On Sun, 12 Oct 2014 19:06:11 +0900 Joel Rees <joel.r...@gmail.com> wrote:
> Hmm. Let's comment that for people newer to scripting than I am. > > On Sun, Oct 12, 2014 at 6:28 AM, Steve Litt > <sl...@troubleshooters.com> wrote: > > ####### RUN THE DAEMON ####### > > exec envuidgid slitt envdir ./env setuidgid slitt \ > > /d/at/python/littcron/littcron.py \ > > /d/at/python/littcron/crontab > > man exec for clues to that, understand that littcron.py is Steve's > special cron (right, Steve?), and that he is setting up a special > environment for things and there's other stuff there that I can only > guess at, not having the code to littcron, I think. So I'll punt here. Exec takes the current process, which in this case is the daemontools run script, and swaps exec's argument for the current process. So, if the current process is a shellscript PID 4321, after "exec gnumeric", PID 4321 is now Gnumeric, not a shellscript. envdir, envuidgid and setuidgid are executables provided by daemontools. Let's talk about envdir. Although in daemontools you can export environment variables to sub programs, just like in any other shellscript, idiomatic daemontools usage specifies that instead of exporting within a shellscript, you have an "environment directory" in which each desired environment variable is associated with a file of the same name as the environment variable name, and the contents of the file is the value of the environment variable. So: envdir ./env The preceding means look in ./env, and all filenames are environment variable names, and the contents of each is the value of the respective filename. setuidgid and envuidgid are daemontools provided executables to accommodate running as an arbitrary user instead of root. Consider the command: setuidgid slitt The preceding runs the entire command defined by its arguments as user slitt instead of user root. In other words: setuidgid gnumuser gnumeric test.gnumeric The preceding runs gnumeric as user gnumuser. One gotcha: It runs it as user slitt with user slitt's major group, but it doesn't run it with auxilliary groups, for slitt, defined in /etc/group. So if the command depends on membership in those auxilliary groups, you have to do some fancy footwork. Here's another challenge: Now that you're running as a non-privileged user, you can't read the ./env directory. This is where envuidgid comes in: envuidgid slitt The preceding tells daemontools that user slitt can read the environment directory. And the way envuidgid command works, after making this notation it simply passes control to the command defined in its arguments, which include envdir (which finally defines the environment directory) and setuidgid, and last but not least, the actual program you're daemonizing. And speaking of the devil, /d/at/python/littcron/littcron.py /d/at/python/littcron/crontab The preceding is the cron substitute I wrote, whose one argument is the crontab file you're using. If I wanted, I could manually run it in the foreground and it would function just fine. But I wanted it automatic, and managed as a daemon. So daemontools runs it as user slitt, and puts its environment variables in the /service/littcrond/env directory. Environment vars are important here, because my cron program is called upon by its constituants to run GUI programs, so its $DISPLAY and $XAUTHORITY vars must be set right. SteveT Steve Litt * http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141012141133.03803...@mydesq2.domain.cxm
