[BACK]Return to apachereload CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom
File:  [LON-CAPA] / loncom / apachereload
Revision 1.1: download - view: text, annotated - select for diffs
Tue Sep 30 10:06:48 2003 UTC (20 years, 6 months ago) by foxr
Branches: MAIN
CVS tags: version_1_99_1_tmcc, version_1_99_1, version_1_99_0_tmcc, version_1_99_0, version_1_3_X, version_1_3_3, version_1_3_2, version_1_3_1, version_1_3_0, version_1_2_X, version_1_2_99_1, version_1_2_99_0, version_1_2_1, version_1_2_0, version_1_1_X, version_1_1_99_5, version_1_1_99_4, version_1_1_99_3, version_1_1_99_2, version_1_1_99_1, version_1_1_99_0, version_1_1_3, version_1_1_2, version_1_1_1, version_1_1_0, version_1_0_99_3, version_1_0_99_2, version_1_0_99_1, version_1_0_99, HEAD
This is a setuid script that allows the www user to issue
/etc/init.d/httpd reload

This functionality is required by lond and lonc when they have been asked to
reinitialize themselves.

Initial undebugged version.

    1: #!/usr/bin/perl
    2: # The Learning Online Network with CAPA
    3: #
    4: # apachereload - setuid script that reloads the apache daemon.
    5: #
    6: #
    7: # $Id
    8: #
    9: #  Change log:
   10: #   $Log: apachereload,v $
   11: #   Revision 1.1  2003/09/30 10:06:48  foxr
   12: #   This is a setuid script that allows the www user to issue
   13: #   /etc/init.d/httpd reload
   14: #
   15: #   This functionality is required by lond and lonc when they have been asked to
   16: #   reinitialize themselves.
   17: #
   18: #   Initial undebugged version.
   19: #
   20: ###
   21: 
   22: 
   23: use strict;
   24: #
   25: #  This script is a setuid script that must be run as user www
   26: #  it effectively just executes /etc/init.d/httpd reload.
   27: #  causing the apache daemon to get HUP'd.  The script is
   28: #  run by lond after re-initing it's host information.
   29: 
   30: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
   31:                                                                # information
   32: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
   33: 
   34: my $command = "/etc/init.d/httpd reload";
   35: 
   36: # Do not print error messages
   37: my $noprint=1;
   38: 
   39: print "In apachereload" unless $noprint;
   40: 
   41: # ----------------------------- Make sure this process is running from user=www
   42: my $wwwid=getpwnam('www');
   43: &disable_root_capability;
   44: if ($wwwid!=$>) {
   45:     print("User ID mismatch.  This program must be run as user 'www'\n")
   46: 	unless $noprint;
   47:     exit 1;
   48: }
   49: 
   50: # ----------------------------------- Start running script with www permissions
   51: &disable_root_capability;
   52: 
   53: # --------------------------- Handle case of another apachereload process (locking)
   54: unless (&try_to_lock('/tmp/lock_apachereload')) {
   55:     print "Error. Too many other simultaneous password change requests being ".
   56: 	"made.\n" unless $noprint;
   57:     exit 4;
   58: }
   59: 
   60: 
   61: &enable_root_capability;
   62: ($>,$<)=(0,0);
   63: 
   64: 
   65: #  Now run the reload:
   66: #
   67: 
   68: system($command);
   69: 
   70: #  Remove the lock file.
   71: 
   72: 
   73: 
   74: &disable_root_capability;
   75: unlink('/tmp/lock_apachereload');
   76: exit 0;
   77: 
   78: # ---------------------------------------------- have setuid script run as root
   79: sub enable_root_capability {
   80:     if ($wwwid==$>) {
   81: 	($<,$>)=($>,0);
   82: 	($(,$))=($),0);
   83:     }
   84:     else {
   85: 	# root capability is already enabled
   86:     }
   87:     return $>;
   88: }
   89: 
   90: # ----------------------------------------------- have setuid script run as www
   91: sub disable_root_capability {
   92:     if ($wwwid==$<) {
   93: 	($<,$>)=($>,$<);
   94: 	($(,$))=($),$();
   95:     }
   96:     else {
   97: 	# root capability is already disabled
   98:     }
   99: }
  100: 
  101: # ----------------------- make sure that another apachereload process isn't running
  102: sub try_to_lock {
  103:     my ($lockfile)=@_;
  104:     my $currentpid;
  105:     my $lastpid;
  106:     # Do not manipulate lock file as root
  107:     if ($>==0) {
  108: 	return 0;
  109:     }
  110:     # Try to generate lock file.
  111:     # Wait 3 seconds.  If same process id is in
  112:     # lock file, then assume lock file is stale, and
  113:     # go ahead.  If process id's fluctuate, try
  114:     # for a maximum of 10 times.
  115:     for (0..10) {
  116: 	if (-e $lockfile) {
  117: 	    open(LOCK,"<$lockfile");
  118: 	    $currentpid=<LOCK>;
  119: 	    close LOCK;
  120: 	    if ($currentpid==$lastpid) {
  121: 		last;
  122: 	    }
  123: 	    sleep 3;
  124: 	    $lastpid=$currentpid;
  125: 	}
  126: 	else {
  127: 	    last;
  128: 	}
  129: 	if ($_==10) {
  130: 	    return 0;
  131: 	}
  132:     }
  133:     open(LOCK,">$lockfile");
  134:     print LOCK $$;
  135:     close LOCK;
  136:     return 1;
  137: }
  138: 
  139: =head1 NAME
  140: 
  141: apachereload -setuid script to reload the apache web server.
  142: 
  143: =head1 DESCRIPTION
  144: 
  145: LON-CAPA - setuid script to reload the apache web server.
  146: 
  147: =head1 README
  148: 
  149: LON-CAPA  setuid script to reload the apache web server.
  150: 
  151: =head1 PREREQUISITES
  152: 
  153: =head1 COREQUISITES
  154: 
  155: =pod OSNAMES
  156: 
  157: linux
  158: 
  159: =pod SCRIPT CATEGORIES
  160: 
  161: LONCAPA/Administrative
  162: 
  163: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>