[CalendarServer-changes] [1149] CalendarServer/trunk

source_changes at macosforge.org source_changes at macosforge.org
Wed Feb 7 16:50:02 PST 2007


Revision: 1149
          http://trac.macosforge.org/projects/calendarserver/changeset/1149
Author:   dreid at apple.com
Date:     2007-02-07 16:50:02 -0800 (Wed, 07 Feb 2007)

Log Message:
-----------
Merge pid-removal-3

Modified Paths:
--------------
    CalendarServer/trunk/conf/caldavd-test.plist
    CalendarServer/trunk/conf/caldavd.plist
    CalendarServer/trunk/conf/launchd.plist
    CalendarServer/trunk/twistedcaldav/cluster.py
    CalendarServer/trunk/twistedcaldav/config.py
    CalendarServer/trunk/twistedcaldav/tap.py

Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist	2007-02-08 00:33:25 UTC (rev 1148)
+++ CalendarServer/trunk/conf/caldavd-test.plist	2007-02-08 00:50:02 UTC (rev 1149)
@@ -49,6 +49,12 @@
   <key>SSLOnly</key>
   <false/>
 
+  <key>Username</key>
+  <string></string>
+
+  <key>Groupname</key>
+  <string></string>
+
   <key>SSLPrivateKey</key>
   <string>conf/server.pem</string>
 

Modified: CalendarServer/trunk/conf/caldavd.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd.plist	2007-02-08 00:33:25 UTC (rev 1148)
+++ CalendarServer/trunk/conf/caldavd.plist	2007-02-08 00:50:02 UTC (rev 1149)
@@ -36,6 +36,12 @@
   <key>ServerHostName</key>
   <string>localhost</string>
 
+  <key>Username</key>
+  <string>calendar</string>
+
+  <key>Groupname</key>
+  <string>calendar</string>
+
   <key>Port</key>
   <integer>8008</integer>
 
@@ -64,7 +70,7 @@
   <string>/var/log/caldavd/error.log</string>
 
   <key>PIDFile</key>
-  <string>/var/log/caldavd/caldavd.pid</string>
+  <string>/var/run/caldavd.pid</string>
 
   <!--  XML File Directory Service -->
   <!--
@@ -145,12 +151,12 @@
   <key>SudoersFile</key>
   <string>/etc/caldavd/sudoers.plist</string>
   <key>ServerType</key>
-  <string>singleprocess</string>
+  <string>multiprocess</string>
   
   <key>MultiProcess</key>
   <dict>
     <key>NumProcesses</key>
-    <integer>0</integer>
+    <integer>1</integer>
 
     <key>LoadBalancer</key>
     <dict>

Modified: CalendarServer/trunk/conf/launchd.plist
===================================================================
--- CalendarServer/trunk/conf/launchd.plist	2007-02-08 00:33:25 UTC (rev 1148)
+++ CalendarServer/trunk/conf/launchd.plist	2007-02-08 00:50:02 UTC (rev 1149)
@@ -30,10 +30,6 @@
   <array>
     <string>/usr/sbin/caldavd</string>
     <string>-X</string>
-    <string>-u</string>
-    <string>calendar</string>
-    <string>-g</string>
-    <string>calendar</string>
   </array>
 
   <key>InitGroups</key>

Modified: CalendarServer/trunk/twistedcaldav/cluster.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/cluster.py	2007-02-08 00:33:25 UTC (rev 1148)
+++ CalendarServer/trunk/twistedcaldav/cluster.py	2007-02-08 00:50:02 UTC (rev 1149)
@@ -21,7 +21,7 @@
 import tempfile
 
 from twisted.runner import procmon
-
+from twisted.scripts.mktap import getid
 from twistedcaldav.config import config
 
 serviceTemplate = """
@@ -54,10 +54,6 @@
         self.port = port
         self.sslPort = sslPort
 
