Priviledges management.
- `service status` does not require priviledges anymore… if the `status` binary is owned by root and has the setuid and setguid flags. Hopefully, that binary only checks that a service’s process exists.
This commit is contained in:
parent
fbeece112a
commit
5dd27e1101
@ -5,4 +5,5 @@ RC_DIRECTORY = "@SYSCONFDIR@/rc/services"
|
||||
LOG_DIRECTORY = "@VARSTATEDIR@/log"
|
||||
SERVICES_DIRECTORY = "@SHAREDIR@/services"
|
||||
ENVIRONMENTS_DIRECTORY = "@SYSCONFDIR@/rc/environments"
|
||||
OWN_LIBEXEC_DIR = "@LIBEXECDIR@/service"
|
||||
|
||||
|
@ -95,7 +95,17 @@ begin
|
||||
end
|
||||
end
|
||||
elsif args[0] == "status"
|
||||
puts Service.new(args[1], args[2]?).status PID_DIRECTORY
|
||||
child = Process.run "#{OWN_LIBEXEC_DIR}/status", [args[1]],
|
||||
output: Process::Redirect::Inherit,
|
||||
error: Process::Redirect::Inherit
|
||||
return_value = child.exit_status / 256
|
||||
|
||||
# Errors not registered here should probably be verbose in `status`.
|
||||
if return_value == 1
|
||||
STDERR << "No such service.\n"
|
||||
end
|
||||
|
||||
exit return_value
|
||||
elsif args[0] == "show"
|
||||
service = Service.all.find do |service|
|
||||
unless service.name == args[1]
|
||||
|
@ -7,6 +7,9 @@ ServiceDefinition.load SERVICES_DIRECTORY
|
||||
Environment.load ENVIRONMENTS_DIRECTORY
|
||||
Service.load RC_DIRECTORY
|
||||
|
||||
LibC.setuid 0
|
||||
LibC.setgid 0
|
||||
|
||||
Service.get_by_id(ARGV[0]).try do |service|
|
||||
puts service.status PID_DIRECTORY
|
||||
exit 0
|
||||
|
Loading…
Reference in New Issue
Block a user