commit dcde199cad545f33847d94e7bfa662f38559d517
parent 857822a80ba63508999855221620d8c6ebd28044
Author: Laurent Bercot <ska-skaware@skarnet.org>
Date: Fri, 8 Jan 2021 17:48:46 +0000
s6-u-m fixes and doc fixes
Diffstat:
3 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -67,3 +67,4 @@
/s6-fdholder-transferdumpc
/s6-applyuidgid
/s6-setuidgid
+/s6-usertree-maker
diff --git a/doc/s6-usertree-maker.html b/doc/s6-usertree-maker.html
@@ -252,6 +252,18 @@ easier to generate programmatically and to harden than shell scripts, so it is o
built if s6 is built with <a href="//skarnet.org/software/execline/">execline</a>
support - i.e. the <tt>--disable-execline</tt> switch has <em>not</em> been given
to configure. </li>
+ <li> For the admin who wants to automate user tree management, s6-usertree-maker
+is a <em>building block</em> meant to be used in scripts, not a complete turnkey
+solution. For instance, s6-usertree-maker does not create <em>userscandir</em> for
+a user: it assumes that that scandir is already in place. It does not create
+<em>logdir</em> either: <em>logdir</em>, or at least its parent directory, must
+already exist before the logger is run, else <a href="s6-log.html">s6-log</a> will
+fail repeatedly. Make sure that all the data and metadata referenced by the service's
+and the logger's run scripts are actually present and valid before starting the
+service. </li>
+ <li> If s6-usertree-maker encounters failure (and exits 111), it does not clean up
+the directories it created. Make sure to always test s6-usertree-maker's return code
+and clean up after it if needed. </li>
</ul>
</body>
diff --git a/src/usertree/s6-usertree-maker.c b/src/usertree/s6-usertree-maker.c
@@ -46,6 +46,7 @@ static inline void write_run (char const *runfile, char const *user, char const
S6_EXTBINPREFIX "s6-envuidgid -i -- ") < 0
|| buffer_put(&b, sa.s, sa.len) < 0
|| buffer_puts(&b, "\n"
+ S6_EXTBINPREFIX "s6-applyuidgid -U --\n"
EXECLINE_EXTBINPREFIX "backtick -in HOME { "
EXECLINE_EXTBINPREFIX "homeof ") < 0
|| buffer_put(&b, sa.s, sa.len) < 0
@@ -177,25 +178,24 @@ static void write_logger (char const *dir, char const *user, char const *logdir,
{
size_t dirlen = strlen(dir) ;
char fn[dirlen + 17] ;
- if (mkdir(dir, 0755) < 0) strerr_diefu2sys(111, "mkdir ", dir) ;
memcpy(fn, dir, dirlen) ;
memcpy(fn + dirlen, "/notification-fd", 17) ;
- if (!openwritenclose_unsafe(fn, "3\n", 2)) strerr_diefu2sys(111, "write to ", fn) ;
+ if (!openwritenclose_unsafe(fn, "3\n", 2)) goto err ;
memcpy(fn + dirlen + 1, "run", 4) ;
write_logrun(fn, user, logdir, stamptype, nfiles, filesize, maxsize) ;
if (service)
{
struct iovec v[2] = { { .iov_base = (char *)service, .iov_len = strlen(service) }, { .iov_base = "\n", .iov_len = 1 } } ;
memcpy(fn + dirlen + 1, "type", 5) ;
- if (!openwritenclose_unsafe(fn, "longrun\n", 8)) strerr_diefu2sys(111, "write to ", fn) ;
+ if (!openwritenclose_unsafe(fn, "longrun\n", 8)) goto err ;
memcpy(fn + dirlen + 1, "consumer-for", 13) ;
- if (!openwritevnclose_unsafe(fn, v, 2)) strerr_diefu2sys(111, "write to ", fn) ;
+ if (!openwritevnclose_unsafe(fn, v, 2)) goto err ;
if (pipelinename)
{
v[0].iov_base = (char *)pipelinename ;
v[0].iov_len = strlen(pipelinename) ;
memcpy(fn + dirlen + 1, "pipeline-name", 14) ;
- if (!openwritevnclose_unsafe(fn, v, 2)) strerr_diefu2sys(111, "write to ", fn) ;
+ if (!openwritevnclose_unsafe(fn, v, 2)) goto err ;
}
}
else
@@ -203,6 +203,9 @@ static void write_logger (char const *dir, char const *user, char const *logdir,
if (chmod(fn, mask | ((mask >> 2) & 0111)) < 0)
strerr_diefu2sys(111, "chmod ", fn) ;
}
+ return ;
+ err:
+ strerr_diefu2sys(111, "write to ", fn) ;
}
int main (int argc, char *const *argv)
@@ -273,7 +276,6 @@ int main (int argc, char *const *argv)
}
}
mask = umask(0) ;
- umask(mask) ;
mask = ~mask & 0666 ;
dirlen = strlen(argv[2]) ;
@@ -281,16 +283,19 @@ int main (int argc, char *const *argv)
{
size_t svclen = strlen(rcinfo[0]) ;
size_t loglen = strlen(rcinfo[1]) ;
- char dir[dirlen + 2 + svclen > loglen ? svclen : loglen] ;
+ char dir[dirlen + 2 + (svclen > loglen ? svclen : loglen)] ;
memcpy(dir, argv[2], dirlen) ;
dir[dirlen] = '/' ;
- memcpy(dir + dirlen + 1, rcinfo[0], svclen + 1) ;
if (mkdir(argv[2], 0755) < 0 && errno != EEXIST)
strerr_diefu2sys(111, "mkdir ", argv[2]) ;
+ memcpy(dir + dirlen + 1, rcinfo[0], svclen + 1) ;
if (mkdir(dir, 0755) < 0) strerr_diefu2sys(111, "mkdir ", dir) ;
- write_service(dir, argv[0], userscandir, rcinfo[1], path, userenvdir, vars, varlen) ;
memcpy(dir + dirlen + 1, rcinfo[1], loglen + 1) ;
+ if (mkdir(dir, 0755) < 0) strerr_diefu2sys(111, "mkdir ", dir) ;
+ umask(mask) ;
write_logger(dir, loguser, argv[1], stamptype, nfiles, filesize, maxsize, rcinfo[0], rcinfo[2]) ;
+ memcpy(dir + dirlen + 1, rcinfo[0], svclen + 1) ;
+ write_service(dir, argv[0], userscandir, rcinfo[1], path, userenvdir, vars, varlen) ;
}
else
{
@@ -298,6 +303,8 @@ int main (int argc, char *const *argv)
memcpy(dir, argv[2], dirlen) ;
memcpy(dir + dirlen, "/log", 5) ;
if (mkdir(argv[2], 0755) < 0) strerr_diefu2sys(111, "mkdir ", argv[2]) ;
+ if (mkdir(dir, 0755) < 0) strerr_diefu2sys(111, "mkdir ", argv[2]) ;
+ umask(mask) ;
write_service(argv[2], argv[0], userscandir, 0, path, userenvdir, vars, varlen) ;
write_logger(dir, loguser, argv[1], stamptype, nfiles, filesize, maxsize, 0, 0) ;
}