[sr-dev] git:master: pkg: option to suid via start-stop-daemon

Daniel-Constantin Mierla miconda at gmail.com
Sun Mar 6 14:54:01 CET 2011 

Module: sip-router
Branch: master
Commit: 367e8a70775c939395e121bce2352876e6c09ced
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=367e8a70775c939395e121bce2352876e6c09ced

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Sun Mar  6 14:51:34 2011 +0100

pkg: option to suid via start-stop-daemon

- start-stop-daemon can do suid before starting the application
- it can be enabled in /etc/default/kamailio via SSD_SUID

---

 pkg/kamailio/deb/debian/kamailio.default |    6 +++
 pkg/kamailio/deb/debian/kamailio.init    |   55 +++++++++++++++++++-----------
 2 files changed, 41 insertions(+), 20 deletions(-)

diff --git a/pkg/kamailio/deb/debian/kamailio.default b/pkg/kamailio/deb/debian/kamailio.default
index 4317664..4d51e42 100644
--- a/pkg/kamailio/deb/debian/kamailio.default
+++ b/pkg/kamailio/deb/debian/kamailio.default
@@ -14,6 +14,12 @@ GROUP=kamailio
 # Amount of memory to allocate for the running Kamailio server (in Mb)
 MEMORY=64
 
+# Switch to USER and GROUP by start-stop-daemon or by kamailio itself
+# - with recent kernels, changing user ID inside applicaton prevents
+#   dumping core files. If the value is 'yes', the suid is done by
+#   start-stop-daemon, otherwise it is done by kamailio itself
+SSD_SUID=no
+
 # Enable the server to leave a core file when it crashes.
 # Set this to 'yes' to enable Kamailio to leave a core file when it crashes
 # or 'no' to disable this feature. This option is case sensitive and only
diff --git a/pkg/kamailio/deb/debian/kamailio.init b/pkg/kamailio/deb/debian/kamailio.init
index dff6e5d..a53ec3e 100644
--- a/pkg/kamailio/deb/debian/kamailio.init
+++ b/pkg/kamailio/deb/debian/kamailio.init
@@ -22,13 +22,14 @@ DESC=kamailio
 HOMEDIR=/var/run/kamailio
 PIDFILE=$HOMEDIR/$NAME.pid
 DEFAULTS=/etc/default/kamailio
+CFGFILE=/etc/kamailio/kamailio.cfg
 RUN_KAMAILIO=no
 
 # Do not start kamailio if fork=no is set in the config file
 # otherwise the boot process will just stop
 check_fork ()
 {
-    if grep -q "^[[:space:]]*fork[[:space:]]*=[[:space:]]*no.*" /etc/kamailio/kamailio.cfg; then
+    if grep -q "^[[:space:]]*fork[[:space:]]*=[[:space:]]*no.*" $CFGFILE; then
 	echo "Not starting $DESC: fork=no specified in config file; run /etc/init.d/kamailio debug instead"
 	exit 1
     fi
@@ -80,7 +81,10 @@ create_radius_seqfile ()
     chmod 660 $RADIUS_SEQ_FILE
 }
 
-test -f $DAEMON || exit 0
+if [ ! -f $DAEMON ]; then
+	echo "No Kamailio daemon at: $DAEMON"
+	exit 0
+fi
 
 # Load startup options if available
 if [ -f $DEFAULTS ]; then
@@ -104,26 +108,23 @@ if test "$DUMP_CORE" = "yes" ; then
     ulimit -c unlimited
     
     # directory for the core dump files
-    # COREDIR=/home/corefiles
+    # COREDIR=/tmp/corefiles
     # [ -d $COREDIR ] || mkdir $COREDIR
     # chmod 777 $COREDIR
     # echo "$COREDIR/core.%e.sig%s.%p" > /proc/sys/kernel/core_pattern
 fi
 
-OPTIONS="-P $PIDFILE -m $MEMORY -u $USER -g $GROUP"
-
-case "$1" in
-  start|debug)
-	check_kamailio_config
-	check_homedir
-	create_radius_seqfile
-
-	if [ "$1" != "debug" ]; then
-	    check_fork
-	fi
+if [ "$SSD_SUID" != "yes" ]; then
+	OPTIONS="-f $CFGFILE -P $PIDFILE -m $MEMORY -u $USER -g $GROUP"
+	SSDOPTS=""
+else
+	OPTIONS="-f $CFGFILE -P $PIDFILE -m $MEMORY"
+	SSDOPTS="--chuid $USER:$GROUP"
+fi
 
-	echo -n "Starting $DESC: $NAME"
-	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+start_kamailio_daemon ()
+{
+	start-stop-daemon --start --quiet --pidfile $PIDFILE $SSDOPTS \
 		--exec $DAEMON -- $OPTIONS || if [ ! -r "$PIDFILE" ]; then
 			echo " error, failed to start."
 			exit 1
@@ -134,9 +135,24 @@ case "$1" in
 			echo " error, failed to start ($PIDFILE exists)."
 			exit 1
 		fi
+}
+
+case "$1" in
+  start|debug)
+	check_kamailio_config
+	check_homedir
+	create_radius_seqfile
+
+	if [ "$1" != "debug" ]; then
+	    check_fork
+	fi
+
+	echo -n "Starting $DESC: $NAME "
+	start_kamailio_daemon
+	echo "."
 	;;
   stop)
-	echo -n "Stopping $DESC: $NAME"
+	echo -n "Stopping $DESC: $NAME "
 	start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
 		--exec $DAEMON
 	echo "."
@@ -146,12 +162,11 @@ case "$1" in
 	check_homedir
 	create_radius_seqfile
 
-	echo -n "Restarting $DESC: $NAME"
+	echo -n "Restarting $DESC: $NAME "
 	start-stop-daemon --oknodo --stop --quiet --pidfile \
 		$PIDFILE --exec $DAEMON
 	sleep 1
-	start-stop-daemon --start --quiet --pidfile \
-		$PIDFILE --exec $DAEMON  -- $OPTIONS
+	start_kamailio_daemon
 	echo "."
 	;;
   status)

More information about the sr-dev mailing list