[Zope-Checkins] SVN: Zope/trunk/lib/python/Zope/Startup/zope Merge from 2.7 branch:

Chris McDonough chrism at plope.com
Sat May 22 22:41:28 EDT 2004


Log message for revision 24888:
Merge from 2.7 branch:

Collector 1304: zopectl doesn't allow specification of zdrun effective user.



-=-
Modified: Zope/trunk/lib/python/Zope/Startup/zopectl.py
===================================================================
--- Zope/trunk/lib/python/Zope/Startup/zopectl.py	2004-05-23 01:14:43 UTC (rev 24887)
+++ Zope/trunk/lib/python/Zope/Startup/zopectl.py	2004-05-23 02:41:28 UTC (rev 24888)
@@ -24,6 +24,7 @@
 -h/--help -- print this usage message and exit
 -i/--interactive -- start an interactive shell after executing commands
 -l/--logfile -- log file to be read by logtail command
+-u/--user -- run the daemon manager program as this user (or numeric id)
 -m/--umask -- provide octal umask for files created by the managed process
 action [arguments] -- see below
 
@@ -61,6 +62,7 @@
     program = "zopectl"
     schemadir = os.path.dirname(Zope.Startup.__file__)
     schemafile = "zopeschema.xml"
+    uid = gid = None
 
     # XXX Suppress using Zope's <eventlog> section to avoid using the
     # same logging for zdctl as for the Zope appserver.  There still
@@ -81,11 +83,32 @@
         self.add("default_to_interactive", "runner.default_to_interactive",
                  default=1)
         self.add("logfile", None, "l:", "logfile=")
+        self.add("user", "runner.user", "u:", "user=")
         self.add("prompt", "runner.prompt", default="zopectl>")
         self.add("umask", "runner.umask", "m:", "umask=")
 
     def realize(self, *args, **kw):
         ZDOptions.realize(self, *args, **kw)
+        # Additional checking of user option; set uid and gid
+        if self.user is not None:
+            import pwd
+            try:
+                uid = int(self.user)
+            except ValueError:
+                try:
+                    pwrec = pwd.getpwnam(self.user)
+                except KeyError:
+                    self.usage("username %r not found" % self.user)
+                uid = pwrec[2]
+            else:
+                try:
+                    pwrec = pwd.getpwuid(uid)
+                except KeyError:
+                    self.usage("uid %r not found" % self.user)
+            gid = pwrec[3]
+            self.uid = uid
+            self.gid = gid
+
         config = self.configroot
         self.directory = config.instancehome
         self.clienthome = config.clienthome
@@ -94,7 +117,6 @@
         else:
             self.program = [os.path.join(self.directory, "bin", "runzope")]
         self.sockname = os.path.join(self.clienthome, "zopectlsock")
-        self.user = None
         self.python = sys.executable
         self.zdrun = os.path.join(os.path.dirname(zdaemon.__file__),
                                   "zdrun.py")

Modified: Zope/trunk/lib/python/Zope/Startup/zopeschema.xml
===================================================================
--- Zope/trunk/lib/python/Zope/Startup/zopeschema.xml	2004-05-23 01:14:43 UTC (rev 24887)
+++ Zope/trunk/lib/python/Zope/Startup/zopeschema.xml	2004-05-23 02:41:28 UTC (rev 24888)
@@ -127,6 +127,27 @@
       </description>
     </key>
 
+    <key name="user" datatype="string"
+         required="no">
+      <description>
+        Command-line option: -u or --user.
+
+        When zdrun.py is started by root, this option specifies the
+        user as who the the zdrun.py process (and hence the daemon
+        subprocess) will run.  This can be a user name or a numeric
+        user id.  Both the user and the group are set from the
+        corresponding password entry, using setuid() and setgid().
+        This is done before zdrun.py does anything else besides
+        parsing its command line arguments.
+
+        NOTE: when zdrun.py is not started by root, specifying this
+        option is an error.  (XXX This may be a mistake.)
+
+        XXX The zdrun.py event log file may be opened *before*
+        setuid() is called.  Is this good or bad?
+      </description>
+    </key>
+
     <key name="hang-around" datatype="boolean"
 	 required="no" default="false">
       <description>




More information about the Zope-Checkins mailing list