Change to a non-root user after starting the server
parent
5805c65dc4
commit
6de1109854
|
@ -12,6 +12,7 @@ def daemon(args, one_args, **kwargs):
|
|||
srv = server.OneDNS(args.domain, one_kwargs=one_args)
|
||||
srv.daemon(dns_port=args.dns_port,
|
||||
sync_interval=args.sync_interval,
|
||||
user=args.user,
|
||||
test=test, test_vms=test_vms)
|
||||
|
||||
|
||||
|
@ -58,6 +59,9 @@ def get_parser():
|
|||
daemon_parser.add_argument(
|
||||
'--sync-interval', required=False, default=5 * 60, type=positive_int,
|
||||
help="time in seconds between ONE syncs")
|
||||
daemon_parser.add_argument(
|
||||
'--user', required=False, default='nobody',
|
||||
help="system user name to setuid() to")
|
||||
|
||||
shell_parser = subparsers.add_parser('shell')
|
||||
shell_parser.set_defaults(func=shell)
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
import re
|
||||
import time
|
||||
import pwd
|
||||
import os
|
||||
|
||||
from onedns import zone
|
||||
from onedns import resolver
|
||||
|
@ -61,7 +63,7 @@ class OneDNS(resolver.DynamicResolver):
|
|||
log.info("Adding VM {id}: {vm}".format(id=vm.id, vm=vm.name))
|
||||
for name, ip in dns_entries.items():
|
||||
self._check_for_duplicates(vm.id, name, ip, zone=zone)
|
||||
self.add_host(name, ip, zone=zone)
|
||||
self.add_host(name.lower(), ip, zone=zone)
|
||||
|
||||
def remove_vm(self, vm, zone=None):
|
||||
dns_entries = self._get_vm_dns_entries(vm)
|
||||
|
@ -93,9 +95,15 @@ class OneDNS(resolver.DynamicResolver):
|
|||
def daemon(self, *args, **kwargs):
|
||||
test = kwargs.pop('test', False)
|
||||
test_vms = kwargs.pop('test_vms', None)
|
||||
user = kwargs.pop('user', 'nobody')
|
||||
sync_interval = kwargs.pop('sync_interval', 5 * 60)
|
||||
if self._udp_server is None or not self._udp_server.isAlive():
|
||||
self.start(*args, **kwargs)
|
||||
_, _, uid, gid, _, root, shell = pwd.getpwnam(user)
|
||||
os.chdir('/')
|
||||
os.setgroups([])
|
||||
os.setgid(gid)
|
||||
os.setuid(uid)
|
||||
while self._udp_server.isAlive():
|
||||
try:
|
||||
self.sync(vms=test_vms)
|
||||
|
|
Loading…
Reference in New Issue