-        self.pidFile = os.path.join(
-            os.path.dirname(config.PIDFile),
-            '%s.pid' % (self.getName(),))
-
         self.interfaces = interfaces
 
     def getName(self):
@@ -69,13 +65,17 @@
     def getCommandLine(self):
         return [
             sys.executable,
-            self.twistd, '-n', 'caldav', 
+            self.twistd,
+            '-u', config.Username,
+            '-g', config.Groupname,
+            '-n', 'caldav',
             '-f', self.configFile,
-            '-o', 'ServerType=singleprocess',
+            '-o', 'ServerType=slave',
             '-o', 'BindAddress=%s' % (','.join(self.interfaces),),
             '-o', 'Port=%s' % (self.port,),
             '-o', 'SSLPort=%s' % (self.sslPort,),
-            '-o', 'PIDFile=%s' % (self.pidFile,)]
+            '-o', 'PIDFile=None',
+            '-o', 'ErrorLogFile=None']
     
     def getHostLine(self, ssl=None):
         name = self.getName()
@@ -106,8 +106,9 @@
         bindAddress = config.BindAddress
 
     for p in xrange(0, config.MultiProcess['NumProcesses']):
-        port += 1
-        sslport += 1
+        if int(config.MultiProcess['NumProcesses']) > 1:
+            port += 1
+            sslport += 1
 
         process = TwistdSlaveProcess(config.twistdLocation,
                                      options['config'],
@@ -116,8 +117,6 @@
 
         service.addProcess(process.getName(),
                            process.getCommandLine(),
-                           uid=options.parent['uid'],
-                           gid=options.parent['gid'],
                            env=parentEnv)
         
         if not config.SSLOnly:
@@ -126,7 +125,8 @@
         if config.SSLEnable:
             sslHosts.append(process.getHostLine(ssl=True))
 
-    if config.MultiProcess['LoadBalancer']['Enabled']: 
+    if (config.MultiProcess['LoadBalancer']['Enabled'] and 
+        config.MultiProcess['NumProcesses'] > 1):
         services = []
 
         if not config.BindAddress:

Modified: CalendarServer/trunk/twistedcaldav/config.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/config.py	2007-02-08 00:33:25 UTC (rev 1148)
+++ CalendarServer/trunk/twistedcaldav/config.py	2007-02-08 00:50:02 UTC (rev 1149)
@@ -73,6 +73,9 @@
 
     'ServerType': 'singleprocess',
 
+    'Username': 'daemon',
+    'Groupname': 'daemon',
+
     'MultiProcess': {
         'NumProcesses': 10,
         'LoadBalancer': {

Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py	2007-02-08 00:33:25 UTC (rev 1148)
+++ CalendarServer/trunk/twistedcaldav/tap.py	2007-02-08 00:50:02 UTC (rev 1149)
@@ -29,6 +29,8 @@
 from twisted.application import internet, service
 from twisted.plugin import IPlugin
 
+from twisted.scripts.mktap import getid
+
 from twisted.cred.portal import Portal
 
 from twisted.web2.dav import auth
@@ -77,7 +79,7 @@
         ["config", "f", "/etc/caldavd/caldavd.plist",
          "Path to configuration file."],
         ]
-
+        
     zsh_actions = {"config" : "_files -g '*.plist'"}
 
     def __init__(self, *args, **kwargs):
@@ -109,6 +111,9 @@
                 elif isinstance(defaultConfig[key], dict):
                     raise UsageError(
                         "We do not support dict options on the command line")
+                        
+                elif value == 'None':
+                    value = None
 
             self.overrides[key] = value
         else:
@@ -124,6 +129,26 @@
 
         config.update(self.overrides)
 
+        uid, gid = None, None
+
+        if self.parent['uid'] or self.parent['gid']:
+            uid, gid = getid(self.parent['uid'], 
+                             self.parent['gid'])
+
+        if uid:
+            if uid != os.getuid() and os.getuid() != 0:
+                import pwd
+                username = pwd.getpwuid(os.getuid())[0]
+                raise UsageError(("Only root can drop privileges "
+                                  "you are: %r" % (username,)))
+
+        if gid:
+            if gid != os.getgid() and os.getgid() != 0:
+                import grp
+                groupname = grp.getgrgid(os.getuid())[0]
+                raise UsageError(("Only root can drop privileges, "
+                                  "you are: %s" % (groupname,)))
+
         self.parent['logfile'] = config.ErrorLogFile
         self.parent['pidfile'] = config.PIDFile
 
@@ -135,6 +160,13 @@
             self.checkFile(config.SSLPrivateKey, "SSL Private key")
             self.checkFile(config.SSLCertificate, "SSL Public key")
 
+        #
+        # Nuke the file log observer's time format.
+        #
+
+        if not config.ErrorLogFile and config.ServerType == 'slave':
+            log.FileLogObserver.timeFormat = ''
+
     def checkDirectory(self, dirpath, description):
         if not os.path.exists(dirpath):
             raise ValueError("%s does not exist: %s" % (description, dirpath,))

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070207/a35c2507/attachment.html


More information about the calendarserver-changes mailing list