Yet another attempt to run upstart jobs as unprivileged user

2015-01-12 09:48:08 -05:00 · 2015-01-12 09:48:08 -05:00 · bf1355a203
parent 24123ef45d
commit bf1355a203
8 changed files with 15 additions and 49 deletions
--- a/installer/install
+++ b/installer/install
@ -322,6 +322,7 @@ verbose "...Done"
 verbose "\n * Creating /usr/lib/airtime..."
 mkdir -p /usr/lib/airtime
 mkdir -p /var/www/.init
 verbose "...Done"
 verbose "\n * Creating /run/airtime..."
@ -372,12 +373,11 @@ verbose "\n * Creating liquidsoap symlink..."
 ln -sf /usr/bin/liquidsoap /usr/bin/airtime-liquidsoap
 verbose "...Done"
-sed "s@WEB_USER@${web_user}@g" ${SCRIPT_DIR}/lib/airtime-session-init-setup.conf > /etc/init/airtime-session-init-setup.conf
+for i in /var/www/.init/airtime*; do
-cp ${SCRIPT_DIR}/lib/airtime-session-init.conf /etc/init/airtime-session-init.conf
+    sed -i 's/WEB_USER/${web_user}/g' $i
-chmod 644 /usr/share/upstart/sessions/airtime*
+done
 initctl reload-configuration
 service airtime-session-init-setup start
 if [ ! -d /var/log/airtime ]; then
    loud "\n-----------------------------------------------------"
--- a/installer/lib/airtime-session-init-setup.conf
+++ b/installer/lib/airtime-session-init-setup.conf
@ -1,22 +0,0 @@
 start on runlevel [2345]
 stop on runlevel [!2345]
 task
 env user=WEB_USER
 export user
 script
  uid=$(getent passwd "$user"|cut -d: -f3)
  gid=$(getent passwd "$user"|cut -d: -f4)
  # Create directory that would normally be
  # created by PAM when a user logs in.
  export XDG_RUNTIME_DIR="/run/user/$uid"
  mkdir -p "$XDG_RUNTIME_DIR"
  chmod 0700 "$XDG_RUNTIME_DIR"
  chown "$uid:$gid" "$XDG_RUNTIME_DIR"
  start airtime-session-init user="$user"
 end script
--- a/installer/lib/airtime-session-init.conf
+++ b/installer/lib/airtime-session-init.conf
@ -1,15 +0,0 @@
 instance $user
 stop on runlevel [016]
 script
  uid=$(getent passwd "$user"|cut -d: -f3)
  HOME=$(getent passwd "$user"|cut -d: -f6)
  export XDG_RUNTIME_DIR="/run/user/$uid"
  export HOME
  echo $HOME
  exec su -s /bin/sh -c 'exec "$0" "$@"' $user -- init --user --confdir /usr/share/upstart/sessions/
 end script
--- a/python_apps/media-monitor/install/airtime-media-monitor.conf
+++ b/python_apps/media-monitor/install/airtime-media-monitor.conf
@ -6,10 +6,11 @@ stop on runlevel [!2345]
 respawn
-setuid www-data
+setuid WEB_USER
-setgid www-data
+setgid WEB_USER
 env LANG='en_US.UTF-8'
 env LC_ALL='en_US.UTF-8'
 env HOME='/var/www/.init'
 exec airtime-media-monitor
--- a/python_apps/media-monitor/setup.py
+++ b/python_apps/media-monitor/setup.py
@ -12,7 +12,7 @@ if '--no-init-script' in sys.argv:
    data_files = []
    sys.argv.remove('--no-init-script') # super hax
 else:
-    data_files = [('/usr/share/upstart/sessions', ['install/airtime-media-monitor.conf'])]
+    data_files = [('/var/www/.init', ['install/airtime-media-monitor.conf'])]
    print data_files
 setup(name='airtime-media-monitor',
--- a/python_apps/pypo/install/airtime-liquidsoap.conf
+++ b/python_apps/pypo/install/airtime-liquidsoap.conf
@ -6,10 +6,11 @@ stop on runlevel [!2345]
 respawn
-setuid www-data
+setuid WEB_USER
-setgid www-data
+setgid WEB_USER
 env LANG='en_US.UTF-8'
 env LC_ALL='en_US.UTF-8'
 env HOME='/var/www/.init'
 exec airtime-liquidsoap
--- a/python_apps/pypo/install/airtime-playout.conf
+++ b/python_apps/pypo/install/airtime-playout.conf
@ -6,10 +6,11 @@ stop on runlevel [!2345]
 respawn
-setuid www-data
+setuid WEB_USER
-setgid www-data
+setgid WEB_USER
 env LANG='en_US.UTF-8'
 env LC_ALL='en_US.UTF-8'
 env HOME='/var/www/.init'
 exec airtime-playout
--- a/python_apps/pypo/setup.py
+++ b/python_apps/pypo/setup.py
@ -12,7 +12,7 @@ if '--no-init-script' in sys.argv:
    data_files = []
    sys.argv.remove('--no-init-script') # super hax
 else:
-    data_files = [('/usr/share/upstart/sessions', ['install/airtime-playout.conf', 'install/airtime-liquidsoap.conf'])]
+    data_files = [('/var/www/.init', ['install/airtime-playout.conf', 'install/airtime-liquidsoap.conf'])]
    print data_files
 setup(name='airtime-playout',