File:  [LON-CAPA] / loncom / apachereload
Revision 1.2: download - view: text, annotated - select for diffs
Thu Jul 7 22:26:52 2005 UTC (18 years, 8 months ago) by albertel
Branches: MAIN
CVS tags: HEAD
- suse has apache not httpd

    1: #!/usr/bin/perl
    2: # The Learning Online Network with CAPA
    3: #
    4: # apachereload - setuid script that reloads the apache daemon.
    5: #
    6: #
    7: # $Id
    8: #
    9: #  Change log:
   10: #   $Log: apachereload,v $
   11: #   Revision 1.2  2005/07/07 22:26:52  albertel
   12: #   - suse has apache not httpd
   13: #
   14: #   Revision 1.1  2003/09/30 10:06:48  foxr
   15: #   This is a setuid script that allows the www user to issue
   16: #   /etc/init.d/httpd reload
   17: #
   18: #   This functionality is required by lond and lonc when they have been asked to
   19: #   reinitialize themselves.
   20: #
   21: #   Initial undebugged version.
   22: #
   23: ###
   24: 
   25: 
   26: use strict;
   27: #
   28: #  This script is a setuid script that must be run as user www
   29: #  it effectively just executes /etc/init.d/httpd reload.
   30: #  causing the apache daemon to get HUP'd.  The script is
   31: #  run by lond after re-initing it's host information.
   32: 
   33: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
   34:                                                                # information
   35: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
   36: 
   37: my $command = "/etc/init.d/httpd reload";
   38: my $dist=`$perlvar{'lonDaemons'}/distprobe`;
   39: if ($dist =~ /^(suse|sles)/) {
   40:     $command = "/etc/init.d/httpd reload";
   41: }
   42: # Do not print error messages
   43: my $noprint=1;
   44: 
   45: print "In apachereload" unless $noprint;
   46: 
   47: # ----------------------------- Make sure this process is running from user=www
   48: my $wwwid=getpwnam('www');
   49: &disable_root_capability;
   50: if ($wwwid!=$>) {
   51:     print("User ID mismatch.  This program must be run as user 'www'\n")
   52: 	unless $noprint;
   53:     exit 1;
   54: }
   55: 
   56: # ----------------------------------- Start running script with www permissions
   57: &disable_root_capability;
   58: 
   59: # --------------------------- Handle case of another apachereload process (locking)
   60: unless (&try_to_lock('/tmp/lock_apachereload')) {
   61:     print "Error. Too many other simultaneous password change requests being ".
   62: 	"made.\n" unless $noprint;
   63:     exit 4;
   64: }
   65: 
   66: 
   67: &enable_root_capability;
   68: ($>,$<)=(0,0);
   69: 
   70: 
   71: #  Now run the reload:
   72: #
   73: 
   74: system($command);
   75: 
   76: #  Remove the lock file.
   77: 
   78: 
   79: 
   80: &disable_root_capability;
   81: unlink('/tmp/lock_apachereload');
   82: exit 0;
   83: 
   84: # ---------------------------------------------- have setuid script run as root
   85: sub enable_root_capability {
   86:     if ($wwwid==$>) {
   87: 	($<,$>)=($>,0);
   88: 	($(,$))=($),0);
   89:     }
   90:     else {
   91: 	# root capability is already enabled
   92:     }
   93:     return $>;
   94: }
   95: 
   96: # ----------------------------------------------- have setuid script run as www
   97: sub disable_root_capability {
   98:     if ($wwwid==$<) {
   99: 	($<,$>)=($>,$<);
  100: 	($(,$))=($),$();
  101:     }
  102:     else {
  103: 	# root capability is already disabled
  104:     }
  105: }
  106: 
  107: # ----------------------- make sure that another apachereload process isn't running
  108: sub try_to_lock {
  109:     my ($lockfile)=@_;
  110:     my $currentpid;
  111:     my $lastpid;
  112:     # Do not manipulate lock file as root
  113:     if ($>==0) {
  114: 	return 0;
  115:     }
  116:     # Try to generate lock file.
  117:     # Wait 3 seconds.  If same process id is in
  118:     # lock file, then assume lock file is stale, and
  119:     # go ahead.  If process id's fluctuate, try
  120:     # for a maximum of 10 times.
  121:     for (0..10) {
  122: 	if (-e $lockfile) {
  123: 	    open(LOCK,"<$lockfile");
  124: 	    $currentpid=<LOCK>;
  125: 	    close LOCK;
  126: 	    if ($currentpid==$lastpid) {
  127: 		last;
  128: 	    }
  129: 	    sleep 3;
  130: 	    $lastpid=$currentpid;
  131: 	}
  132: 	else {
  133: 	    last;
  134: 	}
  135: 	if ($_==10) {
  136: 	    return 0;
  137: 	}
  138:     }
  139:     open(LOCK,">$lockfile");
  140:     print LOCK $$;
  141:     close LOCK;
  142:     return 1;
  143: }
  144: 
  145: =head1 NAME
  146: 
  147: apachereload -setuid script to reload the apache web server.
  148: 
  149: =head1 DESCRIPTION
  150: 
  151: LON-CAPA - setuid script to reload the apache web server.
  152: 
  153: =head1 README
  154: 
  155: LON-CAPA  setuid script to reload the apache web server.
  156: 
  157: =head1 PREREQUISITES
  158: 
  159: =head1 COREQUISITES
  160: 
  161: =pod OSNAMES
  162: 
  163: linux
  164: 
  165: =pod SCRIPT CATEGORIES
  166: 
  167: LONCAPA/Administrative
  168: 
  169: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>