Priviledges management.

- `service status` does not require priviledges anymore… if the
    `status` binary is owned by root and has the setuid and setguid
    flags. Hopefully, that binary only checks that a service’s process
    exists.
This commit is contained in:
Luka Vandervelden 2019-06-10 14:32:30 +02:00
parent fbeece112a
commit 5dd27e1101
3 changed files with 15 additions and 1 deletions

View File

@ -5,4 +5,5 @@ RC_DIRECTORY = "@SYSCONFDIR@/rc/services"
LOG_DIRECTORY = "@VARSTATEDIR@/log"
SERVICES_DIRECTORY = "@SHAREDIR@/services"
ENVIRONMENTS_DIRECTORY = "@SYSCONFDIR@/rc/environments"
OWN_LIBEXEC_DIR = "@LIBEXECDIR@/service"

View File

@ -95,7 +95,17 @@ begin
end
end
elsif args[0] == "status"
puts Service.new(args[1], args[2]?).status PID_DIRECTORY
child = Process.run "#{OWN_LIBEXEC_DIR}/status", [args[1]],
output: Process::Redirect::Inherit,
error: Process::Redirect::Inherit
return_value = child.exit_status / 256
# Errors not registered here should probably be verbose in `status`.
if return_value == 1
STDERR << "No such service.\n"
end
exit return_value
elsif args[0] == "show"
service = Service.all.find do |service|
unless service.name == args[1]

View File

@ -7,6 +7,9 @@ ServiceDefinition.load SERVICES_DIRECTORY
Environment.load ENVIRONMENTS_DIRECTORY
Service.load RC_DIRECTORY
LibC.setuid 0
LibC.setgid 0
Service.get_by_id(ARGV[0]).try do |service|
puts service.status PID_DIRECTORY
exit 0