Revision f4ec2960
b/lib/daemon.py | ||
---|---|---|
39 | 39 |
from ganeti import errors |
40 | 40 |
from ganeti import netutils |
41 | 41 |
from ganeti import ssconf |
42 |
from ganeti import runtime |
|
42 | 43 |
|
43 | 44 |
|
44 | 45 |
class SchedulerBreakout(Exception): |
... | ... | |
487 | 488 |
self._signal_wait.append(owner) |
488 | 489 |
|
489 | 490 |
|
491 |
def _VerifyDaemonUser(daemon_name): |
|
492 |
"""Verifies the process uid matches the configured uid. |
|
493 |
|
|
494 |
This method verifies that a daemon is started as the user it is intended to be |
|
495 |
run |
|
496 |
|
|
497 |
@param daemon_name: The name of daemon to be started |
|
498 |
@return: A tuple with the first item indicating success or not, |
|
499 |
the second item current uid and third with expected uid |
|
500 |
|
|
501 |
""" |
|
502 |
getents = runtime.GetEnts() |
|
503 |
running_uid = os.getuid() |
|
504 |
daemon_uids = { |
|
505 |
constants.MASTERD: getents.masterd_uid, |
|
506 |
constants.RAPI: getents.rapi_uid, |
|
507 |
constants.NODED: getents.noded_uid, |
|
508 |
constants.CONFD: getents.confd_uid, |
|
509 |
} |
|
510 |
|
|
511 |
return (daemon_uids[daemon_name] == running_uid, running_uid, |
|
512 |
daemon_uids[daemon_name]) |
|
513 |
|
|
514 |
|
|
490 | 515 |
def GenericMain(daemon_name, optionparser, check_fn, exec_fn, |
491 | 516 |
multithreaded=False, console_logging=False, |
492 | 517 |
default_ssl_cert=None, default_ssl_key=None): |
... | ... | |
582 | 607 |
# once and have a proper validation (isfile returns False on directories) |
583 | 608 |
# at the same time. |
584 | 609 |
|
610 |
result, running_uid, expected_uid = _VerifyDaemonUser(daemon_name) |
|
611 |
if not result: |
|
612 |
msg = ("%s started using wrong user ID (%d), expected %d" % |
|
613 |
(daemon_name, running_uid, expected_uid)) |
|
614 |
print >> sys.stderr, msg |
|
615 |
sys.exit(constants.EXIT_FAILURE) |
|
616 |
|
|
585 | 617 |
if check_fn is not None: |
586 | 618 |
check_fn(options, args) |
587 | 619 |
|
Also available in: Unified diff