[BACK]Return to apachereload CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom
File:  [LON-CAPA] / loncom / apachereload
Revision 1.3: download - view: text, annotated - select for diffs
Mon Jul 11 15:29:46 2005 UTC (18 years, 9 months ago) by albertel
Branches: MAIN
CVS tags: version_2_0_2, version_2_0_1, version_2_0_0, version_1_99_3, version_1_99_2, HEAD
- it's like I was drunk

    1: #!/usr/bin/perl
    2: # The Learning Online Network with CAPA
    3: #
    4: # apachereload - setuid script that reloads the apache daemon.
    5: #
    6: #
    7: # $Id
    8: #
    9: #  Change log:
   10: #   $Log: apachereload,v $
   11: #   Revision 1.3  2005/07/11 15:29:46  albertel
   12: #   - it's like I was drunk
   13: #
   14: #   Revision 1.2  2005/07/07 22:26:52  albertel
   15: #   - suse has apache not httpd
   16: #
   17: #   Revision 1.1  2003/09/30 10:06:48  foxr
   18: #   This is a setuid script that allows the www user to issue
   19: #   /etc/init.d/httpd reload
   20: #
   21: #   This functionality is required by lond and lonc when they have been asked to
   22: #   reinitialize themselves.
   23: #
   24: #   Initial undebugged version.
   25: #
   26: ###
   27: 
   28: 
   29: use strict;
   30: #
   31: #  This script is a setuid script that must be run as user www
   32: #  it effectively just executes /etc/init.d/httpd reload.
   33: #  causing the apache daemon to get HUP'd.  The script is
   34: #  run by lond after re-initing it's host information.
   35: 
   36: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
   37:                                                                # information
   38: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
   39: 
   40: my $command = "/etc/init.d/httpd reload";
   41: my $dist=`$perlvar{'lonDaemons'}/distprobe`;
   42: if ($dist =~ /^(suse|sles)/) {
   43:     $command = "/etc/init.d/apache reload";
   44: }
   45: # Do not print error messages
   46: my $noprint=1;
   47: 
   48: print "In apachereload" unless $noprint;
   49: 
   50: # ----------------------------- Make sure this process is running from user=www
   51: my $wwwid=getpwnam('www');
   52: &disable_root_capability;
   53: if ($wwwid!=$>) {
   54:     print("User ID mismatch.  This program must be run as user 'www'\n")
   55: 	unless $noprint;
   56:     exit 1;
   57: }
   58: 
   59: # ----------------------------------- Start running script with www permissions
   60: &disable_root_capability;
   61: 
   62: # --------------------------- Handle case of another apachereload process (locking)
   63: unless (&try_to_lock('/tmp/lock_apachereload')) {
   64:     print "Error. Too many other simultaneous password change requests being ".
   65: 	"made.\n" unless $noprint;
   66:     exit 4;
   67: }
   68: 
   69: 
   70: &enable_root_capability;
   71: ($>,$<)=(0,0);
   72: 
   73: 
   74: #  Now run the reload:
   75: #
   76: 
   77: system($command);
   78: 
   79: #  Remove the lock file.
   80: 
   81: 
   82: 
   83: &disable_root_capability;
   84: unlink('/tmp/lock_apachereload');
   85: exit 0;
   86: 
   87: # ---------------------------------------------- have setuid script run as root
   88: sub enable_root_capability {
   89:     if ($wwwid==$>) {
   90: 	($<,$>)=($>,0);
   91: 	($(,$))=($),0);
   92:     }
   93:     else {
   94: 	# root capability is already enabled
   95:     }
   96:     return $>;
   97: }
   98: 
   99: # ----------------------------------------------- have setuid script run as www
  100: sub disable_root_capability {
  101:     if ($wwwid==$<) {
  102: 	($<,$>)=($>,$<);
  103: 	($(,$))=($),$();
  104:     }
  105:     else {
  106: 	# root capability is already disabled
  107:     }
  108: }
  109: 
  110: # ----------------------- make sure that another apachereload process isn't running
  111: sub try_to_lock {
  112:     my ($lockfile)=@_;
  113:     my $currentpid;
  114:     my $lastpid;
  115:     # Do not manipulate lock file as root
  116:     if ($>==0) {
  117: 	return 0;
  118:     }
  119:     # Try to generate lock file.
  120:     # Wait 3 seconds.  If same process id is in
  121:     # lock file, then assume lock file is stale, and
  122:     # go ahead.  If process id's fluctuate, try
  123:     # for a maximum of 10 times.
  124:     for (0..10) {
  125: 	if (-e $lockfile) {
  126: 	    open(LOCK,"<$lockfile");
  127: 	    $currentpid=<LOCK>;
  128: 	    close LOCK;
  129: 	    if ($currentpid==$lastpid) {
  130: 		last;
  131: 	    }
  132: 	    sleep 3;
  133: 	    $lastpid=$currentpid;
  134: 	}
  135: 	else {
  136: 	    last;
  137: 	}
  138: 	if ($_==10) {
  139: 	    return 0;
  140: 	}
  141:     }
  142:     open(LOCK,">$lockfile");
  143:     print LOCK $$;
  144:     close LOCK;
  145:     return 1;
  146: }
  147: 
  148: =head1 NAME
  149: 
  150: apachereload -setuid script to reload the apache web server.
  151: 
  152: =head1 DESCRIPTION
  153: 
  154: LON-CAPA - setuid script to reload the apache web server.
  155: 
  156: =head1 README
  157: 
  158: LON-CAPA  setuid script to reload the apache web server.
  159: 
  160: =head1 PREREQUISITES
  161: 
  162: =head1 COREQUISITES
  163: 
  164: =pod OSNAMES
  165: 
  166: linux
  167: 
  168: =pod SCRIPT CATEGORIES
  169: 
  170: LONCAPA/Administrative
  171: 
  172: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>