Annotation of loncom/apachereload, revision 1.3

1.1       foxr        1: #!/usr/bin/perl
                      2: # The Learning Online Network with CAPA
                      3: #
                      4: # apachereload - setuid script that reloads the apache daemon.
                      5: #
                      6: #
                      7: # $Id
                      8: #
                      9: #  Change log:
1.2       albertel   10: #   $Log: apachereload,v $
1.3     ! albertel   11: #   Revision 1.2  2005/07/07 22:26:52  albertel
        !            12: #   - suse has apache not httpd
        !            13: #
1.2       albertel   14: #   Revision 1.1  2003/09/30 10:06:48  foxr
                     15: #   This is a setuid script that allows the www user to issue
                     16: #   /etc/init.d/httpd reload
                     17: #
                     18: #   This functionality is required by lond and lonc when they have been asked to
                     19: #   reinitialize themselves.
                     20: #
                     21: #   Initial undebugged version.
                     22: #
1.1       foxr       23: ###
                     24: 
                     25: 
                     26: use strict;
                     27: #
                     28: #  This script is a setuid script that must be run as user www
                     29: #  it effectively just executes /etc/init.d/httpd reload.
                     30: #  causing the apache daemon to get HUP'd.  The script is
                     31: #  run by lond after re-initing it's host information.
                     32: 
                     33: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
                     34:                                                                # information
                     35: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
                     36: 
                     37: my $command = "/etc/init.d/httpd reload";
1.2       albertel   38: my $dist=`$perlvar{'lonDaemons'}/distprobe`;
                     39: if ($dist =~ /^(suse|sles)/) {
1.3     ! albertel   40:     $command = "/etc/init.d/apache reload";
1.2       albertel   41: }
1.1       foxr       42: # Do not print error messages
                     43: my $noprint=1;
                     44: 
                     45: print "In apachereload" unless $noprint;
                     46: 
                     47: # ----------------------------- Make sure this process is running from user=www
                     48: my $wwwid=getpwnam('www');
                     49: &disable_root_capability;
                     50: if ($wwwid!=$>) {
                     51:     print("User ID mismatch.  This program must be run as user 'www'\n")
                     52: 	unless $noprint;
                     53:     exit 1;
                     54: }
                     55: 
                     56: # ----------------------------------- Start running script with www permissions
                     57: &disable_root_capability;
                     58: 
                     59: # --------------------------- Handle case of another apachereload process (locking)
                     60: unless (&try_to_lock('/tmp/lock_apachereload')) {
                     61:     print "Error. Too many other simultaneous password change requests being ".
                     62: 	"made.\n" unless $noprint;
                     63:     exit 4;
                     64: }
                     65: 
                     66: 
                     67: &enable_root_capability;
                     68: ($>,$<)=(0,0);
                     69: 
                     70: 
                     71: #  Now run the reload:
                     72: #
                     73: 
                     74: system($command);
                     75: 
                     76: #  Remove the lock file.
                     77: 
                     78: 
                     79: 
                     80: &disable_root_capability;
                     81: unlink('/tmp/lock_apachereload');
                     82: exit 0;
                     83: 
                     84: # ---------------------------------------------- have setuid script run as root
                     85: sub enable_root_capability {
                     86:     if ($wwwid==$>) {
                     87: 	($<,$>)=($>,0);
                     88: 	($(,$))=($),0);
                     89:     }
                     90:     else {
                     91: 	# root capability is already enabled
                     92:     }
                     93:     return $>;
                     94: }
                     95: 
                     96: # ----------------------------------------------- have setuid script run as www
                     97: sub disable_root_capability {
                     98:     if ($wwwid==$<) {
                     99: 	($<,$>)=($>,$<);
                    100: 	($(,$))=($),$();
                    101:     }
                    102:     else {
                    103: 	# root capability is already disabled
                    104:     }
                    105: }
                    106: 
                    107: # ----------------------- make sure that another apachereload process isn't running
                    108: sub try_to_lock {
                    109:     my ($lockfile)=@_;
                    110:     my $currentpid;
                    111:     my $lastpid;
                    112:     # Do not manipulate lock file as root
                    113:     if ($>==0) {
                    114: 	return 0;
                    115:     }
                    116:     # Try to generate lock file.
                    117:     # Wait 3 seconds.  If same process id is in
                    118:     # lock file, then assume lock file is stale, and
                    119:     # go ahead.  If process id's fluctuate, try
                    120:     # for a maximum of 10 times.
                    121:     for (0..10) {
                    122: 	if (-e $lockfile) {
                    123: 	    open(LOCK,"<$lockfile");
                    124: 	    $currentpid=<LOCK>;
                    125: 	    close LOCK;
                    126: 	    if ($currentpid==$lastpid) {
                    127: 		last;
                    128: 	    }
                    129: 	    sleep 3;
                    130: 	    $lastpid=$currentpid;
                    131: 	}
                    132: 	else {
                    133: 	    last;
                    134: 	}
                    135: 	if ($_==10) {
                    136: 	    return 0;
                    137: 	}
                    138:     }
                    139:     open(LOCK,">$lockfile");
                    140:     print LOCK $$;
                    141:     close LOCK;
                    142:     return 1;
                    143: }
                    144: 
                    145: =head1 NAME
                    146: 
                    147: apachereload -setuid script to reload the apache web server.
                    148: 
                    149: =head1 DESCRIPTION
                    150: 
                    151: LON-CAPA - setuid script to reload the apache web server.
                    152: 
                    153: =head1 README
                    154: 
                    155: LON-CAPA  setuid script to reload the apache web server.
                    156: 
                    157: =head1 PREREQUISITES
                    158: 
                    159: =head1 COREQUISITES
                    160: 
                    161: =pod OSNAMES
                    162: 
                    163: linux
                    164: 
                    165: =pod SCRIPT CATEGORIES
                    166: 
                    167: LONCAPA/Administrative
                    168: 
                    169: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>