Software /
code /
prosody
Annotate
plugins/mod_posix.lua @ 1680:f3d241915429
Add setuid and setgid support.
author | Tobias Markmann <tm@ayena.de> |
---|---|
date | Sat, 15 Aug 2009 12:17:27 +0200 |
parent | 1579:95698f021c5d |
child | 1681:e76e2fb26fca |
rev | line source |
---|---|
1522
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1238
diff
changeset
|
1 -- Prosody IM |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1238
diff
changeset
|
2 -- Copyright (C) 2008-2009 Matthew Wild |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1238
diff
changeset
|
3 -- Copyright (C) 2008-2009 Waqas Hussain |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1238
diff
changeset
|
4 -- |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1238
diff
changeset
|
5 -- This project is MIT/X11 licensed. Please see the |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1238
diff
changeset
|
6 -- COPYING file in the source package for more information. |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1238
diff
changeset
|
7 -- |
569d58d21612
Add copyright header to those files missing one
Matthew Wild <mwild1@gmail.com>
parents:
1238
diff
changeset
|
8 |
728
fa45dfb27ee5
mod_posix: Check version of pposix
Matthew Wild <mwild1@gmail.com>
parents:
723
diff
changeset
|
9 |
1579
95698f021c5d
pposix, mod_posix: Bump pposix version number
Matthew Wild <mwild1@gmail.com>
parents:
1522
diff
changeset
|
10 local want_pposix_version = "0.3.1"; |
587 | 11 |
12 local pposix = assert(require "util.pposix"); | |
735 | 13 if pposix._VERSION ~= want_pposix_version then module:log("warn", "Unknown version (%s) of binary pposix module, expected %s", tostring(pposix._VERSION), want_pposix_version); end |
587 | 14 |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
15 local signal = select(2, pcall(require, "util.signal")); |
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
16 if type(signal) == "string" then |
1062
f9a1ac50782b
mod_posix: Fix calls to log() (replace with module:log) and make some global accesses explicit
Matthew Wild <mwild1@gmail.com>
parents:
1061
diff
changeset
|
17 module:log("warn", "Couldn't load signal library, won't respond to SIGTERM"); |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
18 end |
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
19 |
587 | 20 local config_get = require "core.configmanager".get; |
21 local logger_set = require "util.logger".setwriter; | |
22 | |
1238
f4c08caca3e7
mod_posix: Use global prosody object
Matthew Wild <mwild1@gmail.com>
parents:
1119
diff
changeset
|
23 local prosody = _G.prosody; |
f4c08caca3e7
mod_posix: Use global prosody object
Matthew Wild <mwild1@gmail.com>
parents:
1119
diff
changeset
|
24 |
587 | 25 module.host = "*"; -- we're a global module |
26 | |
1680
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
27 -- Allow switching away from root, some people like strange ports. |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
28 module:add_event_hook("server-started", function () |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
29 local uid = config_get("*", "core", "setuid"); |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
30 local gid = config_get("*", "core", "setgid"); |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
31 if gid then |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
32 pposix.setgid(gid); |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
33 module:log("debug", "Change group to "..gid.."."); |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
34 end |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
35 if uid then |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
36 pposix.setuid(uid); |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
37 module:log("debug", "Change user to "..uid.."."); |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
38 end |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
39 end); |
f3d241915429
Add setuid and setgid support.
