/srv/irclogs.ubuntu.com/2009/09/03/#upstart.txt

=== robbiew is now known as robbiew-dinner
=== h\h is now known as haraldh
wasabi_So why doesn't upstart have a 'user' stanza?16:11
wasabi_I can imagine it being hard for pid 1 to do namemapping, yeah.16:11
sadmac2wasabi_: nobody's gotten around to implementing one16:12
sadmac2wasabi_: su does the trick16:13
wasabi_Ahh.16:13
wasabi_Hmm. Does su end up execing, or does it fork first?16:14
wasabi_Want to make sure upstart's TERM still goes to the right place.16:15
sadmac2su should just exec16:15
jMCgwasabi_: you need a TERM? More importantly: upstart has a TERM!?16:17
wasabi_stop sends TERM, n o?16:17
wasabi_sigterm.16:17
jMCgAh. I thought you meant the environment variable.16:18
wasabi_Oh.16:18
wasabi_Using 'su' sure creates a lot of unnecessary processes, though.16:24
jMCgwasabi_: whatabout sudo -u $user ?16:25
sadmac2wasabi_: huh?16:26
sadmac2wasabi_: su shouldn't create any additional processes methinks16:26
jMCgMaybe your various wrappers do.16:26
wasabi_'su' keeps running, and it creates a shell to run the specified command in.16:26
wasabi_Since the -c option is a shell script.16:26
sadmac2wasabi_: check the manpage. there should be a way to make that not happen16:27
wasabi_Doesn't seem to.16:27
sadmac2either way it shouldn't "create" a shell. It should exec() a shell16:27
jMCg"-c will cause the next argument to be treated as a command by most command interpreters. The command will be executed by the shell specified in /etc/passwd for the target user."16:27
wasabi_Well, it's not. Clearly.16:27
wasabi_and yeah, stopping it sends sigterm to the wrong place.16:28
wasabi_Heh.16:28
sadmac2fun16:28
jMCgNow, one could try to specify -s /binhrmpfzd... bleh. exec is a shell-builtin....16:28
wasabi_Yeah. No way to pass an arg list though16:29
wasabi_Oh I see16:29
jMCgAnyways, I'm pretty much very sure (because I myself abuse it) that sudo does not start a funky shell.16:29
jMCgjmcg@metis ~ % ps -cafe|grep -i [s]udo16:29
jMCg1 jmcg@metis ~ %         16:29
jMCgAs opposed to (and I'm only giving a grep -c here): jmcg@metis ~ % ps -cafe| grep -c [h]ttpd16:30
jMCg9116:30
jMCgAnd script starts this with sudo, but there's no trace of.. 16:31
jMCghttp://dpaste.com/89133/ nope.. no trace of shell or su or sudo or anthing.16:32
wasabi_Can't get sudo to run from upstart though. Grrr.16:39
wasabi_Ahh. I see16:39
wasabi_-c on sudo does not support args.16:39
wasabi_it tries to exec the string, and finds no command.16:39
wasabi_Argh. And I can't use -g in sudo. Says the root user isn't allowed to do it.16:53
wasabi_And I'm not going to monkey with perms.16:53
Keybukexec su -c "exec command" user16:55
Keybuk;)16:55
wasabi_su stays around.16:55
Keybukyes16:55
Keybukbut the process group is the same16:56
wasabi_Oh16:56
Keybukso init sends SIGTERM to both su and its child process16:56
wasabi_From what I can tell the child does get it.16:58
wasabi_Begins a shutdown process (which can take awhile)16:58
wasabi_ANd then init reports it exists with 255.16:58
wasabi_exits16:58
wasabi_And the child keeps shutting down.16:58
wasabi_So su is disappearing.16:58
Keybukoh, right16:59
Keybukyeah that can happen16:59
wasabi_Uh huh.16:59
Keybukit's not ideal16:59
wasabi_Sure isn't.16:59
wasabi_I think a 'user' stanza added to upstart would make me happy.17:00
Keybukit wouldn't make me happy17:00
wasabi_Name lookup?17:00
Keybukno, it's wrong17:00
wasabi_Oh. Why?17:00
Keybukgive me 30s and I'll describe how I see it working ;)17:00
Keybukjust need to finish a function17:01
wasabi_okay17:01
Keybukright17:11
Keybukso "run as user" means lots of different things17:11
Keybukfor example, a user's cron job17:11
Keybukthat doesn't just run setuid the user17:11
Keybukbut it runs *as* the user17:11
Keybukit's setuid, initgroups() is used *and* PAM is invoked to set up a full user session17:11
Keybukand Upstart needs to support user owned jobs that behave in this fashion17:12
Keybuk*separate* to that is the notion of dropping privileges17:12
Keybukdropping privileges may include calling setuid()17:12
Keybukbut that's a numpty's function17:13
Keybukwhat you really want to specify is the real *and* effective uids of the job17:13
Keybukand any capabilities to retain17:13
wasabi_Hmm17:13
