version 1.4, 2005/10/31 16:13:45
|
version 1.9, 2020/05/09 16:40:32
|
Line 32
|
Line 32
|
use strict; |
use strict; |
# |
# |
# This script is a setuid script that must be run as user www |
# This script is a setuid script that must be run as user www |
# it effectively just executes /etc/init.d/httpd reload. |
# it effectively just executes one of the following five commands: |
# causing the apache daemon to get HUP'd. The script is |
# /etc/init.d/httpd reload |
# run by lond after re-initing it's host information. |
# /etc/init.d/apache reload |
|
# /etc/init.d/apache2 reload |
|
# /bin/systemctl reload httpd.service |
|
# /bin/systemctl reload apache2.service |
|
# (depending on Linux distro) causing the apache daemon to get HUP'd. |
|
# The script is run by lond after re-initing its host information. |
|
|
$ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path |
$ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path |
# information |
# information |
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints |
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints |
|
|
my $command = "/etc/init.d/httpd reload"; |
my $command; |
|
my $checker_bin = '/sbin/chkconfig'; |
use lib '/home/httpd/lib/perl/'; |
my $sysctl_bin = '/bin/systemctl'; |
use LONCAPA::Configuration; |
my $sysv_bin = '/usr/sbin/sysv-rc-conf'; |
my %perlvar= %{&LONCAPA::Configuration::read_conf('loncapa.conf')}; |
|
|
if (-x $sysctl_bin) { |
my $dist=`$perlvar{'lonDaemons'}/distprobe`; |
if (open(PIPE,"$sysctl_bin list-unit-files --type=service 2>/dev/null |")) { |
if ($dist =~ /^(suse|sles)/) { |
my @lines = <PIPE>; |
$command = "/etc/init.d/apache reload"; |
chomp(@lines); |
|
close(PIPE); |
|
if (grep(/^httpd\.service/,@lines)) { |
|
$command = '/bin/systemctl reload httpd.service'; |
|
} elsif (grep(/^apache2\.service/,@lines)) { |
|
$command = '/bin/systemctl reload apache2.service'; |
|
} |
|
} |
|
} |
|
if (($command eq '') && (-x $checker_bin)) { |
|
if (open(PIPE,"$checker_bin --list 2>/dev/null |")) { |
|
my @lines = <PIPE>; |
|
chomp(@lines); |
|
close(PIPE); |
|
if (grep(/^httpd/,@lines)) { |
|
$command = '/etc/init.d/httpd reload'; |
|
} elsif (grep(/^apache2/,@lines)) { |
|
$command = '/etc/init.d/apache2 reload'; |
|
} elsif (grep(/^apache\s+/,@lines)) { |
|
$command = '/etc/init.d/apache reload'; |
|
} |
|
} |
|
} |
|
if (($command eq '') && (-x $sysv_bin)) { |
|
if (open(PIPE,"$checker_bin --list 2>/dev/null |")) { |
|
my @lines = <PIPE>; |
|
chomp(@lines); |
|
close(PIPE); |
|
if (grep(/^apache2/,@lines)) { |
|
$command = '/etc/init.d/apache2 reload'; |
|
} elsif (grep(/^apache\s+/,@lines)) { |
|
$command = '/etc/init.d/apache reload'; |
|
} |
|
} |
} |
} |
|
|
# Do not print error messages |
# Do not print error messages |
my $noprint=1; |
my $noprint=1; |
|
|
print "In apachereload" unless $noprint; |
if ($command eq '') { |
|
print("Could not determine command to reload Apache.\n") |
|
unless $noprint; |
|
exit 1; |
|
} else { |
|
print "In apachereload" unless $noprint; |
|
} |
|
|
# ----------------------------- Make sure this process is running from user=www |
# ----------------------------- Make sure this process is running from user=www |
my $wwwid=getpwnam('www'); |
my $wwwid=getpwnam('www'); |
Line 67 if ($wwwid!=$>) {
|
Line 112 if ($wwwid!=$>) {
|
# ----------------------------------- Start running script with www permissions |
# ----------------------------------- Start running script with www permissions |
&disable_root_capability; |
&disable_root_capability; |
|
|
# --------------------------- Handle case of another apachereload process (locking) |
|
unless (&try_to_lock('/tmp/lock_apachereload')) { |
|
print "Error. Too many other simultaneous password change requests being ". |
|
"made.\n" unless $noprint; |
|
exit 4; |
|
} |
|
|
|
|
|
&enable_root_capability; |
&enable_root_capability; |
($>,$<)=(0,0); |
($>,$<)=(0,0); |
|
|
Line 82 unless (&try_to_lock('/tmp/lock_apachere
|
Line 119 unless (&try_to_lock('/tmp/lock_apachere
|
# Now run the reload: |
# Now run the reload: |
# |
# |
|
|
system($command); |
system("$command > /dev/null 2>&1"); |
|
|
# Remove the lock file. |
|
|
|
|
|
|
|
&disable_root_capability; |
&disable_root_capability; |
unlink('/tmp/lock_apachereload'); |
|
exit 0; |
exit 0; |
|
|
# ---------------------------------------------- have setuid script run as root |
# ---------------------------------------------- have setuid script run as root |
Line 115 sub disable_root_capability {
|
Line 147 sub disable_root_capability {
|
} |
} |
} |
} |
|
|
# ----------------------- make sure that another apachereload process isn't running |
|
sub try_to_lock { |
|
my ($lockfile)=@_; |
|
my $currentpid; |
|
my $lastpid; |
|
# Do not manipulate lock file as root |
|
if ($>==0) { |
|
return 0; |
|
} |
|
# Try to generate lock file. |
|
# Wait 3 seconds. If same process id is in |
|
# lock file, then assume lock file is stale, and |
|
# go ahead. If process id's fluctuate, try |
|
# for a maximum of 10 times. |
|
for (0..10) { |
|
if (-e $lockfile) { |
|
open(LOCK,"<$lockfile"); |
|
$currentpid=<LOCK>; |
|
close LOCK; |
|
if ($currentpid==$lastpid) { |
|
last; |
|
} |
|
sleep 3; |
|
$lastpid=$currentpid; |
|
} |
|
else { |
|
last; |
|
} |
|
if ($_==10) { |
|
return 0; |
|
} |
|
} |
|
open(LOCK,">$lockfile"); |
|
print LOCK $$; |
|
close LOCK; |
|
return 1; |
|
} |
|
|
|
=head1 NAME |
=head1 NAME |
|
|
apachereload -setuid script to reload the apache web server. |
apachereload -setuid script to reload the apache web server. |