|
version 1.5, 2006/01/27 21:21:05
|
version 1.9, 2020/05/09 16:40:32
|
|
Line 32
|
Line 32
|
| use strict; |
use strict; |
| # |
# |
| # This script is a setuid script that must be run as user www |
# This script is a setuid script that must be run as user www |
| # it effectively just executes /etc/init.d/httpd reload. |
# it effectively just executes one of the following five commands: |
| # causing the apache daemon to get HUP'd. The script is |
# /etc/init.d/httpd reload |
| # run by lond after re-initing it's host information. |
# /etc/init.d/apache reload |
| |
# /etc/init.d/apache2 reload |
| |
# /bin/systemctl reload httpd.service |
| |
# /bin/systemctl reload apache2.service |
| |
# (depending on Linux distro) causing the apache daemon to get HUP'd. |
| |
# The script is run by lond after re-initing its host information. |
| |
|
| $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path |
$ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path |
| # information |
# information |
| delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints |
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints |
| |
|
| my $command = "/etc/init.d/httpd reload"; |
my $command; |
| |
my $checker_bin = '/sbin/chkconfig'; |
| use lib '/home/httpd/lib/perl/'; |
my $sysctl_bin = '/bin/systemctl'; |
| use LONCAPA::Configuration; |
my $sysv_bin = '/usr/sbin/sysv-rc-conf'; |
| my %perlvar= %{&LONCAPA::Configuration::read_conf('loncapa.conf')}; |
|
| |
if (-x $sysctl_bin) { |
| my $execdir = ($perlvar{'lonDaemons'} =~/(.*)/); |
if (open(PIPE,"$sysctl_bin list-unit-files --type=service 2>/dev/null |")) { |
| my $dist=`$execdir/distprobe`; |
my @lines = <PIPE>; |
| if ($dist =~ /^(suse|sles)/) { |
chomp(@lines); |
| $command = "/etc/init.d/apache reload"; |
close(PIPE); |
| |
if (grep(/^httpd\.service/,@lines)) { |
| |
$command = '/bin/systemctl reload httpd.service'; |
| |
} elsif (grep(/^apache2\.service/,@lines)) { |
| |
$command = '/bin/systemctl reload apache2.service'; |
| |
} |
| |
} |
| |
} |
| |
if (($command eq '') && (-x $checker_bin)) { |
| |
if (open(PIPE,"$checker_bin --list 2>/dev/null |")) { |
| |
my @lines = <PIPE>; |
| |
chomp(@lines); |
| |
close(PIPE); |
| |
if (grep(/^httpd/,@lines)) { |
| |
$command = '/etc/init.d/httpd reload'; |
| |
} elsif (grep(/^apache2/,@lines)) { |
| |
$command = '/etc/init.d/apache2 reload'; |
| |
} elsif (grep(/^apache\s+/,@lines)) { |
| |
$command = '/etc/init.d/apache reload'; |
| |
} |
| |
} |
| |
} |
| |
if (($command eq '') && (-x $sysv_bin)) { |
| |
if (open(PIPE,"$checker_bin --list 2>/dev/null |")) { |
| |
my @lines = <PIPE>; |
| |
chomp(@lines); |
| |
close(PIPE); |
| |
if (grep(/^apache2/,@lines)) { |
| |
$command = '/etc/init.d/apache2 reload'; |
| |
} elsif (grep(/^apache\s+/,@lines)) { |
| |
$command = '/etc/init.d/apache reload'; |
| |
} |
| |
} |
| } |
} |
| |
|
| # Do not print error messages |
# Do not print error messages |
| my $noprint=1; |
my $noprint=1; |
| |
|
| print "In apachereload" unless $noprint; |
if ($command eq '') { |
| |
print("Could not determine command to reload Apache.\n") |
| |
unless $noprint; |
| |
exit 1; |
| |
} else { |
| |
print "In apachereload" unless $noprint; |
| |
} |
| |
|
| # ----------------------------- Make sure this process is running from user=www |
# ----------------------------- Make sure this process is running from user=www |
| my $wwwid=getpwnam('www'); |
my $wwwid=getpwnam('www'); |
|
Line 68 if ($wwwid!=$>) {
|
Line 112 if ($wwwid!=$>) {
|
| # ----------------------------------- Start running script with www permissions |
# ----------------------------------- Start running script with www permissions |
| &disable_root_capability; |
&disable_root_capability; |
| |
|
| # --------------------------- Handle case of another apachereload process (locking) |
|
| unless (&try_to_lock('/tmp/lock_apachereload')) { |
|
| print "Error. Too many other simultaneous password change requests being ". |
|
| "made.\n" unless $noprint; |
|
| exit 4; |
|
| } |
|
| |
|
| |
|
| &enable_root_capability; |
&enable_root_capability; |
| ($>,$<)=(0,0); |
($>,$<)=(0,0); |
| |
|
|
Line 83 unless (&try_to_lock('/tmp/lock_apachere
|
Line 119 unless (&try_to_lock('/tmp/lock_apachere
|
| # Now run the reload: |
# Now run the reload: |
| # |
# |
| |
|
| system($command); |
system("$command > /dev/null 2>&1"); |
| |
|
| # Remove the lock file. |
|
| |
|
| |
|
| |
|
| &disable_root_capability; |
&disable_root_capability; |
| unlink('/tmp/lock_apachereload'); |
|
| exit 0; |
exit 0; |
| |
|
| # ---------------------------------------------- have setuid script run as root |
# ---------------------------------------------- have setuid script run as root |
|
Line 116 sub disable_root_capability {
|
Line 147 sub disable_root_capability {
|
| } |
} |
| } |
} |
| |
|
| # ----------------------- make sure that another apachereload process isn't running |
|
| sub try_to_lock { |
|
| my ($lockfile)=@_; |
|
| my $currentpid; |
|
| my $lastpid; |
|
| # Do not manipulate lock file as root |
|
| if ($>==0) { |
|
| return 0; |
|
| } |
|
| # Try to generate lock file. |
|
| # Wait 3 seconds. If same process id is in |
|
| # lock file, then assume lock file is stale, and |
|
| # go ahead. If process id's fluctuate, try |
|
| # for a maximum of 10 times. |
|
| for (0..10) { |
|
| if (-e $lockfile) { |
|
| open(LOCK,"<$lockfile"); |
|
| $currentpid=<LOCK>; |
|
| close LOCK; |
|
| if ($currentpid==$lastpid) { |
|
| last; |
|
| } |
|
| sleep 3; |
|
| $lastpid=$currentpid; |
|
| } |
|
| else { |
|
| last; |
|
| } |
|
| if ($_==10) { |
|
| return 0; |
|
| } |
|
| } |
|
| open(LOCK,">$lockfile"); |
|
| print LOCK $$; |
|
| close LOCK; |
|
| return 1; |
|
| } |
|
| |
|
| =head1 NAME |
=head1 NAME |
| |
|
| apachereload -setuid script to reload the apache web server. |
apachereload -setuid script to reload the apache web server. |
![[BACK]](/icons/back.gif){kind=icon}
Return to apachereload CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom