Commit 0871e361 authored by Chris McDonough's avatar Chris McDonough

Merge from 2.7 branch:

Collector 1304: zopectl doesn't allow specification of zdrun effective user.
parent 93439e6a
...@@ -24,6 +24,7 @@ Options: ...@@ -24,6 +24,7 @@ Options:
-h/--help -- print this usage message and exit -h/--help -- print this usage message and exit
-i/--interactive -- start an interactive shell after executing commands -i/--interactive -- start an interactive shell after executing commands
-l/--logfile -- log file to be read by logtail command -l/--logfile -- log file to be read by logtail command
-u/--user -- run the daemon manager program as this user (or numeric id)
-m/--umask -- provide octal umask for files created by the managed process -m/--umask -- provide octal umask for files created by the managed process
action [arguments] -- see below action [arguments] -- see below
...@@ -61,6 +62,7 @@ class ZopeCtlOptions(ZDOptions): ...@@ -61,6 +62,7 @@ class ZopeCtlOptions(ZDOptions):
program = "zopectl" program = "zopectl"
schemadir = os.path.dirname(Zope.Startup.__file__) schemadir = os.path.dirname(Zope.Startup.__file__)
schemafile = "zopeschema.xml" schemafile = "zopeschema.xml"
uid = gid = None
# XXX Suppress using Zope's <eventlog> section to avoid using the # XXX Suppress using Zope's <eventlog> section to avoid using the
# same logging for zdctl as for the Zope appserver. There still # same logging for zdctl as for the Zope appserver. There still
...@@ -81,11 +83,32 @@ class ZopeCtlOptions(ZDOptions): ...@@ -81,11 +83,32 @@ class ZopeCtlOptions(ZDOptions):
self.add("default_to_interactive", "runner.default_to_interactive", self.add("default_to_interactive", "runner.default_to_interactive",
default=1) default=1)
self.add("logfile", None, "l:", "logfile=") self.add("logfile", None, "l:", "logfile=")
self.add("user", "runner.user", "u:", "user=")
self.add("prompt", "runner.prompt", default="zopectl>") self.add("prompt", "runner.prompt", default="zopectl>")
self.add("umask", "runner.umask", "m:", "umask=") self.add("umask", "runner.umask", "m:", "umask=")
def realize(self, *args, **kw): def realize(self, *args, **kw):
ZDOptions.realize(self, *args, **kw) ZDOptions.realize(self, *args, **kw)
# Additional checking of user option; set uid and gid
if self.user is not None:
import pwd
try:
uid = int(self.user)
except ValueError:
try:
pwrec = pwd.getpwnam(self.user)
except KeyError:
self.usage("username %r not found" % self.user)
uid = pwrec[2]
else:
try:
pwrec = pwd.getpwuid(uid)
except KeyError:
self.usage("uid %r not found" % self.user)
gid = pwrec[3]
self.uid = uid
self.gid = gid
config = self.configroot config = self.configroot
self.directory = config.instancehome self.directory = config.instancehome
self.clienthome = config.clienthome self.clienthome = config.clienthome
...@@ -94,7 +117,6 @@ class ZopeCtlOptions(ZDOptions): ...@@ -94,7 +117,6 @@ class ZopeCtlOptions(ZDOptions):
else: else:
self.program = [os.path.join(self.directory, "bin", "runzope")] self.program = [os.path.join(self.directory, "bin", "runzope")]
self.sockname = os.path.join(self.clienthome, "zopectlsock") self.sockname = os.path.join(self.clienthome, "zopectlsock")
self.user = None
self.python = sys.executable self.python = sys.executable
self.zdrun = os.path.join(os.path.dirname(zdaemon.__file__), self.zdrun = os.path.join(os.path.dirname(zdaemon.__file__),
"zdrun.py") "zdrun.py")
......
...@@ -127,6 +127,27 @@ ...@@ -127,6 +127,27 @@
</description> </description>
</key> </key>
<key name="user" datatype="string"
required="no">
<description>
Command-line option: -u or --user.
When zdrun.py is started by root, this option specifies the
user as who the the zdrun.py process (and hence the daemon
subprocess) will run. This can be a user name or a numeric
user id. Both the user and the group are set from the
corresponding password entry, using setuid() and setgid().
This is done before zdrun.py does anything else besides
parsing its command line arguments.
NOTE: when zdrun.py is not started by root, specifying this
option is an error. (XXX This may be a mistake.)
XXX The zdrun.py event log file may be opened *before*
setuid() is called. Is this good or bad?
</description>
</key>
<key name="hang-around" datatype="boolean" <key name="hang-around" datatype="boolean"
required="no" default="false"> required="no" default="false">
<description> <description>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment