![(please configure the [header_logo] section in trac.ini)](/chrome/site/your_project_logo.png){kind=logo}
Opened 10 years ago
Last modified 8 years ago
#39 new enhancement
Make more stuff run by $SDTD_USER instead of root
| Reported by: | Christian Illy | Owned by: | Christian Illy |
|---|---|---|---|
| Priority: | major | Component: | Scripts |
| Keywords: | Cc: |
Description
Change History (4)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
Expanding that check shouldn't hurt at all. Basically the only things that really require root privileges are update-commands. I think starting/stopping should work for both root and the user that owns the processes (sdtd by default). Everything else should be mostly fine for any user that can read/execute the required files.
Still haven't gotten around to actually change this stuff :(
comment:3 by , 8 years ago
Excellent, I will try that now and thanks for the lightning response :D
"Still haven't gotten around to actually change this stuff :("
I know how it is, I have a trello with a thousand things also :/
Will let you know result.
Thanks again :)
comment:4 by , 8 years ago
Hey :)
I added that second uid check and once I'd sorted the permissions, it all works fine.
I tried a few of the commands, '7dtd.sh instances list' worked, but '7dtd.sh start inst' failed due to insufficient privs removing the old pid file. I can add permissions for that if I need to. Thanks again :)
I'm running into this issue now.
I have added scripts in hook folders using !#/usr/bin/php that call upon helper shell scripts that source the common.sh file and they work fine when called by the 7dtd process, but now I'm attempting to call those same scripts from a php file under my webpath and am kinda stuck.
The working setup is as follows:
/hooks/playerConnect/plconn.sh (using !#/usr/bin/php) passing variables to:
/hooks/scripts/helpers/sayplayer.sh (which sources common.sh) to send telnet command
The non-working setup:
/www/html/api.php calling /helpers/sayplayer.sh with script-specific sudo privileges
I can configure the env to allow php user (www-data) to call the scripts with elevated privileges, but the check inside /usr/local/lib/7dtd/common.sh is testing for uid=0 rather than if the calling user has root privilege (if that is even possible)
What would happen if I expanded this check (uid=0) to also check for the www-data user (with elevated privileges if possible) and continue if it passes?
I apologise if these questions are just stupid, I've spent a day on this and am quite confused :)
I will continue researching and let you know if I find another solution.
Thanks.