Annotation of loncom/apachereload, revision 1.1

1.1     ! foxr        1: #!/usr/bin/perl
        !             2: # The Learning Online Network with CAPA
        !             3: #
        !             4: # apachereload - setuid script that reloads the apache daemon.
        !             5: #
        !             6: #
        !             7: # $Id
        !             8: #
        !             9: #  Change log:
        !            10: #   $Log$
        !            11: ###
        !            12: 
        !            13: 
        !            14: use strict;
        !            15: #
        !            16: #  This script is a setuid script that must be run as user www
        !            17: #  it effectively just executes /etc/init.d/httpd reload.
        !            18: #  causing the apache daemon to get HUP'd.  The script is
        !            19: #  run by lond after re-initing it's host information.
        !            20: 
        !            21: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
        !            22:                                                                # information
        !            23: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
        !            24: 
        !            25: my $command = "/etc/init.d/httpd reload";
        !            26: 
        !            27: # Do not print error messages
        !            28: my $noprint=1;
        !            29: 
        !            30: print "In apachereload" unless $noprint;
        !            31: 
        !            32: # ----------------------------- Make sure this process is running from user=www
        !            33: my $wwwid=getpwnam('www');
        !            34: &disable_root_capability;
        !            35: if ($wwwid!=$>) {
        !            36:     print("User ID mismatch.  This program must be run as user 'www'\n")
        !            37: 	unless $noprint;
        !            38:     exit 1;
        !            39: }
        !            40: 
        !            41: # ----------------------------------- Start running script with www permissions
        !            42: &disable_root_capability;
        !            43: 
        !            44: # --------------------------- Handle case of another apachereload process (locking)
        !            45: unless (&try_to_lock('/tmp/lock_apachereload')) {
        !            46:     print "Error. Too many other simultaneous password change requests being ".
        !            47: 	"made.\n" unless $noprint;
        !            48:     exit 4;
        !            49: }
        !            50: 
        !            51: 
        !            52: &enable_root_capability;
        !            53: ($>,$<)=(0,0);
        !            54: 
        !            55: 
        !            56: #  Now run the reload:
        !            57: #
        !            58: 
        !            59: system($command);
        !            60: 
        !            61: #  Remove the lock file.
        !            62: 
        !            63: 
        !            64: 
        !            65: &disable_root_capability;
        !            66: unlink('/tmp/lock_apachereload');
        !            67: exit 0;
        !            68: 
        !            69: # ---------------------------------------------- have setuid script run as root
        !            70: sub enable_root_capability {
        !            71:     if ($wwwid==$>) {
        !            72: 	($<,$>)=($>,0);
        !            73: 	($(,$))=($),0);
        !            74:     }
        !            75:     else {
        !            76: 	# root capability is already enabled
        !            77:     }
        !            78:     return $>;
        !            79: }
        !            80: 
        !            81: # ----------------------------------------------- have setuid script run as www
        !            82: sub disable_root_capability {
        !            83:     if ($wwwid==$<) {
        !            84: 	($<,$>)=($>,$<);
        !            85: 	($(,$))=($),$();
        !            86:     }
        !            87:     else {
        !            88: 	# root capability is already disabled
        !            89:     }
        !            90: }
        !            91: 
        !            92: # ----------------------- make sure that another apachereload process isn't running
        !            93: sub try_to_lock {
        !            94:     my ($lockfile)=@_;
        !            95:     my $currentpid;
        !            96:     my $lastpid;
        !            97:     # Do not manipulate lock file as root
        !            98:     if ($>==0) {
        !            99: 	return 0;
        !           100:     }
        !           101:     # Try to generate lock file.
        !           102:     # Wait 3 seconds.  If same process id is in
        !           103:     # lock file, then assume lock file is stale, and
        !           104:     # go ahead.  If process id's fluctuate, try
        !           105:     # for a maximum of 10 times.
        !           106:     for (0..10) {
        !           107: 	if (-e $lockfile) {
        !           108: 	    open(LOCK,"<$lockfile");
        !           109: 	    $currentpid=<LOCK>;
        !           110: 	    close LOCK;
        !           111: 	    if ($currentpid==$lastpid) {
        !           112: 		last;
        !           113: 	    }
        !           114: 	    sleep 3;
        !           115: 	    $lastpid=$currentpid;
        !           116: 	}
        !           117: 	else {
        !           118: 	    last;
        !           119: 	}
        !           120: 	if ($_==10) {
        !           121: 	    return 0;
        !           122: 	}
        !           123:     }
        !           124:     open(LOCK,">$lockfile");
        !           125:     print LOCK $$;
        !           126:     close LOCK;
        !           127:     return 1;
        !           128: }
        !           129: 
        !           130: =head1 NAME
        !           131: 
        !           132: apachereload -setuid script to reload the apache web server.
        !           133: 
        !           134: =head1 DESCRIPTION
        !           135: 
        !           136: LON-CAPA - setuid script to reload the apache web server.
        !           137: 
        !           138: =head1 README
        !           139: 
        !           140: LON-CAPA  setuid script to reload the apache web server.
        !           141: 
        !           142: =head1 PREREQUISITES
        !           143: 
        !           144: =head1 COREQUISITES
        !           145: 
        !           146: =pod OSNAMES
        !           147: 
        !           148: linux
        !           149: 
        !           150: =pod SCRIPT CATEGORIES
        !           151: 
        !           152: LONCAPA/Administrative
        !           153: 
        !           154: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>