Annotation of loncom/apachereload, revision 1.1
1.1 ! foxr 1: #!/usr/bin/perl
! 2: # The Learning Online Network with CAPA
! 3: #
! 4: # apachereload - setuid script that reloads the apache daemon.
! 5: #
! 6: #
! 7: # $Id
! 8: #
! 9: # Change log:
! 10: # $Log$
! 11: ###
! 12:
! 13:
! 14: use strict;
! 15: #
! 16: # This script is a setuid script that must be run as user www
! 17: # it effectively just executes /etc/init.d/httpd reload.
! 18: # causing the apache daemon to get HUP'd. The script is
! 19: # run by lond after re-initing it's host information.
! 20:
! 21: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
! 22: # information
! 23: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
! 24:
! 25: my $command = "/etc/init.d/httpd reload";
! 26:
! 27: # Do not print error messages
! 28: my $noprint=1;
! 29:
! 30: print "In apachereload" unless $noprint;
! 31:
! 32: # ----------------------------- Make sure this process is running from user=www
! 33: my $wwwid=getpwnam('www');
! 34: &disable_root_capability;
! 35: if ($wwwid!=$>) {
! 36: print("User ID mismatch. This program must be run as user 'www'\n")
! 37: unless $noprint;
! 38: exit 1;
! 39: }
! 40:
! 41: # ----------------------------------- Start running script with www permissions
! 42: &disable_root_capability;
! 43:
! 44: # --------------------------- Handle case of another apachereload process (locking)
! 45: unless (&try_to_lock('/tmp/lock_apachereload')) {
! 46: print "Error. Too many other simultaneous password change requests being ".
! 47: "made.\n" unless $noprint;
! 48: exit 4;
! 49: }
! 50:
! 51:
! 52: &enable_root_capability;
! 53: ($>,$<)=(0,0);
! 54:
! 55:
! 56: # Now run the reload:
! 57: #
! 58:
! 59: system($command);
! 60:
! 61: # Remove the lock file.
! 62:
! 63:
! 64:
! 65: &disable_root_capability;
! 66: unlink('/tmp/lock_apachereload');
! 67: exit 0;
! 68:
! 69: # ---------------------------------------------- have setuid script run as root
! 70: sub enable_root_capability {
! 71: if ($wwwid==$>) {
! 72: ($<,$>)=($>,0);
! 73: ($(,$))=($),0);
! 74: }
! 75: else {
! 76: # root capability is already enabled
! 77: }
! 78: return $>;
! 79: }
! 80:
! 81: # ----------------------------------------------- have setuid script run as www
! 82: sub disable_root_capability {
! 83: if ($wwwid==$<) {
! 84: ($<,$>)=($>,$<);
! 85: ($(,$))=($),$();
! 86: }
! 87: else {
! 88: # root capability is already disabled
! 89: }
! 90: }
! 91:
! 92: # ----------------------- make sure that another apachereload process isn't running
! 93: sub try_to_lock {
! 94: my ($lockfile)=@_;
! 95: my $currentpid;
! 96: my $lastpid;
! 97: # Do not manipulate lock file as root
! 98: if ($>==0) {
! 99: return 0;
! 100: }
! 101: # Try to generate lock file.
! 102: # Wait 3 seconds. If same process id is in
! 103: # lock file, then assume lock file is stale, and
! 104: # go ahead. If process id's fluctuate, try
! 105: # for a maximum of 10 times.
! 106: for (0..10) {
! 107: if (-e $lockfile) {
! 108: open(LOCK,"<$lockfile");
! 109: $currentpid=<LOCK>;
! 110: close LOCK;
! 111: if ($currentpid==$lastpid) {
! 112: last;
! 113: }
! 114: sleep 3;
! 115: $lastpid=$currentpid;
! 116: }
! 117: else {
! 118: last;
! 119: }
! 120: if ($_==10) {
! 121: return 0;
! 122: }
! 123: }
! 124: open(LOCK,">$lockfile");
! 125: print LOCK $$;
! 126: close LOCK;
! 127: return 1;
! 128: }
! 129:
! 130: =head1 NAME
! 131:
! 132: apachereload -setuid script to reload the apache web server.
! 133:
! 134: =head1 DESCRIPTION
! 135:
! 136: LON-CAPA - setuid script to reload the apache web server.
! 137:
! 138: =head1 README
! 139:
! 140: LON-CAPA setuid script to reload the apache web server.
! 141:
! 142: =head1 PREREQUISITES
! 143:
! 144: =head1 COREQUISITES
! 145:
! 146: =pod OSNAMES
! 147:
! 148: linux
! 149:
! 150: =pod SCRIPT CATEGORIES
! 151:
! 152: LONCAPA/Administrative
! 153:
! 154: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>