run pveproxy as unpriviledged user (www-data)

We log to /var/log/pveproxy/access.log. Extra directory is needed because we run
as www-data (no permissions to write into /var/log/pve/).

diff --git a/Makefile b/Makefile
index 19425ecd95af16e8cbbb09560f1ea6be3b8923e3..92cba4f456d9a87e74984d02bf94e0db9023da0b 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -72,6 +72,8 @@ aplupload:
 
 .PHONY: install
 install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl
+       install -d -m 0700 -o www-data -g www-data ${DESTDIR}/var/log/pveproxy
+       install -D -m 0644 debian/pve.logrotate ${DESTDIR}/etc/logrotate.d/pve
        install -d ${DESTDIR}/usr/share/${PACKAGE}
        install -d ${DESTDIR}/usr/share/man/man1
        install -d ${DOCDIR}/examples

diff --git a/PVE/APIDaemon.pm b/PVE/APIDaemon.pm
index 127e42f954a265daa18b91846e4a80247a4c5fb1..f24f8f3ff55748c931ada50155bc679ba9c5e705 100755 (executable)
--- a/PVE/APIDaemon.pm
+++ b/PVE/APIDaemon.pm
@@ -704,10 +704,11 @@ sub start_workers {
            sleep (1);
        } elsif ($pid) { #parent
            $workers->{$pid} = 1;
-           $0 = "$0 worker";
            syslog('info', "worker $pid started");
            $need--;
        } else {
+           $0 = "$0 worker";
+
            $SIG{TERM} = $SIG{QUIT} = sub {
                $child_terminate = 1;
            };

diff --git a/bin/init.d/pveproxy b/bin/init.d/pveproxy
index f4b0c2d350347e32c36b51528ed61abfa04315ca..d95dff508edb52f6094fab49bc4705e1c368af54 100755 (executable)
--- a/bin/init.d/pveproxy
+++ b/bin/init.d/pveproxy
@@ -15,13 +15,18 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin
 DAEMON=/usr/bin/pveproxy
 NAME=pveproxy
 DESC="PVE API Proxy Server"
-PIDFILE=/var/run/pveproxy.pid
+RUNDIR=/var/run/pveproxy
+PIDFILE=${RUNDIR}/pveproxy.pid
 
 test -f $DAEMON || exit 0
 
 # avoid warnings about uninstalled locales when pveproxy executes commands
 export LC_ALL="C"
 
+mkdir -p ${RUNDIR} || true
+chmod 0700 ${RUNDIR} || true
+chown www-data:www-data ${RUNDIR} || true
+ 
 case "$1" in
        start)
                log_daemon_msg "Starting $DESC" "$NAME"

diff --git a/bin/pvedaemon b/bin/pvedaemon
index 447bb5a2237616a24e1f412d01e76a376bd0b0ee..218e440c1bea4a1e15cbc337f7d424b25a56413f 100755 (executable)
--- a/bin/pvedaemon
+++ b/bin/pvedaemon
@@ -49,9 +49,7 @@ eval {
        lockfile => $lockfile,
        keep_alive => 100,
        max_conn => 500,
-       max_requests => 1000,
-       logfile => '/var/log/pve/pvedaemon.log', # fixme?
-       );
+       max_requests => 1000);
 };
 
 my $err = $@;

diff --git a/bin/pveproxy b/bin/pveproxy
index 2d0865e698ae9a0bd4d307aeb8597c5b7b209793..05a89d10652588adc5c8220a4dab3e182dcac20b 100755 (executable)
--- a/bin/pveproxy
+++ b/bin/pveproxy
@@ -6,6 +6,7 @@ delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
 
 use lib '..'; #  fixme
 use strict;
+use English;
 use Getopt::Long;
 use POSIX ":sys_wait_h";
 use Socket;
@@ -21,7 +22,7 @@ use File::Find;
 use Data::Dumper;
 
 
-my $pidfile = "/var/run/pveproxy.pid";
+my $pidfile = "/var/run/pveproxy/pveproxy.pid";
 my $lockfile = "/var/lock/pveproxy.lck";
 
 my $opt_debug;
@@ -42,6 +43,16 @@ $SIG{'__WARN__'} = sub {
 
 $0 = "pveproxy";
 
