Priviledges management.

- `service status` does not require priviledges anymore… if the `status` binary is owned by root and has the setuid and setguid flags. Hopefully, that binary only checks that a service’s process exists.
2019-06-10 14:32:30 +02:00 · 2019-06-10 14:32:30 +02:00 · 5dd27e1101
parent fbeece112a
commit 5dd27e1101
3 changed files with 15 additions and 1 deletions
--- a/src/config.cr.in
+++ b/src/config.cr.in
@ -5,4 +5,5 @@ RC_DIRECTORY           = "@SYSCONFDIR@/rc/services"
 LOG_DIRECTORY          = "@VARSTATEDIR@/log"
 SERVICES_DIRECTORY     = "@SHAREDIR@/services"
 ENVIRONMENTS_DIRECTORY = "@SYSCONFDIR@/rc/environments"
 OWN_LIBEXEC_DIR        = "@LIBEXECDIR@/service"
--- a/src/service.cr
+++ b/src/service.cr
@ -95,7 +95,17 @@ begin
 			end
 		end
 	elsif args[0] == "status"
-		puts Service.new(args[1], args[2]?).status PID_DIRECTORY
+		child = Process.run "#{OWN_LIBEXEC_DIR}/status", [args[1]],
 			output: Process::Redirect::Inherit,
 			error: Process::Redirect::Inherit
 		return_value = child.exit_status / 256
 		# Errors not registered here should probably be verbose in `status`.
 		if return_value == 1
 			STDERR << "No such service.\n"
 		end
 		exit return_value
 	elsif args[0] == "show"
 		service = Service.all.find do |service|
 			unless service.name == args[1]
--- a/src/status.cr
+++ b/src/status.cr
@ -7,6 +7,9 @@ ServiceDefinition.load SERVICES_DIRECTORY
 Environment.load ENVIRONMENTS_DIRECTORY
 Service.load RC_DIRECTORY
 LibC.setuid 0
 LibC.setgid 0
 Service.get_by_id(ARGV[0]).try do |service|
 	puts service.status PID_DIRECTORY
 	exit 0