diff options
| author | Thomas Orgis | 2016-10-07 09:46:36 +0200 |
|---|---|---|
| committer | Thomas Orgis | 2016-10-07 09:47:16 +0200 |
| commit | 5847ddd0358e2798d92beef3212cd2abe480ca57 (patch) | |
| tree | a65539b8cb7e76034b1253bc63a86c96d81e6eb8 /collab | |
| parent | ab4321a708d520a89600a6383958085806e9d48b (diff) | |
subversion: support running as non-root in init script
This is kludgy and leaves much to be desired. For example, the
PID file is not cleaned up. Our init system really needs to support
running as differing user and in chroot via loadproc/killproc.
Also, those should actually use $PIDFILE and not only remove
/var/run/$base.pid in killproc.
Diffstat (limited to 'collab')
| -rwxr-xr-x | collab/subversion/DETAILS | 1 | ||||
| -rw-r--r-- | collab/subversion/HISTORY | 4 | ||||
| -rwxr-xr-x | collab/subversion/init.d/subversion | 16 | ||||
| -rw-r--r-- | collab/subversion/init.d/subversion.conf | 4 |
4 files changed, 23 insertions, 2 deletions
diff --git a/collab/subversion/DETAILS b/collab/subversion/DETAILS index 656e206335..8a74a5a772 100755 --- a/collab/subversion/DETAILS +++ b/collab/subversion/DETAILS @@ -1,6 +1,7 @@ SPELL=subversion VERSION=1.9.4 SECURITY_PATCH=8 + PATCHLEVEL=1 if [[ "$SVN_HEAD" == y ]]; then VERSION=${VERSION%.*}-HEAD; fi SOURCE=$SPELL-$VERSION.tar.bz2 if [[ "$SVN_HEAD" == y ]]; then diff --git a/collab/subversion/HISTORY b/collab/subversion/HISTORY index e529d17d8f..c2c34f0a5b 100644 --- a/collab/subversion/HISTORY +++ b/collab/subversion/HISTORY @@ -1,3 +1,7 @@ +2016-10-07 Thomas Orgis <sobukus@sourcemage.org> + * init.d/subversion{,.conf}: add support for running as non-root + * DETAILS: PATCHLEVEL++ + 2016-04-30 Florian Franzmann <siflfran@hawo.stw.uni-erlangen.de> * DETAILS: version 1.9.4, SECURITY_PATCH++, fixes CVE-2016-2167 and CVE-2016-2168 diff --git a/collab/subversion/init.d/subversion b/collab/subversion/init.d/subversion index 13f437e7e0..5db3313010 100755 --- a/collab/subversion/init.d/subversion +++ b/collab/subversion/init.d/subversion @@ -2,7 +2,7 @@ . /etc/sysconfig/subversion -PIDFILE=/var/run/subversion.pid +PIDFILE=/var/run/subversion/svnserve.pid PROGRAM=/usr/bin/svnserve RUNLEVEL=3 NEEDS="+network +remote_fs" @@ -17,5 +17,17 @@ OPTS="-d --pid-file $PIDFILE -r $REPOSITORIES" start() { - loadproc "${PROGRAM}" $OPTS + mkdir -p $(dirname $PIDFILE) + if [[ -z "$DAEMON_USER" ]]; then + loadproc "${PROGRAM}" $OPTS + else + # This can succeed to start svnserve, + # but that could quickly fail without us noticing. + chown "$DAEMON_USER" $(dirname $PIDFILE) && + su -c "$PROGRAM $OPTS" "$DAEMON_USER" + # Kludge to detect failure (because of user permissions, normally). + sleep 1 + test -e /proc/$(cat $PIDFILE)/exe + evaluate_retval + fi } diff --git a/collab/subversion/init.d/subversion.conf b/collab/subversion/init.d/subversion.conf index f6f7206cd2..6d0adfdd22 100644 --- a/collab/subversion/init.d/subversion.conf +++ b/collab/subversion/init.d/subversion.conf @@ -18,3 +18,7 @@ READ_ONLY="NO" # Controllers whether the server uses thread to handle request, as opposed to # forked processes THREADS="NO" + +# Run as specific user. +# Defaults to root. +DAEMON_USER="" |