[SCM] libmessage-passing-perl Debian packaging branch, master, updated. debian/0.111-3-14-g44f6e88
Tomas Doran
bobtfish at bobtfish.net
Mon May 6 11:56:51 UTC 2013
The following commit has been merged in the master branch:
commit efba2c2592de6143a49bd0582e75903485c9f779
Author: Tomas Doran <bobtfish at bobtfish.net>
Date: Mon Apr 16 09:25:30 2012 +0100
Allow the script to do the user change.
This is nice, as it means you can open any pid files
with the permission of the user you run logstash as (i.e. root
from an init script), and then change to a lower priv PID
that can't re-write those files, meaning you don't need to make
a directory for the pids that the user running logstash can write
into.. (Or run logstash as root - but that'd be insane).
diff --git a/lib/Log/Stash.pm b/lib/Log/Stash.pm
index 60a29ca..caf99fc 100644
--- a/lib/Log/Stash.pm
+++ b/lib/Log/Stash.pm
@@ -8,7 +8,7 @@ use AnyEvent;
use JSON::XS;
use Try::Tiny;
use Getopt::Long qw(:config pass_through);
-use POSIX;
+use POSIX qw(setuid setgid);
use namespace::autoclean;
use 5.8.4;
@@ -84,16 +84,36 @@ sub deamonize_if_needed {
}
}
-has pid_file => (
- isa => 'Str',
- is => 'ro',
- predicate => '_has_pid_file',
-);
+sub change_uid_if_needed {
+ my $self = shift;
+ my ($uid, $gid);
+ if ($self->_has_user) {
+ my $user = $self->user;
+ $uid = getpwnam($user) ||
+ die("User '$user' does not exist, cannot become that user!\n");
+ (undef, undef, undef, $gid ) = getpwuid($uid);
+ }
+ if ($gid) {
+ setgid($gid) || die("Could not setgid to '$gid' are you root? : $!\n");
+ }
+ if ($uid) {
+ setuid($uid) || die("Could not setuid to '$uid' are you root? : $!\n");
+ }
+}
+
+foreach my $name (qw/ user pid_file /) {
+ has $name => (
+ isa => 'Str',
+ is => 'ro',
+ predicate => "_has_$name",
+ );
+}
sub start {
my $class = shift;
my $instance = $class->new_with_options(@_);
$instance->deamonize_if_needed;
+ $instance->change_uid_if_needed;
run_log_server $instance->build_chain;
}
--
libmessage-passing-perl Debian packaging
More information about the Pkg-perl-cvs-commits
mailing list