Permalink
Browse files

added posix functions for dynamically resolving the user

  • Loading branch information...
1 parent e827b2f commit 2598449029212a25291eee6a28445d29bfd85a0e @jessegreathouse jessegreathouse committed Jul 21, 2011
Showing with 77 additions and 26 deletions.
  1. +26 −10 Daemon.php
  2. +24 −4 DependencyInjection/CodeMemeDaemonExtension.php
  3. +11 −12 README.md
  4. +16 −0 System/Daemon.php
View
@@ -16,6 +16,7 @@
*/
use CodeMeme\Bundle\CodeMemeDaemonBundle\System\Daemon as System_Daemon;
+use CodeMeme\Bundle\CodeMemeDaemonBundle\System\Daemon\Exception as CodeMemeDaemonBundleException;
class Daemon
{
@@ -26,10 +27,29 @@ class Daemon
public function __construct($options)
{
- if (!empty($options))
- {
+ if (!empty($options)) {
+ $options = $this->validateOptions($options);
$this->setConfig($options);
- }
+ } else {
+ throw new CodeMemeDaemonBundleException('Daemon instantiated without a config');
+ }
+ }
+
+ private function validateOptions($options)
+ {
+ if (!isset($options['appRunAsUID'])) {
+ throw new CodeMemeDaemonBundleException('Daemon instantiated without user or group');
+ }
+
+ if (!isset($options['appRunAsGID'])) {
+ try {
+ $options['appRunAsGID'] = posix_getegid();
+ } catch (CodeMemeDaemonBundleException $e) {
+ echo 'Exception caught: ', $e->getMessage(), "\n";
+ }
+ }
+
+ return $options;
}
public function setConfig($config)
@@ -101,13 +121,9 @@ public function stop()
{
if (file_exists($this->_config['appPidLocation'])) {
unlink($this->_config['appPidLocation']);
- System_Daemon::info('{appName} System Daemon Terminated at %s',
- date("F j, Y, g:i a")
- );
- } else {
- System_Daemon::info('{appName} System Daemon is not running. Could not terminate at %s',
- date("F j, Y, g:i a")
- );
}
+ System_Daemon::info('{appName} System Daemon Terminated at %s',
+ date("F j, Y, g:i a")
+ );
}
}
@@ -44,7 +44,7 @@ private function mergeExternalConfig($config)
private function getDefaultConfig($name, $container)
{
- return array(
+ $defaults = array(
'appName' => $name,
'appDir' => $container->getParameter('kernel.root_dir'),
'appDescription' => 'CodeMeme System Daemon',
@@ -54,9 +54,13 @@ private function getDefaultConfig($name, $container)
'appPidLocation' => $container->getParameter('kernel.cache_dir') . '/'. $name . '/' . $name . '.daemon.pid',
'sysMaxExecutionTime' => 0,
'sysMaxInputTime' => 0,
- 'sysMemoryLimit' => '1024M',
- 'appRunAsGID' => 1,
- 'appRunAsUID' => 1);
+ 'sysMemoryLimit' => '1024M');
+
+ if (function_exists('posix_geteuid')) {
+ $defaults['appRunAsUID'] = posix_geteuid();
+ }
+
+ return $defaults;
}
private function _init($config, $container)
@@ -74,6 +78,22 @@ private function _init($config, $container)
echo 'CodeMemeDaemonBundle exception: ', $e->getMessage(), "\n";
}
+ if (isset($cnf['appUser']) || isset($cnf['appGroup'])) {
+ if (isset($cnf['appUser']) && (function_exists('posix_getpwnam'))) {
+ $user = posix_getpwnam($cnf['appUser']);
+ if ($user) {
+ $cnf['appRunAsUID'] = $user['uid'];
+ }
+ }
+
+ if (isset($cnf['appGroup']) && (function_exists('posix_getgrnam'))) {
+ $group = posix_getgrnam($cnf['appGroup']);
+ if ($group) {
+ $cnf['appRunAsGID'] = $group['gid'];
+ }
+ }
+ }
+
$container->setParameter($name.'.daemon.options',
array_merge($this->getDefaultConfig($name, $container), $cnf));
}
View
@@ -66,9 +66,8 @@ By Default, system daemons have a sensible configuration. If you need to change
#CodeMemeDaemonBundle Configuration Example
code_meme_daemon:
daemons:
- example:
- appRunAsGID: 33
- appRunAsUID: 33
+ #creates a daemon using default options