Tobias Markmann <tm@ayena.de>
parents:
1579
diff
changeset
|
40 |
1092
b547967d87fc
mod_posix: Don't let the server run as root without the magic run_as_root in config
Matthew Wild <mwild1@gmail.com>
parents:
1062
diff
changeset
|
41 -- Don't even think about it! |
b547967d87fc
mod_posix: Don't let the server run as root without the magic run_as_root in config
Matthew Wild <mwild1@gmail.com>
parents:
1062
diff
changeset
|
42 module:add_event_hook("server-starting", function () |
b547967d87fc
mod_posix: Don't let the server run as root without the magic run_as_root in config
Matthew Wild <mwild1@gmail.com>
parents:
1062
diff
changeset
|
43 if pposix.getuid() == 0 and not config_get("*", "core", "run_as_root") then |
b547967d87fc
mod_posix: Don't let the server run as root without the magic run_as_root in config
Matthew Wild <mwild1@gmail.com>
parents:
1062
diff
changeset
|
44 module:log("error", "Danger, Will Robinson! Prosody doesn't need to be run as root, so don't do it!"); |
b547967d87fc
mod_posix: Don't let the server run as root without the magic run_as_root in config
Matthew Wild <mwild1@gmail.com>
parents:
1062
diff
changeset
|
45 module:log("error", "For more information on running Prosody as root, see http://prosody.im/doc/root"); |
1238
f4c08caca3e7
mod_posix: Use global prosody object
Matthew Wild <mwild1@gmail.com>
parents:
1119
diff
changeset
|
46 prosody.shutdown("Refusing to run as root"); |
1092
b547967d87fc
mod_posix: Don't let the server run as root without the magic run_as_root in config
Matthew Wild <mwild1@gmail.com>
parents:
1062
diff
changeset
|
47 end |
b547967d87fc
mod_posix: Don't let the server run as root without the magic run_as_root in config
Matthew Wild <mwild1@gmail.com>
parents:
1062
diff
changeset
|
48 end); |
b547967d87fc
mod_posix: Don't let the server run as root without the magic run_as_root in config
Matthew Wild <mwild1@gmail.com>
parents:
1062
diff
changeset
|
49 |
1032
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
50 local pidfile_written; |
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
51 |
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
52 local function remove_pidfile() |
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
53 if pidfile_written then |
1061
8c5876378c6f
mod_posix: Fix for removing the pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
1045
diff
changeset
|
54 os.remove(pidfile_written); |
1032
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
55 pidfile_written = nil; |
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
56 end |
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
57 end |
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
58 |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
59 local function write_pidfile() |
1032
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
60 if pidfile_written then |
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
61 remove_pidfile(); |
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
62 end |
1062
f9a1ac50782b
mod_posix: Fix calls to log() (replace with module:log) and make some global accesses explicit
Matthew Wild <mwild1@gmail.com>
parents:
1061
diff
changeset
|
63 local pidfile = config_get("*", "core", "pidfile"); |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
64 if pidfile then |
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
65 local pf, err = io.open(pidfile, "w+"); |
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
66 if not pf then |
1062
f9a1ac50782b
mod_posix: Fix calls to log() (replace with module:log) and make some global accesses explicit
Matthew Wild <mwild1@gmail.com>
parents:
1061
diff
changeset
|
67 module:log("error", "Couldn't write pidfile; %s", err); |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
68 else |
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
69 pf:write(tostring(pposix.getpid())); |
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
70 pf:close(); |
1032
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
71 pidfile_written = pidfile; |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
72 end |
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
73 end |
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
74 end |
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
75 |
1033
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
76 local syslog_opened |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
77 function syslog_sink_maker(config) |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
78 if not syslog_opened then |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
79 pposix.syslog_open("prosody"); |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
80 syslog_opened = true; |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