+# run as www-data
+my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n";
+POSIX::setgid($gid) || die "setgid $gid failed - $!\n";
+$EGID = "$gid $gid"; # this calls setgroups
+my $uid = getpwnam('www-data') || die "getpwnam failed - $!\n";
+POSIX::setuid($uid) || die "setuid $uid failed - $!\n";
+
+# just to be sure
+die "detected strange uid/gid\n" if !($UID == $uid && $EUID == $uid && $GID eq "$gid $gid" && $EGID eq "$gid $gid");
+
 PVE::APIDaemon::enable_debug() if $opt_debug;
 
 sub add_dirs {
@@ -77,7 +88,7 @@ eval {
        max_conn => 500,
        max_requests => 1000,
        trusted_env => 0, # not trusted, anyone can connect
-       logfile => '/var/log/pve/access.log',
+       logfile => '/var/log/pveproxy/access.log',
        lockfile => $lockfile,
        ssl => {
            key_file => '/etc/pve/local/pve-ssl.key',
@@ -103,6 +114,7 @@ if ($err) {
     exit (-1);
 }
 
+
 if ($opt_debug || !($cpid = fork ())) {
 
     $SIG{PIPE} = 'IGNORE';

diff --git a/debian/conffiles b/debian/conffiles
index 1e64c3b595b312744dde66ce84d6f93cf2f94d5b..73e61a460d528dbfc392e0fedffb49aa70571414 100644 (file)
--- a/debian/conffiles
+++ b/debian/conffiles
@@ -7,3 +7,4 @@
 /etc/cron.daily/pve
 /etc/vz/vznet.conf
 /etc/vzdump.conf
+/etc/logrotate.d/pve

diff --git a/debian/control.in b/debian/control.in
index 65b7a664b7c11a3ce12a1c9ebf514940c57486b0..6276f09cdd0d163ad4fa297a73df1bc1c8b474ef 100644 (file)
--- a/debian/control.in
+++ b/debian/control.in
@@ -3,7 +3,7 @@ Version: @VERSION@-@PACKAGERELEASE@
 Section: admin
 Priority: optional
 Architecture: amd64
-Depends: perl5, libtimedate-perl, libauthen-pam-perl, libintl-perl, rsync, libjson-perl, liblockfile-simple-perl, vncterm, qemu-server (>= 1.1-1), libwww-perl (>= 6.04-1), libnet-http-perl (>= 6.06-1), libhttp-daemon-perl, wget, libnet-dns-perl, vlan, ifenslave-2.6 (>= 1.1.0-10), liblinux-inotify2-perl, debconf (>= 0.5) | debconf-2.0, netcat-traditional, pve-cluster (>= 1.0-29), libpve-common-perl, libpve-storage-perl, libterm-readline-gnu-perl, libpve-access-control, libio-socket-ssl-perl, libfilesys-df-perl, libfile-readbackwards-perl, libfile-sync-perl, redhat-cluster-pve, resource-agents-pve, fence-agents-pve, cstream, postfix | mail-transport-agent, libxml-parser-perl, lzop, dtach, libanyevent-perl, libio-compress-perl, liburi-perl
+Depends: perl5, libtimedate-perl, libauthen-pam-perl, libintl-perl, rsync, libjson-perl, liblockfile-simple-perl, vncterm, qemu-server (>= 1.1-1), libwww-perl (>= 6.04-1), libnet-http-perl (>= 6.06-1), libhttp-daemon-perl, wget, libnet-dns-perl, vlan, ifenslave-2.6 (>= 1.1.0-10), liblinux-inotify2-perl, debconf (>= 0.5) | debconf-2.0, netcat-traditional, pve-cluster (>= 1.0-29), libpve-common-perl, libpve-storage-perl, libterm-readline-gnu-perl, libpve-access-control, libio-socket-ssl-perl, libfilesys-df-perl, libfile-readbackwards-perl, libfile-sync-perl, redhat-cluster-pve, resource-agents-pve, fence-agents-pve, cstream, postfix | mail-transport-agent, libxml-parser-perl, lzop, dtach, libanyevent-perl, libio-compress-perl, liburi-perl, logrotate
 Conflicts: netcat-openbsd, vzdump
 Replaces: vzdump
 Provides: vzdump

diff --git a/debian/pve.logrotate b/debian/pve.logrotate
new file mode 100644 (file)
index 0000000..81a4bfb
--- /dev/null
+++ b/debian/pve.logrotate
@@ -0,0 +1,13 @@
+/var/log/pveproxy/access.log {
+        rotate 7
+        daily  
+       missingok
+       compress
+       delaycompress
+       notifempty
+       create 640 www-data www-data
+       sharedscripts
+       postrotate
+               /etc/init.d/pveproxy reload > /dev/null
+       endscript
+}