Message ID | 1444095524-11357-3-git-send-email-azhou@nicira.com |
---|---|
State | Superseded |
Headers | show |
On 5 October 2015 at 18:38, Andy Zhou <azhou@nicira.com> wrote: > Add option to ovs-ctl script to specify whether to start the daemons as > root user or ovs user. The default is 'run-as-root', which preserve > s/preserve/preserves > the scripts' current behavior. > s/script/script's > > Signed-off-by: Andy Zhou <azhou@nicira.com> > --- > utilities/ovs-ctl.in | 12 ++++++++++-- > utilities/ovs-lib.in | 7 +++++++ > 2 files changed, 17 insertions(+), 2 deletions(-) > > diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in > index c9d75df..1256324 100755 > --- a/utilities/ovs-ctl.in > +++ b/utilities/ovs-ctl.in > @@ -13,8 +13,8 @@ > # See the License for the specific language governing permissions and > # limitations under the License. > > -OVS_USER=root # Default user. > -OVS_GROUP=root # Default group. > +OVS_USER=ovs # Default user. > +OVS_GROUP=ovs # Default group. > > case $0 in > */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;; > @@ -505,6 +505,7 @@ set_defaults () { > > DAEMON_CWD=/ > FORCE_COREFILES=yes > + RUN_AS_ROOT=yes > MLOCKALL=yes > OVSDB_SERVER_PRIORITY=-10 > OVS_VSWITCHD_PRIORITY=-10 > @@ -573,6 +574,7 @@ Less important options for "start", "restart" and > "force-reload-kmod": > --daemon-cwd=DIR set working dir for OVS daemons > (default: $DAEMON_CWD) > --no-force-corefiles do not force on core dumps for OVS > daemons > --no-mlockall do not lock all of ovs-vswitchd into > memory > + --no-run-as-root run ovs daemons as the ovs user > How about run --run-as-ovs-user? Is there a reason you want negation in front of its name? In description I would use OVS in capital case (as three lines higher) --ovsdb-server-priority=NICE set ovsdb-server's niceness (default: > $OVSDB_SERVER_PRIORITY) > --ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: > $OVS_VSWITCHD_PRIORITY) > > @@ -685,6 +687,12 @@ do > ;; > esac > done > + > +if test X"$RUN_AS_ROOT" = Xyes; then > + OVS_USER=root > + OVS_GROUP=root > +fi > > + > case $command in > start) > start_ovsdb || exit 1 > diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in > index da52284..fcb9555 100644 > --- a/utilities/ovs-lib.in > +++ b/utilities/ovs-lib.in > @@ -153,6 +153,11 @@ start_daemon () { > set "$@" --pidfile="$rundir/$daemon.pid" > set "$@" --detach --monitor > > + # non root user > + if test X"$RUN_AS_ROOT" != Xyes; then > + set "$@" --user="$OVS_USER":"$OVS_GROUP" > + fi > + # wrapper > case $wrapper in > valgrind) > @@ -375,5 +380,7 @@ upgrade_db () { > rm -f "$DB_FILE" > create_db "$DB_FILE" "$DB_SCHEMA" > fi > + > + chown "$OVS_USER":"$OVS_GROUP" $DB_FILE > Please don't push this yet since I suspect we would need to change SElinux Open vSwitch profile to get chown working properly on RHEL and Fedora from ovs-ctl script. Let me investigate this first. fi > } > -- > 1.9.1 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > http://openvswitch.org/mailman/listinfo/dev >
diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in index c9d75df..1256324 100755 --- a/utilities/ovs-ctl.in +++ b/utilities/ovs-ctl.in @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -OVS_USER=root # Default user. -OVS_GROUP=root # Default group. +OVS_USER=ovs # Default user. +OVS_GROUP=ovs # Default group. case $0 in */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;; @@ -505,6 +505,7 @@ set_defaults () { DAEMON_CWD=/ FORCE_COREFILES=yes + RUN_AS_ROOT=yes MLOCKALL=yes OVSDB_SERVER_PRIORITY=-10 OVS_VSWITCHD_PRIORITY=-10 @@ -573,6 +574,7 @@ Less important options for "start", "restart" and "force-reload-kmod": --daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD) --no-force-corefiles do not force on core dumps for OVS daemons --no-mlockall do not lock all of ovs-vswitchd into memory + --no-run-as-root run ovs daemons as the ovs user --ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY) --ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY) @@ -685,6 +687,12 @@ do ;; esac done + +if test X"$RUN_AS_ROOT" = Xyes; then + OVS_USER=root + OVS_GROUP=root +fi + case $command in start) start_ovsdb || exit 1 diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in index da52284..fcb9555 100644 --- a/utilities/ovs-lib.in +++ b/utilities/ovs-lib.in @@ -153,6 +153,11 @@ start_daemon () { set "$@" --pidfile="$rundir/$daemon.pid" set "$@" --detach --monitor + # non root user + if test X"$RUN_AS_ROOT" != Xyes; then + set "$@" --user="$OVS_USER":"$OVS_GROUP" + fi + # wrapper case $wrapper in valgrind) @@ -375,5 +380,7 @@ upgrade_db () { rm -f "$DB_FILE" create_db "$DB_FILE" "$DB_SCHEMA" fi + + chown "$OVS_USER":"$OVS_GROUP" $DB_FILE fi }
Add option to ovs-ctl script to specify whether to start the daemons as root user or ovs user. The default is 'run-as-root', which preserve the scripts' current behavior. Signed-off-by: Andy Zhou <azhou@nicira.com> --- utilities/ovs-ctl.in | 12 ++++++++++-- utilities/ovs-lib.in | 7 +++++++ 2 files changed, 17 insertions(+), 2 deletions(-)