coren has uploaded a new change for review.
https://gerrit.wikimedia.org/r/188817
Change subject: Labs: User guard manage-nfs-volumes-deamon
......................................................................
Labs: User guard manage-nfs-volumes-deamon
Make certain it can be run only as the unprivileged nfsmanager
user to avoid its output files being unwritable (and thus breaking
future runs).
Bug: T88579
Change-Id: I00d71722eca8e1d37fbed7b9ec4bf46f5c6856a6
---
M modules/ldap/files/scripts/manage-nfs-volumes-daemon
1 file changed, 4 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/17/188817/1
diff --git a/modules/ldap/files/scripts/manage-nfs-volumes-daemon
b/modules/ldap/files/scripts/manage-nfs-volumes-daemon
index 2db30df..abbfe67 100755
--- a/modules/ldap/files/scripts/manage-nfs-volumes-daemon
+++ b/modules/ldap/files/scripts/manage-nfs-volumes-daemon
@@ -9,6 +9,7 @@
import ldapsupportlib
from optparse import OptionParser
import os
+import pwd
import socket
import subprocess
import sys
@@ -341,6 +342,9 @@
def main():
+ if pwd.getpwuid(os.getuid())[0] != 'nfsmanager':
+ sys.stderr.write("This daemon should only be run as the 'nfsmanager'
user.\n")
+ sys.exit(1)
volume_manager = VolumeManager()
volume_manager.run()
--
To view, visit https://gerrit.wikimedia.org/r/188817
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I00d71722eca8e1d37fbed7b9ec4bf46f5c6856a6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: coren <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
