[Pkg-freevo-maint] r69 - packages/freevo/trunk/debian

mennucc1 at alioth.debian.org mennucc1 at alioth.debian.org
Thu Jan 24 17:59:03 UTC 2008 

Author: mennucc1
Date: 2008-01-24 17:59:03 +0000 (Thu, 24 Jan 2008)
New Revision: 69

Modified:
   packages/freevo/trunk/debian/freevo.wrapper
Log:
Better logic in the wrapper ; if /usr/bin/freevo is run by root,
 'freevo convert_config'  is fine, since the config is owned by root
 'freevo cache' is forcibly run as 'freevo' user
any other command line is run as root, but a warning is printed.


Modified: packages/freevo/trunk/debian/freevo.wrapper
===================================================================
--- packages/freevo/trunk/debian/freevo.wrapper	2008-01-24 17:25:16 UTC (rev 68)
+++ packages/freevo/trunk/debian/freevo.wrapper	2008-01-24 17:59:03 UTC (rev 69)
@@ -6,28 +6,40 @@
 U=`id -u`
 G=`id -g`
 
-if test "$G" = 0 -o $U = 0  ; then
- echo "It is advisable not to start freevo as root, due to security concerns." 1>&2
-fi
-
 unset OS_LOGDIR FREEVO_LOGDIR OS_STATICDIR FREEVO_STATICDIR OS_CACHEDIR FREEVO_CACHEDIR FREEVO_SHARE FREEVO_CONTRIB FREEVO_SCRIPT FREEVO_CONFIG LD_PRELOAD SDL_VIDEODRIVER FREEVO_LOCALE FREEVO_PYTHON
 
 test -r /etc/freevo/debconf.sh && . /etc/freevo/debconf.sh
 
 test -r /etc/default/freevo && . /etc/default/freevo
 
+
+if test "$U" = 0  ; then
+ # there are cases when you should run as root, as for example
+ # freevo convert_config  local_conf.py -w
+ if test "$1" = convert_config  ; then
+  exec $DAEMON.real "$@"
+ fi
+ if test "$1" = cache  ; then
+   echo "This process will be run as user 'freevo'."
+   exec su freevo -c "$DAEMON.real $@"
+ fi
+ echo "It is advisable not to start freevo as root, due to security concerns." 1>&2
+ echo "Please use the 'freevo' user to start freevo." 1>&2
+ exec $DAEMON.real "$@"
+fi
+
 if test "$G" = "$FREEVO_GID" -o "$U" = "$FREEVO_UID"  ; then
  exec $DAEMON.real "$@"
 fi
 
 for i in `id -G` ; do
   if test "$i" = "$FREEVO_GID"   ; then
-   #starting with principal group 'freevo'
+   echo "Switching process to principal group 'freevo'."
    exec sg freevo -c "$DAEMON.real $@"
  fi
 done
 
-echo "You are not part of the group 'freevo' , this will limit your ability to access some resources" 1>&2
+echo "You are not part of the group 'freevo', you cannot exploit shared resources (such as the cache). Your data will be saved in ${HOME}/.freevo " 1>&2
 
 
 export FREEVO_CACHEDIR=$HOME/.freevo/cache

More information about the Pkg-freevo-maint mailing list