wasabi_I see.17:13
Keybukfor example, you should be able to say that named runs with real and effective "bind" but retains CAP_NET_BIND_SERVICE17:14
wasabi_So it's obviously more complicated than just user.17:14
Keybukyes17:14
Keybukand then there's the permission side of ti17:14
Keybukas "scott", I should be able to send init commands to start and stop my jobs17:15
Keybukor start and stop jobs that I am permitted to start and stop, which runs as my user17:15
wasabi_Yeah.17:15
Keybukand that then brings the problem of security on a job17:15
Keybukand interestingly, means that the "user" of a job need not be specified in the config17:15
Keybuk(or "any user" for example)17:15
ionkeybuk: Did whatshisnick talk to you about Linux capabilities? In Solaris SMF, he said, you can declare a job to run as an unprivileged user but with the rights to open port <1024 for instance. Linux has equivalent capabilities functionality, Upstart would just need to implement support for that along with the rest of the run-as-user functionality.17:17
ion/usr/include/linux/capability.h17:18
ionBetter: capabilities(7)17:19
ionuser www-data17:21
ioncapabilities net-bind-service17:21
ionexec /usr/bin/apache2 --foo17:21
Keybukright17:42
Keybukthat's exactly what I was waffling about above17:42
Keybukthough I wouldn't use "user" there17:42
Keybukit's more "real uid www-data" ;)17:42
ionHah, now that i actually look at the discussion, i realize i was just repeating what was already said. I’ve been watching a movie and missed the discussion; just noticed something about the ”user” of a job and mentioned what jmcg talked about recently.17:55
sadmac2Keybuk: so what does the UI for that look like?18:00
sadmac2Keybuk: To play devils advocate, a "user" stanza would do something that most end users would understand. There's a very simple expectation for the behavior of that.18:01
Keybukthat's the bit I don't know18:01
Keybukright18:02
Keybukand I want the simple expectation to always fail18:02
Keybukwhich is why I want to avoid a "user" stanza18:02
sadmac2Keybuk: we should probably discuss the "and" operator while I'm thinking of it. You want to keep it around and non-deprecated last I brought it up?18:03
Keybukfor while, yes18:04
sadmac2Keybuk: ah. That's very different :)18:05
sadmac2Keybuk: and for events is wrong, wrong and terribly wrong. For states it makes perfect sense.18:06
Keybukright18:08
Keybukwhile something and something or someting18:08
Keybukon foo18:08
Keybukon bar18:08
Keybukon baz18:08
Keybukhourly18:08
Keybukat the hour of scampering18:08
Keybuk40 minutes after tea18:08
Keybuketc.18:09
Keybukall of the "event" bits are OR18:09
Keybukif you want AND18:09
Keybukfrom event until SOME OTHER EVENT and while something18:09
Keybukon foo18:09
sadmac2Keybuk: 0.6 compatibility means we have to keep AND around, which hurts since ripping it out deletes about 1/4 of upstart's code :)18:10
Keybukyeah18:10
sadmac2its kinda-sorta less painful with triggers.18:10
Keybukbut then you guys never went with 0.6 anyway, did you? :p18:11
sadmac2we didn't... so there is that...18:11
Keybukwhich means you have nice crasher bugs18:11
Keybukbut hey ;)18:11
sadmac2you picked a bad time in our release cycle for 0.6 :(18:12
Keybukyou picked a bad time in your release cycle to ship a version of init with known serious bugs ;)18:12
sadmac2also our system is kind of dependent on state transfer working (even the broken version we got)18:12
ionAll the major Linux distributions should live together for a while, so their periods would get synchronized.18:12
sadmac2ion: well, we certainly have enough douches to clean the mess up.18:13
ion*zing*18:15
sadmac2Keybuk: there's bugs and then there's bug reports. The loudest userbase in linux is staying quiet on upstart. Life is good.18:16
Keybukloudest userbase? :)18:16
sadmac2Keybuk: curmudgeons love fedora18:18
Keybukyes, but there's so few of them ;)18:19
sadmac2I wish18:19
=== robbiew is now known as robbiew-lunch
sadmac2Keybuk: you aren't perchance going to JLS?18:43
sadmac2http://gcc.gnu.org/wiki/Var_Tracking_Assignments19:01
=== robbiew-lunch is now known as robbiew
jMCgwuhwvmpfzd.. for a second there, I read "JCL" ...21:05

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!