[ovs-dev] [Debian-non-root v2 3/4] ovs-ctl: add --no-run-as-root option

Andy Zhou azhou at nicira.com
Sat Oct 10 00:13:23 UTC 2015


Add option to ovs-ctl script to specify whether to start the daemons as
root user or ovs user.  The default is 'run-as-root', which preserves
the script's current behavior.

Signed-off-by: Andy Zhou <azhou at nicira.com>
---
 utilities/ovs-ctl.in | 13 +++++++++++--
 utilities/ovs-lib.in |  9 ++++++++-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
index c9d75df..191631c 100755
--- a/utilities/ovs-ctl.in
+++ b/utilities/ovs-ctl.in
@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-OVS_USER=root         # Default user.
-OVS_GROUP=root        # Default group.
+OVS_USER=ovs         # Default user.
+OVS_GROUP=$OVS_USER  # Default group.
 
 case $0 in
     */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
@@ -101,6 +101,7 @@ set_system_ids () {
             else
                 log_failure_msg "missing uuidgen, could not generate system ID"
             fi
+            chown "$OVS_USER":"$OVS_GROUP" $id_file
             ;;
 
         '')
@@ -505,6 +506,7 @@ set_defaults () {
 
     DAEMON_CWD=/
     FORCE_COREFILES=yes
+    RUN_AS_ROOT=yes
     MLOCKALL=yes
     OVSDB_SERVER_PRIORITY=-10
     OVS_VSWITCHD_PRIORITY=-10
@@ -573,6 +575,7 @@ Less important options for "start", "restart" and "force-reload-kmod":
   --daemon-cwd=DIR               set working dir for OVS daemons (default: $DAEMON_CWD)
   --no-force-corefiles           do not force on core dumps for OVS daemons
   --no-mlockall                  do not lock all of ovs-vswitchd into memory
+  --no-run-as-root               run ovs daemons as the OVS user
   --ovsdb-server-priority=NICE   set ovsdb-server's niceness (default: $OVSDB_SERVER_PRIORITY)
   --ovs-vswitchd-priority=NICE   set ovs-vswitchd's niceness (default: $OVS_VSWITCHD_PRIORITY)
 
@@ -685,6 +688,12 @@ do
             ;;
     esac
 done
+
+if test X"$RUN_AS_ROOT" = Xyes; then
+     OVS_USER=root
+     OVS_GROUP=root
+fi
+
 case $command in
     start)
         start_ovsdb || exit 1
diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in
index da52284..2045a16 100644
--- a/utilities/ovs-lib.in
+++ b/utilities/ovs-lib.in
@@ -149,10 +149,15 @@ start_daemon () {
     set "$@" --log-file="$logdir/$daemon.log"
 
     # pidfile and monitoring
-    test -d "$rundir" || install -d -m 755 -o "$OVS_USER" -g "OVS_GROUP" "$rundir"
+    test -d "$rundir" || install -d -m 770 -o "$OVS_USER" -g "$OVS_GROUP" "$rundir"
     set "$@" --pidfile="$rundir/$daemon.pid"
     set "$@" --detach --monitor
 
+    # non root user
+    if test X"$RUN_AS_ROOT" != Xyes; then
+        set "$@" --user="$OVS_USER":"$OVS_GROUP"
+    fi
+
     # wrapper
     case $wrapper in
         valgrind)
@@ -376,4 +381,6 @@ upgrade_db () {
             create_db "$DB_FILE" "$DB_SCHEMA"
         fi
     fi
+
+    chown -R "$OVS_USER":"$OVS_GROUP" `dirname $DB_FILE`
 }
-- 
1.9.1




More information about the dev mailing list