+ example: ~
#an example of all the available options
explicitexample:
@@ -82,11 +81,13 @@ By Default, system daemons have a sensible configuration. If you need to change
sysMaxExecutionTime: 0
sysMaxInputTime: 0
sysMemoryLimit: 1024M
- appRunAsGID: 1
- appRunAsUID: 1
+ appUser: apache
+ appGroup: apache
+ appRunAsGID: 1000
+ appRunAsUID: 1000
-#### security concern with default user and group RunAs ####
-it is highly recommended to set the appRunAsGID and /or appRunAsUID options as this can cause troublesome problems with permissions on your server. The default is 1 for both and from system to system this may be root or it may be a different user. To make sure files are set to the correct permissions level, it is best to set these values to the UID and GID of the webserver or application user.
+#### RunAs ####
+You can run the daemon as a different user or group depending on what is best for your application. By default it will resolve the user and group of the user who is running the daemon from the command console, but if you want to run as a different user you can use the appUser, appGroup or appRunAsGID, appRunAsUID options. Remember if you need to run as a different user you must start the daemon as sudo or a superuser.
To find out the group and user id of a specific user you can use the following commands.
@@ -101,20 +102,18 @@ The Following links are examples of how to use a system daemon in an example pro
- [Restart Command][10]
- [Example Service Class][5]
- [Config of Control Service][6]
-- [Control Service DiC][7]
[5]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/Service/ExampleControl.php
[6]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/Resources/config/daemon.xml
- [7]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/DependencyInjection/ExampleExtension.php
[8]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/Command/ExampleStartCommand.php
[9]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/Command/ExampleStopCommand.php
[10]: https://github.com/CodeMeme/CodeMemeDaemonBundle/blob/master/Command/ExampleRestartCommand.php
##Usage##
Once you have Daemonized your symfony Console Commands, you can simply run them from the command line like so:
- jesse@picard:~/codememe$ sudo php app/console jobqueue:start
+ jesse@picard:~/codememe$ php app/console jobqueue:start
- jesse@picard:~/codememe$ sudo php app/console jobqueue:stop
+ jesse@picard:~/codememe$ php app/console jobqueue:stop
- jesse@picard:~/codememe$ sudo php app/console jobqueue:restart
+ jesse@picard:~/codememe$ php app/console jobqueue:restart
View
@@ -291,6 +291,14 @@ class Daemon
'detail' => 'Defaults to root which is insecure!',
'required' => true,
),
+ 'appUser' => array(
+ 'type' => 'string',
+ 'default' => 'root',
+ 'punch' => 'The user name under which to run the process',
+ 'example' => 'www-data',
+ 'detail' => 'Defaults to root which is insecure!',
+ 'required' => false,
+ ),
'appRunAsGID' => array(
'type' => 'number/0-65000',
'default' => 0,
@@ -299,6 +307,14 @@ class Daemon
'detail' => 'Defaults to root which is insecure!',
'required' => true,
),
+ 'appGroup' => array(
+ 'type' => 'string',
+ 'default' => 'root',
+ 'punch' => 'The group name under which to run the process',
+ 'example' => 'www-data',
+ 'detail' => 'Defaults to root which is insecure!',
+ 'required' => false,
+ ),
'appPidLocation' => array(
'type' => 'string/unix_filepath',
'default' => '/var/run/{OPTIONS.appName}/{OPTIONS.appName}.pid',

0 comments on commit 2598449

Please sign in to comment.