[ovs-dev] [Debian-non-root 3/4] ovs-ctl: add --no-run-as-root option

Andy Zhou azhou at nicira.com
Tue Oct 6 01:38:43 UTC 2015


Add option to ovs-ctl script to specify whether to start the daemons as
root user or ovs user.  The default is 'run-as-root', which preserve
the scripts' current behavior.

Signed-off-by: Andy Zhou <azhou at nicira.com>
---
 utilities/ovs-ctl.in | 12 ++++++++++--
 utilities/ovs-lib.in |  7 +++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
index c9d75df..1256324 100755
--- a/utilities/ovs-ctl.in
+++ b/utilities/ovs-ctl.in
@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-OVS_USER=root         # Default user.
-OVS_GROUP=root        # Default group.
+OVS_USER=ovs         # Default user.
+OVS_GROUP=ovs        # Default group.
 
 case $0 in
     */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
@@ -505,6 +505,7 @@ set_defaults () {
 
     DAEMON_CWD=/
     FORCE_COREFILES=yes
+    RUN_AS_ROOT=yes
     MLOCKALL=yes
     OVSDB_SERVER_PRIORITY=-10
     OVS_VSWITCHD_PRIORITY=-10
@@ -573,6 +574,7 @@ Less important options for "start", "restart" and "force-reload-kmod":
   --daemon-cwd=DIR               set working dir for OVS daemons (default: $DAEMON_CWD)
   --no-force-corefiles           do not force on core dumps for OVS daemons
   --no-mlockall                  do not lock all of ovs-vswitchd into memory
+  --no-run-as-root               run ovs daemons as the ovs user
   --ovsdb-server-priority=NICE   set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
   --ovs-vswitchd-priority=NICE   set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
 
@@ -685,6 +687,12 @@ do
             ;;
     esac
 done
+
+if test X"$RUN_AS_ROOT" = Xyes; then
+     OVS_USER=root
+     OVS_GROUP=root
+fi
+
 case $command in
     start)
         start_ovsdb || exit 1
diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in
index da52284..fcb9555 100644
--- a/utilities/ovs-lib.in
+++ b/utilities/ovs-lib.in
@@ -153,6 +153,11 @@ start_daemon () {
     set "$@" --pidfile="$rundir/$daemon.pid"
     set "$@" --detach --monitor
 
+    # non root user
+    if test X"$RUN_AS_ROOT" != Xyes; then
+        set "$@" --user="$OVS_USER":"$OVS_GROUP"
+    fi
+
     # wrapper
     case $wrapper in
         valgrind)
@@ -375,5 +380,7 @@ upgrade_db () {
             rm -f "$DB_FILE"
             create_db "$DB_FILE" "$DB_SCHEMA"
         fi
+
+        chown "$OVS_USER":"$OVS_GROUP" $DB_FILE
     fi
 }
-- 
1.9.1




More information about the dev mailing list