From dbc742dda6c11926df09ede74ea015465e2bb574 Mon Sep 17 00:00:00 2001 From: Marius Tolzmann Date: Sat, 24 Oct 2015 14:09:25 +0200 Subject: [PATCH 1/2] Makefile: Add new target devel and remove nonroot using devel will: * define MXQ_DEVELOPMENT * change MXQ_MYSQL_DEFAULT_GROUP to mxqdevel for servers and clients * add warning to --help and to the mxqd logfile * change the default for --no-log to true in mxqd --- Makefile | 15 ++++++++++----- mxq.h | 21 +++++++++++++++++++-- mxqd.c | 23 +++++++++++++++++------ 3 files changed, 46 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index 716bc3f..c0f3850 100644 --- a/Makefile +++ b/Makefile @@ -60,13 +60,17 @@ CGIDIR = ${LIBEXECDIR}/mxq/cgi ######################################################################## MXQ_MYSQL_DEFAULT_FILE = ${SYSCONFDIR}/mxq/mysql.cnf -MXQ_MYSQL_DEFAULT_GROUP = mxqclient +MXQ_MYSQL_DEFAULT_GROUP_CLIENT = mxqclient +MXQ_MYSQL_DEFAULT_GROUP_SERVER = mxqd +MXQ_MYSQL_DEFAULT_GROUP_DEVELOPMENT = mxqdevel MXQ_INITIAL_PATH = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin MXQ_INITIAL_TMPDIR = /tmp CFLAGS_MXQ_MYSQL_DEFAULT_FILE = -DMXQ_MYSQL_DEFAULT_FILE=\"$(MXQ_MYSQL_DEFAULT_FILE)\" -CFLAGS_MXQ_MYSQL_DEFAULT_GROUP = -DMXQ_MYSQL_DEFAULT_GROUP=\"$(MXQ_MYSQL_DEFAULT_GROUP)\" +CFLAGS_MXQ_MYSQL_DEFAULT_GROUP = -DMXQ_MYSQL_DEFAULT_GROUP_CLIENT=\"$(MXQ_MYSQL_DEFAULT_GROUP_CLIENT)\" +CFLAGS_MXQ_MYSQL_DEFAULT_GROUP += -DMXQ_MYSQL_DEFAULT_GROUP_SERVER=\"$(MXQ_MYSQL_DEFAULT_GROUP_SERVER)\" +CFLAGS_MXQ_MYSQL_DEFAULT_GROUP += -DMXQ_MYSQL_DEFAULT_GROUP_DEVELOPMENT=\"$(MXQ_MYSQL_DEFAULT_GROUP_DEVELOPMENT)\" CFLAGS_MXQ_INITIAL_PATH = -DMXQ_INITIAL_PATH=\"$(MXQ_INITIAL_PATH)\" CFLAGS_MXQ_INITIAL_TMPDIR = -DMXQ_INITIAL_TMPDIR=\"$(MXQ_INITIAL_TMPDIR)\" @@ -184,9 +188,10 @@ manpages/%: manpages/%.xml all: build -.PHONY: nonroot -nonroot: CFLAGS += -DRUNASNORMALUSER -nonroot: all +.PHONY: devel +devel: CFLAGS += -DRUNASNORMALUSER +devel: CFLAGS += -DMXQ_DEVELOPMENT +devel: all ######################################################################## diff --git a/mxq.h b/mxq.h index 22c5842..556db6f 100644 --- a/mxq.h +++ b/mxq.h @@ -27,8 +27,22 @@ # define MXQ_MYSQL_DEFAULT_FILE_STR MXQ_MYSQL_DEFAULT_FILE #endif -#ifndef MXQ_MYSQL_DEFAULT_GROUP -# define MXQ_MYSQL_DEFAULT_GROUP program_invocation_short_name +#ifdef MXQ_DEVELOPMENT +# undef MXQ_MYSQL_DEFAULT_GROUP +# define MXQ_MYSQL_DEFAULT_GROUP MXQ_MYSQL_DEFAULT_GROUP_DEVELOPMENT +#else +# ifdef MXQ_TYPE_SERVER +# ifdef MXQ_MYSQL_DEFAULT_GROUP_SERVER +# define MXQ_MYSQL_DEFAULT_GROUP MXQ_MYSQL_DEFAULT_GROUP_SERVER +# endif +# else +# ifdef MXQ_MYSQL_DEFAULT_GROUP_CLIENT +# define MXQ_MYSQL_DEFAULT_GROUP MXQ_MYSQL_DEFAULT_GROUP_CLIENT +# endif +# endif +# ifndef MXQ_MYSQL_DEFAULT_GROUP +# define MXQ_MYSQL_DEFAULT_GROUP program_invocation_short_name +# endif #endif #define MXQ_MYSQL_DEFAULT_GROUP_STR MXQ_MYSQL_DEFAULT_GROUP @@ -36,6 +50,9 @@ static void mxq_print_generic_version(void) { printf( "%s - " MXQ_VERSIONFULL "\n" +#ifdef MXQ_DEVELOPMENT + "DEVELOPMENT VERSION: Do not use in production environments.\n" +#endif " by Marius Tolzmann " MXQ_VERSIONDATE "\n" " Max Planck Institute for Molecular Genetics - Berlin Dahlem\n", program_invocation_short_name diff --git a/mxqd.c b/mxqd.c index 047b6ed..55f9486 100644 --- a/mxqd.c +++ b/mxqd.c @@ -1,6 +1,8 @@ #define _GNU_SOURCE +#define MXQ_TYPE_SERVER + #include #include #include @@ -37,9 +39,6 @@ #include "mxqd.h" #include "mxq.h" -#define MYSQL_DEFAULT_FILE MXQ_MYSQL_DEFAULT_FILE -#define MYSQL_DEFAULT_GROUP "mxqd" - #ifndef MXQ_INITIAL_PATH # define MXQ_INITIAL_PATH "/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" #endif @@ -71,7 +70,11 @@ static void print_usage(void) "\n" " --pid-file default: create no pid file\n" " --daemonize default: run in foreground\n" +#ifdef MXQ_DEVELOPMENT + " --log default (in development): write