Hello Campers I''m not sure this is the right list to ask but: I''m using the junebug wiki (which is written in camping) for my own personal wiki. I''d like it to behave as a proper daemon, so it will start up at boot, get stopped properly at shutdown, keep a pid file in /var/run etc. This requires a little messing with the wiki script junebug makes in the wiki directory (changing the dirmode to system, amongst other things). Junebug uses the daemons gem for this purpose, for those who haven''t looked at the gem. This works and I can copy the wiki script to /etc/init.d/ and add the appropriate runlevel symlinks with update-rc.d. Which all works great. Except that I end with the process running as root. Which makes me twitchy and nervous. So I''d to like to make it step down like a good little process to a much less privileged user. I can''t do this in the /etc/init.d/ script, as it then can''t write the pid file (and probably other things). But putting it in the setup post amble doesn''t seem to work (the wiki is still root) So where should my Process.uid statements go? Regards, Jon.
I was playing with some setuid and camping for a project myself. I don''t see if you''ve mentioned this, but I assume you''re using the camping server to run it? I ended up just editing the camping server script to change uid and chroot just after its requires (I also edited it to do all its requires up front because I was chrooting and to just use mongrel just because). I''m not sure what the problem with doing this in the postamble would be though, are you sure it''s getting run? Is it getting run every time camping reloads the script? How exactly are you setting the uid? John On 11/03/2008, Jonathan Stott <jonathan.stott at gmail.com> wrote:> Hello Campers > > I''m not sure this is the right list to ask but: > I''m using the junebug wiki (which is written in camping) for my own personal wiki. I''d like it to behave as a proper daemon, so it will start up at boot, get stopped properly at shutdown, keep a pid file in /var/run etc. > > This requires a little messing with the wiki script junebug makes in the wiki directory (changing the dirmode to system, amongst other things). Junebug uses the daemons gem for this purpose, for those who haven''t looked at the gem. This works and I can copy the wiki script to /etc/init.d/ and add the appropriate runlevel symlinks with update-rc.d. > > Which all works great. Except that I end with the process running as root. Which makes me twitchy and nervous. So I''d to like to make it step down like a good little process to a much less privileged user. I can''t do this in the /etc/init.d/ script, as it then can''t write the pid file (and probably other things). But putting it in the setup post amble doesn''t seem to work (the wiki is still root) > > So where should my Process.uid statements go? > > Regards, > Jon. > _______________________________________________ > Camping-list mailing list > Camping-list at rubyforge.org > http://rubyforge.org/mailman/listinfo/camping-list >
No, junebug uses the Mongrel Camping handler (which is set up in the same postamble) which I know is invoked, as I can change messages in there and they are reflected in the logs, for example. the postamble looks like: connect to DB create tables Invoke the Mongrel::Camping handler set up some signal traps join the server thread. (or see a pastie of the actual code here: http://pastie.caboo.se/164364 ) I''m trying to set the uid via ''Process.uid = ###'', which I''ve tried at various points through the post amble, both before and after the join, but it still seems to be running as root when I check ps. Regards, Jonathan On Tue, 11 Mar 2008 11:42:52 +0000 "John Turner" <john.turner at norgg.org> wrote:> I was playing with some setuid and camping for a project myself. I > don''t see if you''ve mentioned this, but I assume you''re using the > camping server to run it? I ended up just editing the camping server > script to change uid and chroot just after its requires (I also edited > it to do all its requires up front because I was chrooting and to just > use mongrel just because). I''m not sure what the problem with doing > this in the postamble would be though, are you sure it''s getting run? > Is it getting run every time camping reloads the script? How exactly > are you setting the uid? > > John >
Having you considered using rv? http://blog.evanweaver.com/files/doc/fauna/rv/files/README.html On Tue, Mar 11, 2008 at 5:30 AM, Jonathan Stott <jonathan.stott at gmail.com> wrote:> Hello Campers > > I''m not sure this is the right list to ask but: > I''m using the junebug wiki (which is written in camping) for my own > personal wiki. I''d like it to behave as a proper daemon, so it will start > up at boot, get stopped properly at shutdown, keep a pid file in /var/run > etc. > >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/camping-list/attachments/20080311/75bf857f/attachment.html
I was using Process::UID.change_privilege(uid), which seems to do the job (in irb at least) where Process.uid= doesn''t, it seems like it should though. There''s grant_privelege too, but I don''t know what the difference between that and change_privilege is. Hope that helps. John On 11/03/2008, Jonathan Stott <jonathan.stott at gmail.com> wrote:> No, junebug uses the Mongrel Camping handler (which is set up in the same postamble) which I know is invoked, as I can change messages in there and they are reflected in the logs, for example. > > the postamble looks like: > connect to DB > create tables > Invoke the Mongrel::Camping handler > set up some signal traps > join the server thread. > (or see a pastie of the actual code here: > http://pastie.caboo.se/164364 ) > > I''m trying to set the uid via ''Process.uid = ###'', which I''ve tried at various points through the post amble, both before and after the join, but it still seems to be running as root when I check ps. > > Regards, Jonathan > > > On Tue, 11 Mar 2008 11:42:52 +0000 > "John Turner" <john.turner at norgg.org> wrote: > > > I was playing with some setuid and camping for a project myself. I > > don''t see if you''ve mentioned this, but I assume you''re using the > > camping server to run it? I ended up just editing the camping server > > script to change uid and chroot just after its requires (I also edited > > it to do all its requires up front because I was chrooting and to just > > use mongrel just because). I''m not sure what the problem with doing > > this in the postamble would be though, are you sure it''s getting run? > > Is it getting run every time camping reloads the script? How exactly > > are you setting the uid? > > > > John > > > > _______________________________________________ > Camping-list mailing list > Camping-list at rubyforge.org > http://rubyforge.org/mailman/listinfo/camping-list >