Commit 93ca95e7 authored by Steven Murray's avatar Steven Murray
Browse files

cta/CTA#109 cta or stage user?

Changed user stage:st to cta:cta
parent 0a944669
......@@ -74,10 +74,10 @@ void cta::server::Daemon::setCommandLineHasBeenParsed(const bool foreground)
}
//------------------------------------------------------------------------------
// daemonizeIfNotRunInForeground
// daemonizeIfNotRunInForegroundAndSetUserAndGroup
//------------------------------------------------------------------------------
void cta::server::Daemon::daemonizeIfNotRunInForeground(
const bool runAsStagerSuperuser) {
void cta::server::Daemon::daemonizeIfNotRunInForegroundAndSetUserAndGroup(const std::string &userName,
const std::string &groupName) {
// Do nothing if already a daemon
if (1 == getppid()) {
return;
......@@ -120,16 +120,12 @@ void cta::server::Daemon::daemonizeIfNotRunInForeground(
"Failed to daemonize: Failed to freopen stderr");
} // if (!m_foreground)
// Change the user of the daemon process if requested
if (runAsStagerSuperuser) {
const std::string userName = "stage";
const std::string groupName = "st";
std::list<log::Param> params = {
log::Param("userName", userName),
log::Param("groupName", groupName)};
m_log(log::INFO, "Setting user name and group name of current process", params);
cta::System::setUserAndGroup(userName, groupName);
}
// Change the user and group of the daemon process
std::list<log::Param> params = {
log::Param("userName", userName),
log::Param("groupName", groupName)};
m_log(log::INFO, "Setting user name and group name of current process", params);
cta::System::setUserAndGroup(userName, groupName);
// Ignore SIGPIPE (connection lost with client)
// and SIGXFSZ (a file is too big)
......
......@@ -77,16 +77,19 @@ protected:
* Daemonizes the daemon if it has not been configured to run in the
* foreground.
*
* This method also sets the user and group of the process to the specified
* values.
*
* Please make sure that the setForeground() method has been called as
* appropriate before this method is called.
*
* This method takes into account whether or not the dameon should run in
* This method takes into account whether or not the daemon should run in
* foregreound or background mode (m_foreground).
*
* @param runAsStagerSuperuser Set to true if the user ID and group ID of the
* daemon should be set to those of the stager superuser.
* @param userName The name of the user.
* @param groupName The name of the group.
*/
void daemonizeIfNotRunInForeground(const bool runAsStagerSuperuser);
void daemonizeIfNotRunInForegroundAndSetUserAndGroup(const std::string &userName, const std::string &groupName);
/**
* Object representing the API of the CASTOR logging system.
......
......@@ -111,7 +111,8 @@ int cta::System::porttoi(char* str)
// setUserAndGroup
//------------------------------------------------------------------------------
void cta::System::setUserAndGroup(const std::string &userName, const std::string &groupName) {
const std::string task = std::string("set user and group of current process to ") + userName + ":" + groupName;
const std::string task = std::string("set user name of process to ") + userName + " and group name of process to " +
groupName;
struct passwd *pwd = nullptr; // password structure pointer
struct group *grp = nullptr; // group structure pointer
......
......@@ -17,9 +17,6 @@ echo "Log URL file:/cta-frontend.log" >>/etc/cta/cta-frontend.conf
echo ${DATABASEURL} >/etc/cta/cta_catalogue_db.conf
# Create user cta early so that we can set file ownership correctly
useradd cta
# EOS INSTANCE NAME used as username for SSS key
EOSINSTANCE=ctaeos
......
