/message.php?msg_id=8899364 Could you guys take a look at the new script that I have attached and give it a try? If there are any requested changes, now is the time to put them in. The only thing I don't like about it as is is that you will be prompted for a password even if the script will do nothing other than show its usage. Fixing that is possible, but it would complicate the script. Not really sure if it matters. Cheers, Leif #! /bin/sh # # Copyright (c) 1999, 2005 Tanuki Software Inc. # # Java Service Wrapper sh script. Suitable for starting and stopping # wrapped Java applications on UNIX platforms. # #----------------------------------------------------------------------------- # These settings can be modified to fit the needs of your application # Application APP_NAME="@app.name@" APP_LONG_NAME="@app.long.name@" # Wrapper WRAPPER_CMD="./wrapper" WRAPPER_CONF="../conf/wrapper.conf" # Priority at which to run the wrapper. See "man nice" for valid priorities. # nice is only used if a priority is specified. PRIORITY= # Location of the pid file. PIDDIR="." # If uncommented, causes the Wrapper to be shutdown using an anchor file. # When launched with the 'start' command, it will also ignore all INT and # TERM signals. #IGNORE_SIGNALS=true # If specified, the Wrapper will be run as the specified user. # IMPORTANT - Make sure that the user has the required privileges to write # the PID file and wrapper.log files. Failure to be able to write the log # file will cause the Wrapper to exit without any way to write out an error # message. # NOTE - This will set the user which is used to run the Wrapper as well as # the JVM and is not useful in situations where a privileged resource or # port needs to be allocated prior to the user being changed. #RUN_AS_USER= # The following two lines are used by the chkconfig command. Change as is # appropriate for your application. They should remain commented. # chkconfig: 2345 20 80 # description: @app.long.name@ # Do not modify anything beyond this point #----------------------------------------------------------------------------- # Get the fully qualified path to the script case $0 in /*) SCRIPT="$0" ;; *) PWD=`pwd` SCRIPT="$PWD/$0" ;; esac # Change spaces to ":" so the tokens can be parsed. SCRIPT=`echo $SCRIPT | sed -e 's; ;:;g'` # Get the real path to this script, resolving any symbolic links TOKENS=`echo $SCRIPT | sed -e 's;/; ;g'` REALPATH= for C in $TOKENS; do REALPATH="$REALPATH/$C" while [ -h "$REALPATH" ] ; do LS="`ls -ld "$REALPATH"`" LINK="`expr "$LS" : '.*-> \(.*\)$'`" if expr "$LINK" : '/.*' > /dev/null; then REALPATH="$LINK" else REALPATH="`dirname "$REALPATH"`""/$LINK" fi done done # Change ":" chars back to spaces. REALPATH=`echo $REALPATH | sed -e 's;:; ;g'` # Change the current directory to the location of the script cd "`dirname "$REALPATH"`" REALDIR=`pwd` # Check the configured user. If necessary rerun this script as the desired user. if [ "X$RUN_AS_USER" != "X" ] then # Resolve the location of the 'id' command IDEXE="/usr/xpg4/bin/id" if [ ! -x $IDEXE ] then IDEXE="/usr/bin/id" if [ ! -x $IDEXE ] then echo "Unable to locate 'id'." echo "Please report this message along with the location of the command on your system." exit 1 fi fi if [ "`$IDEXE -u -n`" = "$RUN_AS_USER" ] then # Already running as the configured user. Avoid password prompts by not calling su. RUN_AS_USER="" fi fi if [ "X$RUN_AS_USER" != "X" ] then # Still want to change users, recurse. This means that the user will only be # prompted for a password once. su -m $RUN_AS_USER -c "$REALPATH $1" exit 0 fi # If the PIDDIR is relative, set its value relative to the full REALPATH to avoid problems if # the working directory is later changed. FIRST_CHAR=`echo $PIDDIR | cut -c1,1` if [ "$FIRST_CHAR" != "/" ] then PIDDIR=$REALDIR/$PIDDIR fi # Same test for WRAPPER_CONF FIRST_CHAR=`echo $WRAPPER_CONF | cut -c1,1` if [ "$FIRST_CHAR" != "/" ] then WRAPPER_CONF=$REALDIR/$WRAPPER_CONF fi # Process ID ANCHORFILE="$PIDDIR/$APP_NAME.anchor" PIDFILE="$PIDDIR/$APP_NAME.pid" pid="" # Resolve the location of the 'ps' command