no logfile\n" +#else " --no-log default: write a logfile\n" +#endif " --debug default: info log level\n" " --recover-only (recover from crash and exit)\n" "\n" @@ -289,6 +292,7 @@ int server_init(struct mxq_server *server, int argc, char *argv[]) MX_OPTION_NO_ARG("version", 'V'), MX_OPTION_NO_ARG("daemonize", 1), MX_OPTION_NO_ARG("no-log", 3), + MX_OPTION_NO_ARG("log", 4), MX_OPTION_NO_ARG("debug", 5), MX_OPTION_NO_ARG("recover-only", 9), MX_OPTION_REQUIRED_ARG("pid-file", 2), @@ -312,11 +316,11 @@ int server_init(struct mxq_server *server, int argc, char *argv[]) arg_mysql_default_group = getenv("MXQ_MYSQL_DEFAULT_GROUP"); if (!arg_mysql_default_group) - arg_mysql_default_group = MYSQL_DEFAULT_GROUP; + arg_mysql_default_group = MXQ_MYSQL_DEFAULT_GROUP; arg_mysql_default_file = getenv("MXQ_MYSQL_DEFAULT_FILE"); if (!arg_mysql_default_file) - arg_mysql_default_file = MYSQL_DEFAULT_FILE; + arg_mysql_default_file = MXQ_MYSQL_DEFAULT_FILE; mx_getopt_init(&optctl, argc-1, &argv[1], opts); @@ -340,6 +344,10 @@ int server_init(struct mxq_server *server, int argc, char *argv[]) arg_nolog = 1; break; + case 4: + arg_nolog = 0; + break; + case 5: mx_log_level_set(MX_LOG_DEBUG); break; @@ -486,7 +494,7 @@ int server_init(struct mxq_server *server, int argc, char *argv[]) } if (getuid()) { -#ifdef RUNASNORMALUSER +#if defined(MXQ_DEVELOPMENT) || defined(RUNASNORMALUSER) mx_log_notice("Running mxqd as non-root user."); #else mx_log_err("Running mxqd as non-root user is not supported at the moment."); @@ -1815,6 +1823,9 @@ int main(int argc, char *argv[]) mx_log_info("mxqd - " MXQ_VERSIONFULL); mx_log_info(" by Marius Tolzmann " MXQ_VERSIONDATE); mx_log_info(" Max Planck Institute for Molecular Genetics - Berlin Dahlem"); +#ifdef MXQ_DEVELOPMENT + mx_log_warning("DEVELOPMENT VERSION: Do not use in production environments.\n"); +#endif mx_log_info("hostname=%s server_id=%s :: MXQ server started.", server.hostname, server.server_id); mx_log_info(" host_id=%s", server.host_id); mx_log_info("slots=%lu memory_total=%lu memory_avg_per_slot=%.0Lf memory_max_per_slot=%ld :: server initialized.", From af5dde30030ea45ea6802209b4147aed59ca620c Mon Sep 17 00:00:00 2001 From: Marius Tolzmann Date: Sat, 24 Oct 2015 02:00:56 +0200 Subject: [PATCH 2/2] mxqd: Introduce new macro RUNNING_AS_ROOT --- mxqd.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/mxqd.c b/mxqd.c index 4de4b44..261cb1d 100644 --- a/mxqd.c +++ b/mxqd.c @@ -47,6 +47,8 @@ # define MXQ_INITIAL_TMPDIR "/tmp" #endif +#define RUNNING_AS_ROOT (getuid() == 0) + volatile sig_atomic_t global_sigint_cnt=0; volatile sig_atomic_t global_sigterm_cnt=0; @@ -493,7 +495,7 @@ int server_init(struct mxq_server *server, int argc, char *argv[]) } } - if (getuid()) { + if (!RUNNING_AS_ROOT) { #if defined(MXQ_DEVELOPMENT) || defined(RUNASNORMALUSER) mx_log_notice("Running mxqd as non-root user."); #else @@ -526,7 +528,7 @@ int server_init(struct mxq_server *server, int argc, char *argv[]) server->memory_max_per_slot = arg_memory_max; /* if run as non-root use full memory by default for every job */ - if (!arg_memory_max && getuid() != 0) + if (!arg_memory_max && !RUNNING_AS_ROOT) server->memory_max_per_slot = arg_memory_total; server->memory_avg_per_slot = (long double)server->memory_total / (long double)server->slots; @@ -976,7 +978,7 @@ static int init_child_process(struct mxq_group_list *group, struct mxq_job *j) g->user_name, g->user_uid, g->group_id, j->job_id); } - if(getuid()==0) { + if(RUNNING_AS_ROOT) { res = initgroups(passwd->pw_name, g->user_gid); if (res == -1) { @@ -1738,7 +1740,7 @@ int load_groups(struct mxq_server *server) { int total; int i; - if (getuid() == 0) + if (RUNNING_AS_ROOT) group_cnt = mxq_load_running_groups(server->mysql, &mxqgroups); else group_cnt = mxq_load_running_groups_for_user(server->mysql, &mxqgroups, getuid());