......@@ -45,11 +45,9 @@ CTATAPEDSSS="cta_tape_server.keytab"
#echo '0 u:stage g:tape n:taped+ N:6361736405290319874 c:1481207182 e:0 f:0 k:8e2335f24cf8c7d043b65b3b47758860cbad6691f5775ebd211b5807e1a6ec84' >> /etc/cta/${CTATAPEDSSS}
echo -n '0 u:daemon g:daemon n:ctaeos+ N:6361884315374059521 c:1481241620 e:0 f:0 k:1a08f769e9c8e0c4c5a7e673247c8561cd23a0e7d8eee75e4a543f2d2dd3fd22' > /etc/cta/${CTATAPEDSSS}
chmod 600 /etc/cta/${CTATAPEDSSS}
groupadd st
adduser stage -g st
touch /cta-taped.log
chown stage /cta-taped.log
chown stage /etc/cta/${CTATAPEDSSS}
chown cta /cta-taped.log
chown cta /etc/cta/${CTATAPEDSSS}
cat <<EOF > /etc/sysconfig/cta-taped
export CTA_TAPED_OPTIONS="-fl /cta-taped.log"
......
......@@ -24,9 +24,6 @@ echo "Log URL file:/cta-frontend.log" >>/etc/cta/cta-frontend.conf
echo ${DATABASEURL} >/etc/cta/cta_catalogue_db.conf
# Create user cta early so that we can set file ownership correctly
useradd cta
# EOS INSTANCE NAME used as username for SSS key
EOSINSTANCE=ctaeos
......
......@@ -52,7 +52,7 @@ CTATAPEDSSS="cta_tape_server.keytab"
#echo '0 u:stage g:tape n:taped+ N:6361736405290319874 c:1481207182 e:0 f:0 k:8e2335f24cf8c7d043b65b3b47758860cbad6691f5775ebd211b5807e1a6ec84' >> /etc/cta/${CTATAPEDSSS}
echo -n '0 u:daemon g:daemon n:ctaeos+ N:6361884315374059521 c:1481241620 e:0 f:0 k:1a08f769e9c8e0c4c5a7e673247c8561cd23a0e7d8eee75e4a543f2d2dd3fd22' > /etc/cta/${CTATAPEDSSS}
chmod 600 /etc/cta/${CTATAPEDSSS}
chown stage /etc/cta/${CTATAPEDSSS}
chown cta /etc/cta/${CTATAPEDSSS}
cat <<EOF > /etc/sysconfig/cta-taped
export CTA_TAPED_OPTIONS="-fl /cta-taped.log"
......
......@@ -124,8 +124,8 @@ requires(pre): /usr/bin/getent, /usr/sbin/groupadd, /usr/sbin/useradd
CERN Tape Archive:
The tape server daemon
%pre -n cta-taped
/usr/bin/getent group st || /usr/sbin/groupadd -g 1474 st
/usr/bin/getent passwd stage || /usr/sbin/useradd -s /bin/nologin -c "Stager Staging System" -u 14029 -g 1474 stage
/usr/bin/getent group cta || /usr/sbin/groupadd cta
/usr/bin/getent passwd cta || /usr/sbin/useradd -s /bin/nologin -c "CTA system account" -g cta cta
%files -n cta-taped
%defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/cta-taped
......@@ -137,9 +137,13 @@ Summary: CERN Tape Archive: Xrootd plugin
Group: Application/CTA
requires: cta-lib
requires: xrootd-server
requires(pre): /usr/bin/getent, /usr/sbin/groupadd, /usr/sbin/useradd
%description -n cta-frontend
CERN Tape Archive:
The xroot plugin
%pre -n cta-frontend
/usr/bin/getent group cta || /usr/sbin/groupadd cta
/usr/bin/getent passwd cta || /usr/sbin/useradd -s /bin/nologin -c "CTA system account" -g cta cta
%files -n cta-frontend
%defattr(-,root,root)
%attr(0755,root,root) %{_libdir}/libXrdCtaOfs.so
......
......@@ -80,8 +80,9 @@ void cta::tape::daemon::TapeDaemon::exceptionThrowingMain() {
// raw IO in the future
setProcessCapabilities("cap_setgid,cap_setuid+ep cap_sys_rawio+p");
const bool runAsStagerSuperuser = true;
daemonizeIfNotRunInForeground(runAsStagerSuperuser);
const std::string userName = "cta";
const std::string groupName = "cta";
daemonizeIfNotRunInForegroundAndSetUserAndGroup(userName, groupName);
setDumpable();
// There is no longer any need for the process to be able to change user,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment