Module: sip-router Branch: master Commit: 367e8a70775c939395e121bce2352876e6c09ced URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=367e8a7… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Sun Mar 6 14:51:34 2011 +0100 pkg: option to suid via start-stop-daemon - start-stop-daemon can do suid before starting the application - it can be enabled in /etc/default/kamailio via SSD_SUID --- pkg/kamailio/deb/debian/kamailio.default | 6 +++ pkg/kamailio/deb/debian/kamailio.init | 55 +++++++++++++++++++----------- 2 files changed, 41 insertions(+), 20 deletions(-) diff --git a/pkg/kamailio/deb/debian/kamailio.default b/pkg/kamailio/deb/debian/kamailio.default index 4317664..4d51e42 100644 --- a/pkg/kamailio/deb/debian/kamailio.default +++ b/pkg/kamailio/deb/debian/kamailio.default @@ -14,6 +14,12 @@ GROUP=kamailio # Amount of memory to allocate for the running Kamailio server (in Mb) MEMORY=64 +# Switch to USER and GROUP by start-stop-daemon or by kamailio itself +# - with recent kernels, changing user ID inside applicaton prevents +# dumping core files. If the value is 'yes', the suid is done by +# start-stop-daemon, otherwise it is done by kamailio itself +SSD_SUID=no + # Enable the server to leave a core file when it crashes. # Set this to 'yes' to enable Kamailio to leave a core file when it crashes # or 'no' to disable this feature. This option is case sensitive and only diff --git a/pkg/kamailio/deb/debian/kamailio.init b/pkg/kamailio/deb/debian/kamailio.init index dff6e5d..a53ec3e 100644 --- a/pkg/kamailio/deb/debian/kamailio.init +++ b/pkg/kamailio/deb/debian/kamailio.init @@ -22,13 +22,14 @@ DESC=kamailio HOMEDIR=/var/run/kamailio PIDFILE=$HOMEDIR/$NAME.pid DEFAULTS=/etc/default/kamailio +CFGFILE=/etc/kamailio/kamailio.cfg RUN_KAMAILIO=no # Do not start kamailio if fork=no is set in the config file # otherwise the boot process will just stop check_fork () { - if grep -q "^[[:space:]]*fork[[:space:]]*=[[:space:]]*no.*" /etc/kamailio/kamailio.cfg; then + if grep -q "^[[:space:]]*fork[[:space:]]*=[[:space:]]*no.*" $CFGFILE; then echo "Not starting $DESC: fork=no specified in config file; run /etc/init.d/kamailio debug instead" exit 1 fi @@ -80,7 +81,10 @@ create_radius_seqfile () chmod 660 $RADIUS_SEQ_FILE } -test -f $DAEMON || exit 0 +if [ ! -f $DAEMON ]; then + echo "No Kamailio daemon at: $DAEMON" + exit 0 +fi # Load startup options if available if [ -f $DEFAULTS ]; then @@ -104,26 +108,23 @@ if test "$DUMP_CORE" = "yes" ; then ulimit -c unlimited # directory for the core dump files - # COREDIR=/home/corefiles + # COREDIR=/tmp/corefiles # [ -d $COREDIR ] || mkdir $COREDIR # chmod 777 $COREDIR # echo "$COREDIR/core.%e.sig%s.%p" > /proc/sys/kernel/core_pattern fi -OPTIONS="-P $PIDFILE -m $MEMORY -u $USER -g $GROUP" - -case "$1" in - start|debug) - check_kamailio_config - check_homedir - create_radius_seqfile - - if [ "$1" != "debug" ]; then - check_fork - fi +if [ "$SSD_SUID" != "yes" ]; then + OPTIONS="-f $CFGFILE -P $PIDFILE -m $MEMORY -u $USER -g $GROUP" + SSDOPTS="" +else + OPTIONS="-f $CFGFILE -P $PIDFILE -m $MEMORY" + SSDOPTS="--chuid $USER:$GROUP" +fi - echo -n "Starting $DESC: $NAME" - start-stop-daemon --start --quiet --pidfile $PIDFILE \ +start_kamailio_daemon () +{ + start-stop-daemon --start --quiet --pidfile $PIDFILE $SSDOPTS \ --exec $DAEMON -- $OPTIONS || if [ ! -r "$PIDFILE" ]; then echo " error, failed to start." exit 1 @@ -134,9 +135,24 @@ case "$1" in echo " error, failed to start ($PIDFILE exists)." exit 1 fi +} + +case "$1" in + start|debug) + check_kamailio_config + check_homedir + create_radius_seqfile + + if [ "$1" != "debug" ]; then + check_fork + fi + + echo -n "Starting $DESC: $NAME " + start_kamailio_daemon + echo "." ;; stop) - echo -n "Stopping $DESC: $NAME" + echo -n "Stopping $DESC: $NAME " start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \ --exec $DAEMON echo "." @@ -146,12 +162,11 @@ case "$1" in check_homedir create_radius_seqfile - echo -n "Restarting $DESC: $NAME" + echo -n "Restarting $DESC: $NAME " start-stop-daemon --oknodo --stop --quiet --pidfile \ $PIDFILE --exec $DAEMON sleep 1 - start-stop-daemon --start --quiet --pidfile \ - $PIDFILE --exec $DAEMON -- $OPTIONS + start_kamailio_daemon echo "." ;; status)