From bf1355a203051bc04acb2c1482b5e10d1f914746 Mon Sep 17 00:00:00 2001 From: Duncan Sommerville Date: Mon, 12 Jan 2015 09:48:08 -0500 Subject: [PATCH] Yet another attempt to run upstart jobs as unprivileged user --- installer/install | 8 +++---- installer/lib/airtime-session-init-setup.conf | 22 ------------------- installer/lib/airtime-session-init.conf | 15 ------------- .../install/airtime-media-monitor.conf | 5 +++-- python_apps/media-monitor/setup.py | 2 +- .../pypo/install/airtime-liquidsoap.conf | 5 +++-- python_apps/pypo/install/airtime-playout.conf | 5 +++-- python_apps/pypo/setup.py | 2 +- 8 files changed, 15 insertions(+), 49 deletions(-) delete mode 100755 installer/lib/airtime-session-init-setup.conf delete mode 100755 installer/lib/airtime-session-init.conf diff --git a/installer/install b/installer/install index a4226dbdf..7e3e89cf7 100755 --- a/installer/install +++ b/installer/install @@ -322,6 +322,7 @@ verbose "...Done" verbose "\n * Creating /usr/lib/airtime..." mkdir -p /usr/lib/airtime +mkdir -p /var/www/.init verbose "...Done" verbose "\n * Creating /run/airtime..." @@ -372,12 +373,11 @@ verbose "\n * Creating liquidsoap symlink..." ln -sf /usr/bin/liquidsoap /usr/bin/airtime-liquidsoap verbose "...Done" -sed "s@WEB_USER@${web_user}@g" ${SCRIPT_DIR}/lib/airtime-session-init-setup.conf > /etc/init/airtime-session-init-setup.conf -cp ${SCRIPT_DIR}/lib/airtime-session-init.conf /etc/init/airtime-session-init.conf -chmod 644 /usr/share/upstart/sessions/airtime* +for i in /var/www/.init/airtime*; do + sed -i 's/WEB_USER/${web_user}/g' $i +done initctl reload-configuration -service airtime-session-init-setup start if [ ! -d /var/log/airtime ]; then loud "\n-----------------------------------------------------" diff --git a/installer/lib/airtime-session-init-setup.conf b/installer/lib/airtime-session-init-setup.conf deleted file mode 100755 index a8305b182..000000000 --- a/installer/lib/airtime-session-init-setup.conf +++ /dev/null @@ -1,22 +0,0 @@ -start on runlevel [2345] -stop on runlevel [!2345] - -task - -env user=WEB_USER - -export user - -script - uid=$(getent passwd "$user"|cut -d: -f3) - gid=$(getent passwd "$user"|cut -d: -f4) - - # Create directory that would normally be - # created by PAM when a user logs in. - export XDG_RUNTIME_DIR="/run/user/$uid" - mkdir -p "$XDG_RUNTIME_DIR" - chmod 0700 "$XDG_RUNTIME_DIR" - chown "$uid:$gid" "$XDG_RUNTIME_DIR" - - start airtime-session-init user="$user" -end script diff --git a/installer/lib/airtime-session-init.conf b/installer/lib/airtime-session-init.conf deleted file mode 100755 index 2cbfe73b0..000000000 --- a/installer/lib/airtime-session-init.conf +++ /dev/null @@ -1,15 +0,0 @@ -instance $user - -stop on runlevel [016] - -script - uid=$(getent passwd "$user"|cut -d: -f3) - HOME=$(getent passwd "$user"|cut -d: -f6) - - export XDG_RUNTIME_DIR="/run/user/$uid" - export HOME - - echo $HOME - - exec su -s /bin/sh -c 'exec "$0" "$@"' $user -- init --user --confdir /usr/share/upstart/sessions/ -end script \ No newline at end of file diff --git a/python_apps/media-monitor/install/airtime-media-monitor.conf b/python_apps/media-monitor/install/airtime-media-monitor.conf index 20b611aa5..321f0270a 100755 --- a/python_apps/media-monitor/install/airtime-media-monitor.conf +++ b/python_apps/media-monitor/install/airtime-media-monitor.conf @@ -6,10 +6,11 @@ stop on runlevel [!2345] respawn -setuid www-data -setgid www-data +setuid WEB_USER +setgid WEB_USER env LANG='en_US.UTF-8' env LC_ALL='en_US.UTF-8' +env HOME='/var/www/.init' exec airtime-media-monitor \ No newline at end of file diff --git a/python_apps/media-monitor/setup.py b/python_apps/media-monitor/setup.py index 6b4e37bdf..0fe17ecc5 100755 --- a/python_apps/media-monitor/setup.py +++ b/python_apps/media-monitor/setup.py @@ -12,7 +12,7 @@ if '--no-init-script' in sys.argv: data_files = [] sys.argv.remove('--no-init-script') # super hax else: - data_files = [('/usr/share/upstart/sessions', ['install/airtime-media-monitor.conf'])] + data_files = [('/var/www/.init', ['install/airtime-media-monitor.conf'])] print data_files setup(name='airtime-media-monitor', diff --git a/python_apps/pypo/install/airtime-liquidsoap.conf b/python_apps/pypo/install/airtime-liquidsoap.conf index e60835dea..6c95ade7b 100755 --- a/python_apps/pypo/install/airtime-liquidsoap.conf +++ b/python_apps/pypo/install/airtime-liquidsoap.conf @@ -6,10 +6,11 @@ stop on runlevel [!2345] respawn -setuid www-data -setgid www-data +setuid WEB_USER +setgid WEB_USER env LANG='en_US.UTF-8' env LC_ALL='en_US.UTF-8' +env HOME='/var/www/.init' exec airtime-liquidsoap diff --git a/python_apps/pypo/install/airtime-playout.conf b/python_apps/pypo/install/airtime-playout.conf index 7d13a436e..79197443c 100755 --- a/python_apps/pypo/install/airtime-playout.conf +++ b/python_apps/pypo/install/airtime-playout.conf @@ -6,10 +6,11 @@ stop on runlevel [!2345] respawn -setuid www-data -setgid www-data +setuid WEB_USER +setgid WEB_USER env LANG='en_US.UTF-8' env LC_ALL='en_US.UTF-8' +env HOME='/var/www/.init' exec airtime-playout \ No newline at end of file diff --git a/python_apps/pypo/setup.py b/python_apps/pypo/setup.py index 7992d9383..fc5335f36 100755 --- a/python_apps/pypo/setup.py +++ b/python_apps/pypo/setup.py @@ -12,7 +12,7 @@ if '--no-init-script' in sys.argv: data_files = [] sys.argv.remove('--no-init-script') # super hax else: - data_files = [('/usr/share/upstart/sessions', ['install/airtime-playout.conf', 'install/airtime-liquidsoap.conf'])] + data_files = [('/var/www/.init', ['install/airtime-playout.conf', 'install/airtime-liquidsoap.conf'])] print data_files setup(name='airtime-playout',