PSEXE="/usr/bin/ps" if [ ! -x $PSEXE ] then PSEXE="/bin/ps" if [ ! -x $PSEXE ] then echo "Unable to locate 'ps'." echo "Please report this message along with the location of the command on your system." exit 1 fi fi # Build the nice clause if [ "X$PRIORITY" = "X" ] then CMDNICE="" else CMDNICE="nice -$PRIORITY" fi getpid() { if [ -f $PIDFILE ] then if [ -r $PIDFILE ] then pid=`cat $PIDFILE` if [ "X$pid" != "X" ] then # Verify that a process with this pid is still running. pid=`$PSEXE -p $pid | grep $pid | grep -v grep | awk '{print $1}' | tail -1` if [ "X$pid" = "X" ] then # This is a stale pid file. rm -f $PIDFILE echo "Removed stale pid file: $PIDFILE" fi fi else echo "Cannot read $PIDFILE." exit 1 fi fi } testpid() { pid=`$PSEXE -p $pid | grep $pid | grep -v grep | awk '{print $1}' | tail -1` if [ "X$pid" = "X" ] then # Process is gone so remove the pid file. rm -f $PIDFILE fi } console() { echo "Running $APP_LONG_NAME..." getpid if [ "X$pid" = "X" ] then if [ "X$IGNORE_SIGNALS" = "X" ] then exec $CMDNICE $WRAPPER_CMD $WRAPPER_CONF wrapper.pidfile=$PIDFILE else exec $CMDNICE $WRAPPER_CMD $WRAPPER_CONF wrapper.pidfile=$PIDFILE wrapper.anchorfile=$ANCHORFILE fi else echo "$APP_LONG_NAME is already running." exit 1 fi } start() { echo "Starting $APP_LONG_NAME..." getpid if [ "X$pid" = "X" ] then if [ "X$IGNORE_SIGNALS" = "X" ] then exec $CMDNICE $WRAPPER_CMD $WRAPPER_CONF wrapper.pidfile=$PIDFILE wrapper.daemonize=TRUE else exec $CMDNICE $WRAPPER_CMD $WRAPPER_CONF wrapper.pidfile=$PIDFILE wrapper.anchorfile=$ANCHORFILE wrapper.ignore_signals=TRUE wrapper.daemonize=TRUE fi else echo "$APP_LONG_NAME is already running." exit 1 fi } stopit() { echo "Stopping $APP_LONG_NAME..." getpid if [ "X$pid" = "X" ] then echo "$APP_LONG_NAME was not running." else if [ "X$IGNORE_SIGNALS" = "X" ] then # Running so try to stop it. kill $pid if [ $? -ne 0 ] then # An explanation for the failure should have been given echo "Unable to stop $APP_LONG_NAME." exit 1 fi else rm -f $ANCHORFILE if [ -f $ANCHORFILE ] then # An explanation for the failure should have been given echo "Unable to stop $APP_LONG_NAME." exit 1 fi fi # We can not predict how long it will take for the wrapper to # actually stop as it depends on settings in wrapper.conf. # Loop until it does. savepid=$pid CNT=0 TOTCNT=0 while [ "X$pid" != "X" ] do # Show a waiting message every 5 seconds. if [ "$CNT" -lt "5" ] then CNT=`expr $CNT + 1` else echo "Waiting for $APP_LONG_NAME to exit..." CNT=0 fi TOTCNT=`expr $TOTCNT + 1` sleep 1 testpid done pid=$savepid testpid if [ "X$pid" != "X" ] then echo "Failed to stop $APP_LONG_NAME." exit 1 else echo "Stopped $APP_LONG_NAME." fi fi } status() { getpid if [ "X$pid" = "X" ] then echo "$APP_LONG_NAME is not running." exit 1 else echo "$APP_LONG_NAME is running ($pid)." exit 0 fi } dump() { echo "Dumping $APP_LONG_NAME..." getpid if [ "X$pid" = "X" ] then echo "$APP_LONG_NAME was not running." else kill -3 $pid if [ $? -ne 0 ] then echo "Failed to dump $APP_LONG_NAME." exit 1 else echo "Dumped $APP_LONG_NAME." fi fi } case "$1" in 'console') console ;; 'start') start ;; 'stop') stopit ;; 'restart') stopit start ;; 'status') status ;; 'dump') dump ;; *) echo "Usage: $0 { console | start | stop | restart | status | dump }" exit 1 ;; esac exit 0 This message and any attachments (the "message") is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. The internet can not guarantee the integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) not therefore be liable for the message if modified. ********************************************************************************************** BNP Paribas Private Bank London Branch is authorised by CECEI & AMF and is regulated by the Financial Services Authority for the conduct of its investment business in the United Kingdom. BNP Paribas Securities Services London Branch is authorised by CECEI & AMF and is regulated by the Financial Services Authority for the conduct of its investment business in the United Kingdom. BNP Paribas Fund Services UK Limited is authorised and regulated by the Financial Services Authority |
