Opened 7 years ago

Last modified 5 years ago

#39 new enhancement

Make more stuff run by $SDTD_USER instead of root

Reported by: Alloc Owned by: Alloc
Priority: major Component: Scripts
Keywords: Cc:


Change History (4)

comment:1 Changed 5 years ago by zigstum

I'm running into this issue now.

I have added scripts in hook folders using !#/usr/bin/php that call upon helper shell scripts that source the file and they work fine when called by the 7dtd process, but now I'm attempting to call those same scripts from a php file under my webpath and am kinda stuck.

The working setup is as follows:
/hooks/playerConnect/ (using !#/usr/bin/php) passing variables to:
/hooks/scripts/helpers/ (which sources to send telnet command

The non-working setup:
/www/html/api.php calling /helpers/ with script-specific sudo privileges

I can configure the env to allow php user (www-data) to call the scripts with elevated privileges, but the check inside /usr/local/lib/7dtd/ is testing for uid=0 rather than if the calling user has root privilege (if that is even possible)

What would happen if I expanded this check (uid=0) to also check for the www-data user (with elevated privileges if possible) and continue if it passes?

I apologise if these questions are just stupid, I've spent a day on this and am quite confused :)

I will continue researching and let you know if I find another solution.


comment:2 Changed 5 years ago by Alloc

Expanding that check shouldn't hurt at all. Basically the only things that really require root privileges are update-commands. I think starting/stopping should work for both root and the user that owns the processes (sdtd by default). Everything else should be mostly fine for any user that can read/execute the required files.

Still haven't gotten around to actually change this stuff :(

comment:3 Changed 5 years ago by zigstum

Excellent, I will try that now and thanks for the lightning response :D

"Still haven't gotten around to actually change this stuff :("

I know how it is, I have a trello with a thousand things also :/

Will let you know result.
Thanks again :)

comment:4 Changed 5 years ago by zigstum

Hey :)
I added that second uid check and once I'd sorted the permissions, it all works fine.
I tried a few of the commands, ' instances list' worked, but ' start inst' failed due to insufficient privs removing the old pid file. I can add permissions for that if I need to. Thanks again :)

Note: See TracTickets for help on using tickets.