Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

added posix functions for dynamically resolving the user

  • Loading branch information...
commit 2598449029212a25291eee6a28445d29bfd85a0e 1 parent e827b2f
@jessegreathouse jessegreathouse authored
View
36 Daemon.php
@@ -16,6 +16,7 @@
*/
use CodeMeme\Bundle\CodeMemeDaemonBundle\System\Daemon as System_Daemon;
+use CodeMeme\Bundle\CodeMemeDaemonBundle\System\Daemon\Exception as CodeMemeDaemonBundleException;
class Daemon
{
@@ -26,10 +27,29 @@ class Daemon
public function __construct($options)
{
- if (!empty($options))
- {
+ if (!empty($options)) {
+ $options = $this->validateOptions($options);
$this->setConfig($options);
- }
+ } else {
+ throw new CodeMemeDaemonBundleException('Daemon instantiated without a config');
+ }
+ }
+
+ private function validateOptions($options)
+ {
+ if (!isset($options['appRunAsUID'])) {
+ throw new CodeMemeDaemonBundleException('Daemon instantiated without user or group');
+ }
+
+ if (!isset($options['appRunAsGID'])) {
+ try {
+ $options['appRunAsGID'] = posix_getegid();
+ } catch (CodeMemeDaemonBundleException $e) {
+ echo 'Exception caught: ', $e->getMessage(), "\n";
+ }
+ }
+
+ return $options;
}
public function setConfig($config)
@@ -101,13 +121,9 @@ public function stop()
{
if (file_exists($this->_config['appPidLocation'])) {
unlink($this->_config['appPidLocation']);
- System_Daemon::info('{appName} System Daemon Terminated at %s',
- date("F j, Y, g:i a")
- );
- } else {
- System_Daemon::info('{appName} System Daemon is not running. Could not terminate at %s',
- date("F j, Y, g:i a")
- );
}
+ System_Daemon::info('{appName} System Daemon Terminated at %s',
+ date("F j, Y, g:i a")
+ );
}
}
View
28 DependencyInjection/CodeMemeDaemonExtension.php
@@ -44,7 +44,7 @@ private function mergeExternalConfig($config)
private function getDefaultConfig($name, $container)
{
- return array(
+ $defaults = array(
'appName' => $name,
'appDir' => $container->getParameter('kernel.root_dir'),
'appDescription' => 'CodeMeme System Daemon',
@@ -54,9 +54,13 @@ private function getDefaultConfig($name, $container)
'appPidLocation' => $container->getParameter('kernel.cache_dir') . '/'. $name . '/' . $name . '.daemon.pid',
'sysMaxExecutionTime' => 0,
'sysMaxInputTime' => 0,
- 'sysMemoryLimit' => '1024M',
- 'appRunAsGID' => 1,
- 'appRunAsUID' => 1);
+ 'sysMemoryLimit' => '1024M');
+
+ if (function_exists('posix_geteuid')) {
+ $defaults['appRunAsUID'] = posix_geteuid();
+ }
+
+ return $defaults;
}
private function _init($config, $container)
@@ -74,6 +78,22 @@ private function _init($config, $container)
echo 'CodeMemeDaemonBundle exception: ', $e->getMessage(), "\n";
}
+ if (isset($cnf['appUser']) || isset($cnf['appGroup'])) {
+ if (isset($cnf['appUser']) && (function_exists('posix_getpwnam'))) {
+ $user = posix_getpwnam($cnf['appUser']);
+ if ($user) {
+ $cnf['appRunAsUID'] = $user['uid'];
+ }
+ }
+
+ if (isset($cnf['appGroup']) && (function_exists('posix_getgrnam'))) {
+ $group = posix_getgrnam($cnf['appGroup']);
+ if ($group) {
+ $cnf['appRunAsGID'] = $group['gid'];
+ }
+ }
+ }
+
$container->setParameter($name.'.daemon.options',
array_merge($this->getDefaultConfig($name, $container), $cnf));
}
View
23 README.md
@@ -66,9 +66,8 @@ By Default, system daemons have a sensible configuration. If you need to change
#CodeMemeDaemonBundle Configuration Example
code_meme_daemon:
daemons:
- example:
- appRunAsGID: 33
- appRunAsUID: 33
+ #creates a daemon using default options
+ example: ~
#an example of all the available options
explicitexample:
@@ -82,11 +81,13 @@ By Default, system daemons have a sensible configuration. If you need to change
sysMaxExecutionTime: 0
sysMaxInputTime: 0
sysMemoryLimit: 1024M
- appRunAsGID: 1
- appRunAsUID: 1
+ appUser: apache
+ appGroup: apache
+ appRunAsGID: 1000
+ appRunAsUID: 1000
-#### security concern with default user and group RunAs ####
-it is highly recommended to set the appRunAsGID and /or appRunAsUID options as this can cause troublesome problems with permissions on your server. The default is 1 for both and from system to system this may be root or it may be a different user. To make sure files are set to the correct permissions level, it is best to set these values to the UID and GID of the webserver or application user.
