[arch-projects] [initscripts][PATCH 2/2] rc.d: Add check to cleanly abort rc.d script if user doesn't have root privileges

Seblu seblu at seblu.net
Mon May 30 18:23:49 EDT 2011 

On Sat, May 28, 2011 at 5:52 AM, Eric Bélanger <snowmaniscool at gmail.com> wrote:
> On Fri, May 27, 2011 at 10:19 AM, Seblu <seblu at seblu.net> wrote:
>> On Fri, May 27, 2011 at 11:42 AM, Eric Bélanger <snowmaniscool at gmail.com> wrote:
>>> This implements FS#24095. The check is only made for the start, stop and restart
>>> actions of the daemon scripts. This allows regular user to use the help and list
>>> functionality of rc.d and also to use rc.d for actions that doesn't require root
>>> privileges, like the status action of some daemon scripts.
>>>
>>> Signed-off-by: Eric Bélanger <snowmaniscool at gmail.com>
>>> ---
>>>  rc.d |    4 ++++
>>>  1 files changed, 4 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/rc.d b/rc.d
>>> index 97f266a..2325623 100755
>>> --- a/rc.d
>>> +++ b/rc.d
>>> @@ -43,6 +43,10 @@ case $1 in
>>>                ;;
>>>        *)
>>>                action=$1
>>> +               if [[ "$EUID" != '0' ]] && [[ "$action" == 'start' || "$action" == 'stop' || "$action" == 'restart' ]] ; then
>>> +                   echo 'Error: this script must be run as root to use this functionality.'
>>> +                   exit 1
>>> +               fi
>>>                shift
>>>                # set same environment variables as init
>>>                runlevel=$(/sbin/runlevel)
>>
>> As i said in FS#24095, if we really want do this, we should not do
>> this in rc.d script but in functions which is loaded by real rc
>> scripts.
>>
>> Increasingly, why choose start/stop/restart and not reload by example?
>> By example, in virtualbox_bin we have fixusb, which must be run as root.
>>
>
> I only chose start/stop/restart because they are the only standard
> ones.
There is a page describing arch standard, or at least, a namming convention?

> Not only all daemons script have them but they all do the same
> things: start/stop a binary before creating/removing a file
> contatining the PID in a directory that needs root privileges.  I am
> 100% sure that root privilege is required.  The other actions are not
> used by all daemons and what they do depends on the daemon itself. So
> we can't be really sure if root privileges are required or not.
>
> I decided to play it safe and to treat everything else than
> start/stop/restart as edge cases.
It makes sense, but I am forbidden to do

>> I think we should offer a check_root function which can be called in
>> rc scripts to ensure rootitude. Be we cannot generically know if a rc
>> need to be root or not.
>
> That might be ideal.  But for the reason I mentionned above, the
> daemon scripts will probably need to be modified to indicate what
> privileges are needed for all actions.  Perhaps, demanding root
> privileges by default except when there is a NEED_ROOT=0 defined in
> the case, e.g.
i agree. Idea is better.

>
>  status)
>     NEED_ROOT=0
>     do stuff that don't need root privs...
Don't easy to implement in bash...

> would reduce the workload on fixing the packages. That will surely
> take some time before it's implemented unless that can be done without
> modifying the daemon scripts.
As said before, we can use functions scripts which is sourced by all
rc.d scripts to make this check rather than doing it in rc.d

>
> Until this is done, this proposed patch is a good compromise between
> the ideal situation and the current situation where no check is done
> at all.
Basically, there is maybe no problem to don't check. This is not done
from the beginning.
If you can, you can. If you need right it will fail. KISS.

> The majority of users will use rc.d to start/stop/restart
> daemons anyway.  Since you can use rc.d on many daemons at once, it's
> better to abort the rc.d script early so you can rerun it with
> sufficient privileges instead of having to wait for all the daemons to
> fail.  It would also be trivial to remove this check in rc.d once (or
> if) we have implemented something better.
>
I do not see the difference. If all daemons will need root privileges,
they will fail.

I think a lots of users will still use /etc/rc.d/x start/stop/restart,
and it's kind of sugar around if you can or not run a daemon.

I propose a patch following your recommendation here :
https://github.com/seblu/arch-initscripts/commit/5a59a30

What do you think?


-- 
Sébastien Luttringer
www.seblu.net

More information about the arch-projects mailing list