[CalendarServer-changes] [6070] CalendarServer/branches/users/glyph/sql-store

source_changes at macosforge.org source_changes at macosforge.org
Wed Aug 11 17:25:06 PDT 2010 

Revision: 6070
          http://trac.macosforge.org/projects/calendarserver/changeset/6070
Author:   sagen at apple.com
Date:     2010-08-11 17:25:05 -0700 (Wed, 11 Aug 2010)
Log Message:
-----------
Run postgres as the user/group specified in plist

Modified Paths:
--------------
    CalendarServer/branches/users/glyph/sql-store/calendarserver/tap/caldav.py
    CalendarServer/branches/users/glyph/sql-store/txdav/datastore/subpostgres.py

Modified: CalendarServer/branches/users/glyph/sql-store/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/branches/users/glyph/sql-store/calendarserver/tap/caldav.py	2010-08-12 00:19:17 UTC (rev 6069)
+++ CalendarServer/branches/users/glyph/sql-store/calendarserver/tap/caldav.py	2010-08-12 00:25:05 UTC (rev 6070)
@@ -28,7 +28,7 @@
 from time import time
 
 from subprocess import Popen, PIPE
-from pwd import getpwuid
+from pwd import getpwuid, getpwnam
 from grp import getgrnam
 from OpenSSL.SSL import Error as SSLError
 import OpenSSL
@@ -685,6 +685,7 @@
         logger = AMPLoggingFactory(
             RotatingFileAccessLoggingObserver(config.AccessLogFile)
         )
+
         if config.GroupName:
             try:
                 gid = getgrnam(config.GroupName).gr_gid
@@ -692,6 +693,15 @@
                 raise ConfigurationError("Invalid group name: %s" % (config.GroupName,))
         else:
             gid = os.getgid()
+
+        if config.UserName:
+            try:
+                uid = getpwnam(config.UserName).pw_uid
+            except KeyError, e:
+                raise ConfigurationError("Invalid user name: %s" % (config.UserName,))
+        else:
+            uid = os.getuid()
+
         if config.ControlSocket:
             loggingService = GroupOwnedUNIXServer(
                 gid, config.ControlSocket, logger, mode=0660
@@ -714,8 +724,16 @@
             def subServiceFactory(connectionFactory):
                 return monitor
 
+            if os.getuid() == 0: # Only override if root
+                postgresUID = uid
+                postgresGID = gid
+            else:
+                postgresUID = None
+                postgresGID = None
+
             PostgresService(dbRoot, subServiceFactory, v1_schema,
-                "caldav", logFile=config.PostgresLogFile).setServiceParent(s)
+                "caldav", logFile=config.PostgresLogFile,
+                uid=postgresUID, gid=postgresGID).setServiceParent(s)
 
         else:
             monitor.setServiceParent(s)

Modified: CalendarServer/branches/users/glyph/sql-store/txdav/datastore/subpostgres.py
===================================================================
--- CalendarServer/branches/users/glyph/sql-store/txdav/datastore/subpostgres.py	2010-08-12 00:19:17 UTC (rev 6069)
+++ CalendarServer/branches/users/glyph/sql-store/txdav/datastore/subpostgres.py	2010-08-12 00:25:05 UTC (rev 6070)
@@ -159,7 +159,8 @@
 
     def __init__(self, dataStoreDirectory, subServiceFactory,
                  schema, databaseName='subpostgres', resetSchema=False,
-                 logFile="postgres.log", testMode=False):
+                 logFile="postgres.log", testMode=False,
+                 uid=None, gid=None):
         """
         Initialize a L{PostgresService} pointed at a data store directory.
 
@@ -178,6 +179,8 @@
             (md5(dataStoreDirectory.path).hexdigest()))
         self.databaseName = databaseName
         self.logFile = logFile
+        self.uid = uid
+        self.gid = gid
         self.schema = schema
         self.monitor = None
         self.openConnections = []
@@ -308,7 +311,8 @@
                 "-o", "-c listen_addresses='' -k '%s' -c standard_conforming_strings=on -c shared_buffers=%d -c max_connections=%d"
                     % (self.socketDir.path, self.sharedBuffers, self.maxConnections),
             ],
-            self.env
+            self.env,
+            uid=self.uid, gid=self.gid,
         )
         self.monitor = monitor
         def gotReady(result):
@@ -332,8 +336,12 @@
         if clusterDir.isdir():
             self.startDatabase()
         else:
-            self.dataStoreDirectory.createDirectory()
-            workingDir.createDirectory()
+            if not self.dataStoreDirectory.isdir():
+                self.dataStoreDirectory.createDirectory()
+            if not clusterDir.isdir():
+                clusterDir.createDirectory()
+            if not workingDir.isdir():
+                workingDir.createDirectory()
             dbInited = getProcessOutput(
                 initdb, [], env, workingDir.path, errortoo=True
             )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20100811/f9469533/attachment-0001.html>

More information about the calendarserver-changes mailing list