From patchwork Thu Oct 1 01:53:42 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Zhou X-Patchwork-Id: 524706 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (unknown [IPv6:2600:3c00::f03c:91ff:fe6e:bdf7]) by ozlabs.org (Postfix) with ESMTP id 362A3140D6B for ; Thu, 1 Oct 2015 11:53:47 +1000 (AEST) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 149AB108DA; Wed, 30 Sep 2015 18:53:46 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id 09FA8108D2 for ; Wed, 30 Sep 2015 18:53:45 -0700 (PDT) Received: from bar5.cudamail.com (unknown [192.168.21.12]) by mx1e4.cudamail.com (Postfix) with ESMTPS id 5CA2B1E05CC for ; Wed, 30 Sep 2015 19:53:44 -0600 (MDT) X-ASG-Debug-ID: 1443664423-09eadd14182c950001-byXFYA Received: from mx1-pf1.cudamail.com ([192.168.24.1]) by bar5.cudamail.com with ESMTP id gRw1zFZPxOrIpAQp (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 30 Sep 2015 19:53:43 -0600 (MDT) X-Barracuda-Envelope-From: azhou@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.1 Received: from unknown (HELO mail-qg0-f50.google.com) (209.85.192.50) by mx1-pf1.cudamail.com with ESMTPS (RC4-SHA encrypted); 1 Oct 2015 01:53:43 -0000 Received-SPF: unknown (mx1-pf1.cudamail.com: Multiple SPF records returned) X-Barracuda-Apparent-Source-IP: 209.85.192.50 X-Barracuda-RBL-IP: 209.85.192.50 Received: by qgx61 with SMTP id 61so52543238qgx.3 for ; Wed, 30 Sep 2015 18:53:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=oWYfKi8Wbh9P3ZhUqyTfuA4dhNhF1s8M8SnirEWJ29U=; b=TEmlos1QRJ3HmsKm1/Mh1zI1b2xA6RHdtLpHYaNwh7+v5LA5U+/YYvyhQzBzNZIRuN DE65MXj+DcaLyWryApJvLNBrhs7Lqb1vyMMj/W5HxGy+z2UVQH6yOt0093E8o10bqjh3 XCTiQuu9N8+a8E0wnSkTb1fa7L4D+Uf2RfYyQGQ7nxywvdXam2wyFBB3CDL276dzVD5V CHTEdXC23spSpC0pJNFZvbbFzeSkY0Kai2dnqEzMQqUGyuI6SPQW98t81uUZ9gGuG9QF zLfI41t5QJ/G2xWDl5bpNS3KGBzONZdBTJz5ePAvyhwNq61W8NoMK+oaf5kgo3mkyJQA E0ug== X-Gm-Message-State: ALoCoQkKJ3OyMqrTn5381dvLnEFVbux/umKvW89053uLYZHQg6/UaI8aFqVjv5bDdy/24RpCkt7K MIME-Version: 1.0 X-Received: by 10.140.217.79 with SMTP id n76mr9083790qhb.42.1443664422475; Wed, 30 Sep 2015 18:53:42 -0700 (PDT) Received: by 10.140.94.81 with HTTP; Wed, 30 Sep 2015 18:53:42 -0700 (PDT) In-Reply-To: References: <1442969477-11026-1-git-send-email-azhou@nicira.com> <1442969477-11026-7-git-send-email-azhou@nicira.com> Date: Wed, 30 Sep 2015 18:53:42 -0700 Message-ID: X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-E1-929117187 X-CudaMail-DTE: 093015 X-CudaMail-Originating-IP: 209.85.192.50 X-CudaMail-Envelope-Sender: azhou@nicira.com X-ASG-Orig-Subj: [##CM-E1-929117187##]Re: [ovs-dev] [PATCH 7/8] ovs-dev.py: add --user and -u option From: Andy Zhou To: Joe Stringer X-Barracuda-Connect: UNKNOWN[192.168.24.1] X-Barracuda-Start-Time: 1443664423 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Cc: "dev@openvswitch.org" Subject: Re: [ovs-dev] [PATCH 7/8] ovs-dev.py: add --user and -u option X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@openvswitch.org Sender: "dev" As discussed off-line, I decided to drop the "-u" option. Now the patch is simpler. index fab3813..04415f9 100755 On Wed, Sep 30, 2015 at 5:25 PM, Joe Stringer wrote: > On 22 September 2015 at 17:51, Andy Zhou wrote: >> ovs-dev.py "run" command now accepts the "--user" option for running >> all ovs daemons as "user". The argument can be specified in >> "user[:group]" format. >> >> '-u' is an short hand option that, if ovs-dev.py is launched as an >> non-root user, then current user and group will be used as if they >> are supplied by the --user option. >> >> "./ovs-dev.py run -u" can now launch ovsdb-server and ovs-vswitchd as >> current user and group. >> >> Signed-off-by: Andy Zhou > > I would have expected "-u" to be short-form for "--user", but they're > subtly different. I'd prefer to see this represented one way, either > the most common or the most flexible. If you really want to save > characters, you could always alias it :-) > > I think this should also simplify the user handling inside, and make > it more self-consistent. > >> --- >> utilities/ovs-dev.py | 36 +++++++++++++++++++++++++++++------- >> 1 file changed, 29 insertions(+), 7 deletions(-) >> >> diff --git a/utilities/ovs-dev.py b/utilities/ovs-dev.py >> index 68c9a42..1f9dbd7 100755 >> --- a/utilities/ovs-dev.py >> +++ b/utilities/ovs-dev.py >> @@ -55,9 +55,16 @@ def uname(): >> return _sh("uname", "-r", capture=True)[0].strip() >> >> >> -def sudo(): >> +def sudo(run_as_me): >> if os.geteuid() != 0: >> - _sh(" ".join(["sudo"] + sys.argv), check=True) >> + opt = [] >> + if (run_as_me): >> + user = subprocess.check_output(["id", "-un"]).strip() >> + group = subprocess.check_output(["id", "-gn"]).strip() >> + opt=["--user", user + ":" + group] >> + sys.argv.remove("-u") >> + >> + _sh(" ".join(["sudo"] + sys.argv + opt), check=True) >> sys.exit(0) > > So, if you're running as yourself, you sudo to yourself; if you're > running as a different user, you sudo to root, and if you're running > as root you also sudo to root? > > > >> @@ -231,6 +238,12 @@ def run(): >> >> opts = ["--pidfile", "--log-file"] >> >> + if (options.user == "") or (options.user == "root:root"): >> + _sh("chown", "root:root", "-R", RUNDIR) >> + else: >> + _sh("chown", options.user, "-R", RUNDIR); >> + opts = ["--user", options.user] + opts >> + > > So.. if you're running "as_me", then everything will be chowned root:root? Acked-by: Joe Stringer --- a/utilities/ovs-dev.py +++ b/utilities/ovs-dev.py @@ -232,6 +232,13 @@ def run(): opts = ["--pidfile", "--log-file"] + if (options.user == "") or (options.user == "root:root"): + _sh("chown", "root:root", "-R", RUNDIR) + sys.argv.remove("--user") + else: + _sh("chown", options.user, "-R", RUNDIR); + opts = ["--user", options.user] + opts + _sh(*(["ovsdb-server", "--remote=punix:%s/run/db.sock" % RUNDIR, "--remote=db:Open_vSwitch,Open_vSwitch,manager_options", @@ -316,7 +323,7 @@ Basic Configuration: # First install the basic requirements needed to build Open vSwitch. sudo apt-get install git build-essential libtool autoconf pkg-config \\ - libssl-dev gdb linux-headers-`uname -r` + libssl-dev gdb libcap-ng linux-headers-`uname -r` # Next clone the Open vSwitch source. git clone https://github.com/openvswitch/ovs.git %(ovs)s @@ -415,6 +422,8 @@ def main(): help="run ovs-vswitchd with dpdk subopts (ended by --)") group.add_option("--clang", dest="clang", action="store_true", help="Use binaries built by clang") + group.add_option("--user", dest="user", action="store", default="", + help="run all daemons as a non root user") parser.add_option_group(group)