+#### RunAs ####
+You can run the daemon as a different user or group depending on what is best for your application. By default it will resolve the user and group of the user who is running the daemon from the command console, but if you want to run as a different user you can use the appUser, appGroup or appRunAsGID, appRunAsUID options. Remember if you need to run as a different user you must start the daemon as sudo or a superuser.
To find out the group and user id of a specific user you can use the following commands.
@@ -101,11 +102,9 @@ The Following links are examples of how to use a system daemon in an example pro
- [Restart Command][10]
- [Example Service Class][5]
- [Config of Control Service][6]
-- [Control Service DiC][7]
[5]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/Service/ExampleControl.php
[6]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/Resources/config/daemon.xml
- [7]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/DependencyInjection/ExampleExtension.php
[8]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/Command/ExampleStartCommand.php
[9]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/Command/ExampleStopCommand.php
[10]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/Command/ExampleRestartCommand.php
@@ -113,8 +112,8 @@ The Following links are examples of how to use a system daemon in an example pro
##Usage##
Once you have Daemonized your symfony Console Commands, you can simply run them from the command line like so:
- jesse@picard:~/codememe$ sudo php app/console jobqueue:start
+ jesse@picard:~/codememe$ php app/console jobqueue:start
- jesse@picard:~/codememe$ sudo php app/console jobqueue:stop
+ jesse@picard:~/codememe$ php app/console jobqueue:stop
- jesse@picard:~/codememe$ sudo php app/console jobqueue:restart
+ jesse@picard:~/codememe$ php app/console jobqueue:restart
View
16 System/Daemon.php
@@ -291,6 +291,14 @@ class Daemon
'detail' => 'Defaults to root which is insecure!',
'required' => true,
),
+ 'appUser' => array(
+ 'type' => 'string',
+ 'default' => 'root',
+ 'punch' => 'The user name under which to run the process',
+ 'example' => 'www-data',
+ 'detail' => 'Defaults to root which is insecure!',
+ 'required' => false,
+ ),
'appRunAsGID' => array(
'type' => 'number/0-65000',
'default' => 0,
@@ -299,6 +307,14 @@ class Daemon
'detail' => 'Defaults to root which is insecure!',
'required' => true,
),
+ 'appGroup' => array(
+ 'type' => 'string',
+ 'default' => 'root',
+ 'punch' => 'The group name under which to run the process',
+ 'example' => 'www-data',
+ 'detail' => 'Defaults to root which is insecure!',
+ 'required' => false,
+ ),
'appPidLocation' => array(
'type' => 'string/unix_filepath',
'default' => '/var/run/{OPTIONS.appName}/{OPTIONS.appName}.pid',
Please sign in to comment.
Something went wrong with that request. Please try again.