[CalendarServer-changes] [1116] CalendarServer/branches/users/dreid/pid-removal

source_changes at macosforge.org source_changes at macosforge.org
Thu Jan 25 15:45:51 PST 2007


Revision: 1116
          http://trac.macosforge.org/projects/calendarserver/changeset/1116
Author:   dreid at apple.com
Date:     2007-01-25 15:45:50 -0800 (Thu, 25 Jan 2007)

Log Message:
-----------
Use a master process that doesn't listen on any sockets to control a 
single child process (in the default configuration.)

This master process remains root and so can remove it's own pid file 
when it exits.

Modified Paths:
--------------
    CalendarServer/branches/users/dreid/pid-removal/conf/caldavd-test.plist
    CalendarServer/branches/users/dreid/pid-removal/conf/caldavd.plist
    CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/cluster.py
    CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/config.py
    CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/tap.py

Modified: CalendarServer/branches/users/dreid/pid-removal/conf/caldavd-test.plist
===================================================================
--- CalendarServer/branches/users/dreid/pid-removal/conf/caldavd-test.plist	2007-01-25 21:00:50 UTC (rev 1115)
+++ CalendarServer/branches/users/dreid/pid-removal/conf/caldavd-test.plist	2007-01-25 23:45:50 UTC (rev 1116)
@@ -49,6 +49,12 @@
   <key>SSLOnly</key>
   <false/>
 
+  <key>Username</key>
+  <string></string>
+
+  <key>Groupname</key>
+  <string></string>
+
   <key>SSLPrivateKey</key>
   <string>conf/server.pem</string>
 

Modified: CalendarServer/branches/users/dreid/pid-removal/conf/caldavd.plist
===================================================================
--- CalendarServer/branches/users/dreid/pid-removal/conf/caldavd.plist	2007-01-25 21:00:50 UTC (rev 1115)
+++ CalendarServer/branches/users/dreid/pid-removal/conf/caldavd.plist	2007-01-25 23:45:50 UTC (rev 1116)
@@ -36,6 +36,12 @@
   <key>ServerHostName</key>
   <string>localhost</string>
 
+  <key>Username</key>
+  <string>calendar</string>
+
+  <key>Groupname</key>
+  <string>calendar</string>
+
   <key>Port</key>
   <integer>8008</integer>
 

Modified: CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/cluster.py
===================================================================
--- CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/cluster.py	2007-01-25 21:00:50 UTC (rev 1115)
+++ CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/cluster.py	2007-01-25 23:45:50 UTC (rev 1116)
@@ -21,7 +21,7 @@
 import tempfile
 
 from twisted.runner import procmon
-
+from twisted.scripts.mktap import getid
 from twistedcaldav.config import config
 
 serviceTemplate = """
@@ -54,10 +54,6 @@
         self.port = port
         self.sslPort = sslPort
 
-        self.pidFile = os.path.join(
-            os.path.dirname(config.PIDFile),
-            '%s.pid' % (self.getName(),))
-
         self.interfaces = interfaces
 
     def getName(self):
@@ -75,7 +71,7 @@
             '-o', 'BindAddress=%s' % (','.join(self.interfaces),),
             '-o', 'Port=%s' % (self.port,),
             '-o', 'SSLPort=%s' % (self.sslPort,),
-            '-o', 'PIDFile=%s' % (self.pidFile,)]
+            '-o', 'PIDFile=None']
     
     def getHostLine(self, ssl=None):
         name = self.getName()
@@ -106,18 +102,23 @@
         bindAddress = config.BindAddress
 
     for p in xrange(0, config.MultiProcess['NumProcesses']):
-        port += 1
-        sslport += 1
+        if int(config.MultiProcess['NumProcesses']) > 1:
+            port += 1
+            sslport += 1
 
         process = TwistdSlaveProcess(config.twistdLocation,
                                      options['config'],
                                      bindAddress,
                                      port, sslport)
 
+        uid, gid = None, None
+        if config.Username or config.Groupname:
+            uid, gid = getid(config.Username, config.Groupname)
+            
         service.addProcess(process.getName(),
                            process.getCommandLine(),
-                           uid=options.parent['uid'],
-                           gid=options.parent['gid'],
+                           uid=uid,
+                           gid=gid,
                            env=parentEnv)
         
         if not config.SSLOnly:
@@ -126,7 +127,8 @@
         if config.SSLEnable:
             sslHosts.append(process.getHostLine(ssl=True))
 
-    if config.MultiProcess['LoadBalancer']['Enabled']: 
+    if (config.MultiProcess['LoadBalancer']['Enabled'] and 
+        config.MultiProcess['NumProcesses'] > 1):
         services = []
 
         if not config.BindAddress:

Modified: CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/config.py
===================================================================
--- CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/config.py	2007-01-25 21:00:50 UTC (rev 1115)
+++ CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/config.py	2007-01-25 23:45:50 UTC (rev 1116)
@@ -72,6 +72,9 @@
 
     'ServerType': 'singleprocess',
 
+    'Username': 'daemon',
+    'Groupname': 'daemon',
+
     'MultiProcess': {
         'NumProcesses': 10,
         'LoadBalancer': {

Modified: CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/tap.py
===================================================================
--- CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/tap.py	2007-01-25 21:00:50 UTC (rev 1115)
+++ CalendarServer/branches/users/dreid/pid-removal/twistedcaldav/tap.py	2007-01-25 23:45:50 UTC (rev 1116)
@@ -29,6 +29,8 @@
 from twisted.application import internet, service
 from twisted.plugin import IPlugin
 
+from twisted.scripts.mktap import getid
+
 from twisted.cred.portal import Portal
 
 from twisted.web2.dav import auth
@@ -124,10 +126,34 @@
 
         config.update(self.overrides)
 
+        uid, gid = None, None
+
+        if self.parent['uid'] or self.parent['gid']:
+            uid, gid = getid(self.parent['uid'], 
+                             self.parent['gid'])
+
+        if uid:
+            if uid != os.getuid() and uid != 0:
+                import pwd
+                username = pwd.getpwuid(os.getuid())[0]
+                raise UsageError(("Only root can drop privileges "
+                                  "you are: %s" % (username,)))
+
+        if gid:
+            if gid != os.getgid() and gid != 0:
+                import grp
+                groupname = grp.getgrgid(os.getuid())[0]
+                raise UsageError(("Only root can drop privileges, "
+                                  "you are: %s" % (groupname,)))
+
         self.parent['logfile'] = config.ErrorLogFile
-        self.parent['pidfile'] = config.PIDFile
 
+        if config.PIDFile == 'None':
+            self.parent['pidfile'] = None
+        else:
+            self.parent['pidfile'] = config.PIDFile
 
+
 class CalDAVServiceMaker(object):
     implements(IPlugin, service.IServiceMaker)
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070125/78bc6f9c/attachment.html


More information about the calendarserver-changes mailing list