Change to a non-root user after starting the server
parent
5805c65dc4
commit
6de1109854
|
@ -12,6 +12,7 @@ def daemon(args, one_args, **kwargs):
|
||||||
srv = server.OneDNS(args.domain, one_kwargs=one_args)
|
srv = server.OneDNS(args.domain, one_kwargs=one_args)
|
||||||
srv.daemon(dns_port=args.dns_port,
|
srv.daemon(dns_port=args.dns_port,
|
||||||
sync_interval=args.sync_interval,
|
sync_interval=args.sync_interval,
|
||||||
|
user=args.user,
|
||||||
test=test, test_vms=test_vms)
|
test=test, test_vms=test_vms)
|
||||||
|
|
||||||
|
|
||||||
|
@ -58,6 +59,9 @@ def get_parser():
|
||||||
daemon_parser.add_argument(
|
daemon_parser.add_argument(
|
||||||
'--sync-interval', required=False, default=5 * 60, type=positive_int,
|
'--sync-interval', required=False, default=5 * 60, type=positive_int,
|
||||||
help="time in seconds between ONE syncs")
|
help="time in seconds between ONE syncs")
|
||||||
|
daemon_parser.add_argument(
|
||||||
|
'--user', required=False, default='nobody',
|
||||||
|
help="system user name to setuid() to")
|
||||||
|
|
||||||
shell_parser = subparsers.add_parser('shell')
|
shell_parser = subparsers.add_parser('shell')
|
||||||
shell_parser.set_defaults(func=shell)
|
shell_parser.set_defaults(func=shell)
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
import re
|
import re
|
||||||
import time
|
import time
|
||||||
|
import pwd
|
||||||
|
import os
|
||||||
|
|
||||||
from onedns import zone
|
from onedns import zone
|
||||||
from onedns import resolver
|
from onedns import resolver
|
||||||
|
@ -61,7 +63,7 @@ class OneDNS(resolver.DynamicResolver):
|
||||||
log.info("Adding VM {id}: {vm}".format(id=vm.id, vm=vm.name))
|
log.info("Adding VM {id}: {vm}".format(id=vm.id, vm=vm.name))
|
||||||
for name, ip in dns_entries.items():
|
for name, ip in dns_entries.items():
|
||||||
self._check_for_duplicates(vm.id, name, ip, zone=zone)
|
self._check_for_duplicates(vm.id, name, ip, zone=zone)
|
||||||
self.add_host(name, ip, zone=zone)
|
self.add_host(name.lower(), ip, zone=zone)
|
||||||
|
|
||||||
def remove_vm(self, vm, zone=None):
|
def remove_vm(self, vm, zone=None):
|
||||||
dns_entries = self._get_vm_dns_entries(vm)
|
dns_entries = self._get_vm_dns_entries(vm)
|
||||||
|
@ -93,9 +95,15 @@ class OneDNS(resolver.DynamicResolver):
|
||||||
def daemon(self, *args, **kwargs):
|
def daemon(self, *args, **kwargs):
|
||||||
test = kwargs.pop('test', False)
|
test = kwargs.pop('test', False)
|
||||||
test_vms = kwargs.pop('test_vms', None)
|
test_vms = kwargs.pop('test_vms', None)
|
||||||
|
user = kwargs.pop('user', 'nobody')
|
||||||
sync_interval = kwargs.pop('sync_interval', 5 * 60)
|
sync_interval = kwargs.pop('sync_interval', 5 * 60)
|
||||||
if self._udp_server is None or not self._udp_server.isAlive():
|
if self._udp_server is None or not self._udp_server.isAlive():
|
||||||
self.start(*args, **kwargs)
|
self.start(*args, **kwargs)
|
||||||
|
_, _, uid, gid, _, root, shell = pwd.getpwnam(user)
|
||||||
|
os.chdir('/')
|
||||||
|
os.setgroups([])
|
||||||
|
os.setgid(gid)
|
||||||
|
os.setuid(uid)
|
||||||
while self._udp_server.isAlive():
|
while self._udp_server.isAlive():
|
||||||
try:
|
try:
|
||||||
self.sync(vms=test_vms)
|
self.sync(vms=test_vms)
|
||||||
|
|
Loading…
Reference in New Issue