[ovs-dev] [Debian-non-root 3/4] ovs-ctl: add --no-run-as-root option
Andy Zhou
azhou at nicira.com
Tue Oct 6 01:38:43 UTC 2015
Add option to ovs-ctl script to specify whether to start the daemons as
root user or ovs user. The default is 'run-as-root', which preserve
the scripts' current behavior.
Signed-off-by: Andy Zhou <azhou at nicira.com>
---
utilities/ovs-ctl.in | 12 ++++++++++--
utilities/ovs-lib.in | 7 +++++++
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
index c9d75df..1256324 100755
--- a/utilities/ovs-ctl.in
+++ b/utilities/ovs-ctl.in
@@ -13,8 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-OVS_USER=root # Default user.
-OVS_GROUP=root # Default group.
+OVS_USER=ovs # Default user.
+OVS_GROUP=ovs # Default group.
case $0 in
*/*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
@@ -505,6 +505,7 @@ set_defaults () {
DAEMON_CWD=/
FORCE_COREFILES=yes
+ RUN_AS_ROOT=yes
MLOCKALL=yes
OVSDB_SERVER_PRIORITY=-10
OVS_VSWITCHD_PRIORITY=-10
@@ -573,6 +574,7 @@ Less important options for "start", "restart" and "force-reload-kmod":
--daemon-cwd=DIR set working dir for OVS daemons (default: $DAEMON_CWD)
--no-force-corefiles do not force on core dumps for OVS daemons
--no-mlockall do not lock all of ovs-vswitchd into memory
+ --no-run-as-root run ovs daemons as the ovs user
--ovsdb-server-priority=NICE set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
--ovs-vswitchd-priority=NICE set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
@@ -685,6 +687,12 @@ do
;;
esac
done
+
+if test X"$RUN_AS_ROOT" = Xyes; then
+ OVS_USER=root
+ OVS_GROUP=root
+fi
+
case $command in
start)
start_ovsdb || exit 1
diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in
index da52284..fcb9555 100644
--- a/utilities/ovs-lib.in
+++ b/utilities/ovs-lib.in
@@ -153,6 +153,11 @@ start_daemon () {
set "$@" --pidfile="$rundir/$daemon.pid"
set "$@" --detach --monitor
+ # non root user
+ if test X"$RUN_AS_ROOT" != Xyes; then
+ set "$@" --user="$OVS_USER":"$OVS_GROUP"
+ fi
+
# wrapper
case $wrapper in
valgrind)
@@ -375,5 +380,7 @@ upgrade_db () {
rm -f "$DB_FILE"
create_db "$DB_FILE" "$DB_SCHEMA"
fi
+
+ chown "$OVS_USER":"$OVS_GROUP" $DB_FILE
fi
}
--
1.9.1
More information about the dev
mailing list