81 end |
1033
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
82 local syslog, format = pposix.syslog_log, string.format; |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
83 return function (name, level, message, ...) |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
84 if ... then |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
85 syslog(level, format(message, ...)); |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
86 else |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
87 syslog(level, message); |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
88 end |
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
89 end; |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
90 end |
1033
4a9f0d482028
mod_posix: Integrate with loggingmanager, register syslog sink, remove redundant logging code
Matthew Wild <mwild1@gmail.com>
parents:
1032
diff
changeset
|
91 require "core.loggingmanager".register_sink_type("syslog", syslog_sink_maker); |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
92 |
587 | 93 if not config_get("*", "core", "no_daemonize") then |
94 local function daemonize_server() | |
95 local ok, ret = pposix.daemonize(); | |
96 if not ok then | |
1062
f9a1ac50782b
mod_posix: Fix calls to log() (replace with module:log) and make some global accesses explicit
Matthew Wild <mwild1@gmail.com>
parents:
1061
diff
changeset
|
97 module:log("error", "Failed to daemonize: %s", ret); |
587 | 98 elseif ret and ret > 0 then |
99 os.exit(0); | |
100 else | |
1062
f9a1ac50782b
mod_posix: Fix calls to log() (replace with module:log) and make some global accesses explicit
Matthew Wild <mwild1@gmail.com>
parents:
1061
diff
changeset
|
101 module:log("info", "Successfully daemonized to PID %d", pposix.getpid()); |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
102 write_pidfile(); |
587 | 103 end |
104 end | |
105 module:add_event_hook("server-starting", daemonize_server); | |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
106 else |
1032
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
107 -- Not going to daemonize, so write the pid of this process |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
108 write_pidfile(); |
587 | 109 end |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
110 |
1032
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
111 module:add_event_hook("server-stopped", remove_pidfile); |
409f22d0430f
mod_posix: Remove pidfile on exit
Matthew Wild <mwild1@gmail.com>
parents:
991
diff
changeset
|
112 |
1118
239d4362a040
mod_posix: Reload the config and reopen log files on SIGHUP
Matthew Wild <mwild1@gmail.com>
parents:
1092
diff
changeset
|
113 -- Set signal handlers |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
114 if signal.signal then |
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
115 signal.signal("SIGTERM", function () |
1118
239d4362a040
mod_posix: Reload the config and reopen log files on SIGHUP
Matthew Wild <mwild1@gmail.com>
parents:
1092
diff
changeset
|
116 module:log("warn", "Received SIGTERM"); |
1238
f4c08caca3e7
mod_posix: Use global prosody object
Matthew Wild <mwild1@gmail.com>
parents:
1119
diff
changeset
|
117 prosody.unlock_globals(); |
f4c08caca3e7
mod_posix: Use global prosody object
Matthew Wild <mwild1@gmail.com>
parents:
1119
diff
changeset
|
118 prosody.shutdown("Received SIGTERM"); |
f4c08caca3e7
mod_posix: Use global prosody object
Matthew Wild <mwild1@gmail.com>
parents:
1119
diff
changeset
|
119 prosody.lock_globals(); |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
120 end); |
1118
239d4362a040
mod_posix: Reload the config and reopen log files on SIGHUP
Matthew Wild <mwild1@gmail.com>
parents:
1092
diff
changeset
|
121 |
239d4362a040
mod_posix: Reload the config and reopen log files on SIGHUP
Matthew Wild <mwild1@gmail.com>
parents:
1092
diff
changeset
|
122 signal.signal("SIGHUP", function () |
239d4362a040
mod_posix: Reload the config and reopen log files on SIGHUP
Matthew Wild <mwild1@gmail.com>
parents:
1092
diff
changeset
|
123 module:log("info", "Received SIGHUP"); |
1238
f4c08caca3e7
mod_posix: Use global prosody object
Matthew Wild <mwild1@gmail.com>
parents:
1119
diff
changeset
|
124 prosody.reload_config(); |
f4c08caca3e7
mod_posix: Use global prosody object
Matthew Wild <mwild1@gmail.com>
parents:
1119
diff
changeset
|
125 prosody.reopen_logfiles(); |
1118
239d4362a040
mod_posix: Reload the config and reopen log files on SIGHUP
Matthew Wild <mwild1@gmail.com>
parents:
1092
diff
changeset
|
126 end); |
991
cd0d75de8345
mod_posix: Allow logging and pidfile options to take effect without needing to daemonize. Add the ability to catch SIGTERM.
Matthew Wild <mwild1@gmail.com>
parents:
735
diff
changeset
|
127 end |