File:
[LON-CAPA] /
loncom /
apachereload
Revision
1.1:
download - view:
text,
annotated -
select for diffs
Tue Sep 30 10:06:48 2003 UTC (20 years, 11 months ago) by
foxr
Branches:
MAIN
CVS tags:
version_1_99_1_tmcc,
version_1_99_1,
version_1_99_0_tmcc,
version_1_99_0,
version_1_3_X,
version_1_3_3,
version_1_3_2,
version_1_3_1,
version_1_3_0,
version_1_2_X,
version_1_2_99_1,
version_1_2_99_0,
version_1_2_1,
version_1_2_0,
version_1_1_X,
version_1_1_99_5,
version_1_1_99_4,
version_1_1_99_3,
version_1_1_99_2,
version_1_1_99_1,
version_1_1_99_0,
version_1_1_3,
version_1_1_2,
version_1_1_1,
version_1_1_0,
version_1_0_99_3,
version_1_0_99_2,
version_1_0_99_1,
version_1_0_99,
HEAD
This is a setuid script that allows the www user to issue
/etc/init.d/httpd reload
This functionality is required by lond and lonc when they have been asked to
reinitialize themselves.
Initial undebugged version.
1: #!/usr/bin/perl
2: # The Learning Online Network with CAPA
3: #
4: # apachereload - setuid script that reloads the apache daemon.
5: #
6: #
7: # $Id
8: #
9: # Change log:
10: # $Log: apachereload,v $
11: # Revision 1.1 2003/09/30 10:06:48 foxr
12: # This is a setuid script that allows the www user to issue
13: # /etc/init.d/httpd reload
14: #
15: # This functionality is required by lond and lonc when they have been asked to
16: # reinitialize themselves.
17: #
18: # Initial undebugged version.
19: #
20: ###
21:
22:
23: use strict;
24: #
25: # This script is a setuid script that must be run as user www
26: # it effectively just executes /etc/init.d/httpd reload.
27: # causing the apache daemon to get HUP'd. The script is
28: # run by lond after re-initing it's host information.
29:
30: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
31: # information
32: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
33:
34: my $command = "/etc/init.d/httpd reload";
35:
36: # Do not print error messages
37: my $noprint=1;
38:
39: print "In apachereload" unless $noprint;
40:
41: # ----------------------------- Make sure this process is running from user=www
42: my $wwwid=getpwnam('www');
43: &disable_root_capability;
44: if ($wwwid!=$>) {
45: print("User ID mismatch. This program must be run as user 'www'\n")
46: unless $noprint;
47: exit 1;
48: }
49:
50: # ----------------------------------- Start running script with www permissions
51: &disable_root_capability;
52:
53: # --------------------------- Handle case of another apachereload process (locking)
54: unless (&try_to_lock('/tmp/lock_apachereload')) {
55: print "Error. Too many other simultaneous password change requests being ".
56: "made.\n" unless $noprint;
57: exit 4;
58: }
59:
60:
61: &enable_root_capability;
62: ($>,$<)=(0,0);
63:
64:
65: # Now run the reload:
66: #
67:
68: system($command);
69:
70: # Remove the lock file.
71:
72:
73:
74: &disable_root_capability;
75: unlink('/tmp/lock_apachereload');
76: exit 0;
77:
78: # ---------------------------------------------- have setuid script run as root
79: sub enable_root_capability {
80: if ($wwwid==$>) {
81: ($<,$>)=($>,0);
82: ($(,$))=($),0);
83: }
84: else {
85: # root capability is already enabled
86: }
87: return $>;
88: }
89:
90: # ----------------------------------------------- have setuid script run as www
91: sub disable_root_capability {
92: if ($wwwid==$<) {
93: ($<,$>)=($>,$<);
94: ($(,$))=($),$();
95: }
96: else {
97: # root capability is already disabled
98: }
99: }
100:
101: # ----------------------- make sure that another apachereload process isn't running
102: sub try_to_lock {
103: my ($lockfile)=@_;
104: my $currentpid;
105: my $lastpid;
106: # Do not manipulate lock file as root
107: if ($>==0) {
108: return 0;
109: }
110: # Try to generate lock file.
111: # Wait 3 seconds. If same process id is in
112: # lock file, then assume lock file is stale, and
113: # go ahead. If process id's fluctuate, try
114: # for a maximum of 10 times.
115: for (0..10) {
116: if (-e $lockfile) {
117: open(LOCK,"<$lockfile");
118: $currentpid=<LOCK>;
119: close LOCK;
120: if ($currentpid==$lastpid) {
121: last;
122: }
123: sleep 3;
124: $lastpid=$currentpid;
125: }
126: else {
127: last;
128: }
129: if ($_==10) {
130: return 0;
131: }
132: }
133: open(LOCK,">$lockfile");
134: print LOCK $$;
135: close LOCK;
136: return 1;
137: }
138:
139: =head1 NAME
140:
141: apachereload -setuid script to reload the apache web server.
142:
143: =head1 DESCRIPTION
144:
145: LON-CAPA - setuid script to reload the apache web server.
146:
147: =head1 README
148:
149: LON-CAPA setuid script to reload the apache web server.
150:
151: =head1 PREREQUISITES
152:
153: =head1 COREQUISITES
154:
155: =pod OSNAMES
156:
157: linux
158:
159: =pod SCRIPT CATEGORIES
160:
161: LONCAPA/Administrative
162:
163: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>