Subject: /var/run/c-icap ownership gets reset to default user:group on reboot
Package: c-icap
Version: 1:0.1.6-1.1
Severity: normal
Tags: patch
I'm using custom user:group settings in c-icap.conf (see below). I then need
to adjust ownership of /var/run/c-icap and /var/log/c-icap accordingly, however,
as content of /var/run/ gets cleared on/after reboot, the ownership of
/var/run/c-icap gets reset to c-icap:root by c-icap init script (check_ctl_dir()
func doing that, as /var/run/c-icap/ dir no longer exists). As a result, c-icap
server doesn't start (until the ownership is re-adjusted, that is).
Attaching a patch fixing the issue (largely inspired by similar code in clamav
init script, slurping c-icap config file and using 'User' and 'Group' variables)
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages c-icap depends on:
ii adduser 3.113 add and remove users and groups
ii libc6 2.13-24 Embedded GNU C Library: Shared lib
ii libdb5.1 5.1.25-11 Berkeley v5.1 Database Libraries [
ii libicapapi0 1:0.1.6-1.1 ICAP API library
ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip
c-icap recommends no packages.
Versions of packages c-icap suggests:
ii libc-icap-mod-squidclamav 6.4-1 ICAP Antivirus Service for c-icap
pn libc-icap-mod-urlcheck <none> (no description available)
ii squid3 3.1.19-1+b1 Full featured Web Proxy cache (HTT
-- Configuration Files:
/etc/c-icap/c-icap.conf changed:
PidFile /var/run/c-icap/c-icap.pid
CommandsSocket /var/run/c-icap/c-icap.ctl
Timeout 300
MaxKeepAliveRequests 100
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads 10
MaxSpareThreads 20
ThreadsPerChild 10
MaxRequestsPerChild 0
Port 1344
User proxy
Group proxy
ServerAdmin [email protected]
ServerName YourServerName
TmpDir /tmp
MaxMemObject 131072
DebugLevel 1
ModulesDir /usr/lib/c_icap
ServicesDir /usr/lib/c_icap
TemplateDir /usr/share/c_icap/templates/
TemplateDefaultLanguage en
LoadMagicFile /etc/c-icap/c-icap.magic
RemoteProxyUsers off
RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeaderEncoded on
ServerLog /var/log/c-icap/server.log
AccessLog /var/log/c-icap/access.log
Service squidclamav squidclamav.so
Service echo srv_echo.so
/etc/default/c-icap changed:
START=yes
DAEMON_OPTS=""
-- no debconf information
--
Katarina Machalkova
Software Engineer
gateprotect AG Germany
________________________________
Valentinskamp 24 | D-20354 Hamburg / Germany | Phone +49 (0) 40 278 85 0 |
Fax +49 (0) 40 278 85 100
Internet www.gateprotect.com | Com. register ID HRB 89042 Hamburg
Board of directors: Dr. Peter Smeets (CEO), Dr. Reinhard Festag (CFO),
Stephan Ziegler (CTO)
Supervisory board: Dr. Rainer Zimmermann (Chairman)
--- c-icap.init.d.old 2012-06-06 15:10:59.618125287 +0200
+++ c-icap.init.d 2012-06-06 15:08:59.151384908 +0200
@@ -20,6 +20,7 @@
test -x $DAEMON || exit 0
LOGDIR=/var/log/c-icap
+CONFFILE=/etc/c-icap/c-icap.conf
PIDFILE=/var/run/c-icap/$NAME.pid
DODTIME=3 # Time to wait for the server to die, in seconds
# If this value is set too low you might not
@@ -32,15 +33,36 @@
. /etc/default/c-icap
fi
+slurp_config()
+{
+ CONFFILE="$1"
+
+ if [ -e "$CONFFILE" ]; then
+ for variable in `egrep -v '^[[:space:]]*(#|$)' "$CONFFILE" | awk '{print $1}'`; do
+ value=`grep ^$variable $CONFFILE | head -n1 | awk '{print $2}'`
+
+ if [ -n "$value" ]; then
+ export "$variable"="$value"
+ fi
+ done
+ fi
+
+}
+
check_ctl_dir() {
# Create the ctl empty dir if necessary
if [ ! -d /var/run/c-icap ]; then
+ [ -n "$User"] || User=c-icap
+ [ -n "$Group"] || Group=nogroup
+
mkdir /var/run/c-icap
- chown c-icap /var/run/c-icap
+ chown "$User":"$Group" /var/run/c-icap
chmod 0755 /var/run/c-icap
fi
}
+slurp_config "$CONFFILE"
+
# If the daemon is not enabled, give the user a warning and stop.
# Check to create /var/run directory if someone wants to run c-icap
# in debug mode / foreground to test some functions without start it from init.d
