Author: sevein
Date: Fri Jul 13 11:56:22 2012
New Revision: 11921
Log:
Do privilege dropping first using setuid/setgid. Using sudo was lame. Using
sudo twice so the redirect is included in the first sudo call was not a good
idea neither. Use upstart env capabilities.
Modified:
trunk/init/qubit-sword.conf
Modified: trunk/init/qubit-sword.conf
==============================================================================
--- trunk/init/qubit-sword.conf Fri Jul 13 11:03:16 2012 (r11920)
+++ trunk/init/qubit-sword.conf Fri Jul 13 11:56:22 2012 (r11921)
@@ -20,34 +20,36 @@
start on (started mysql)
stop on runlevel [016]
+console output
+
respawn
respawn limit 5 10
+env LOCATION=/var/www/ica-atom
+env LOGFILE=/tmp/qubit-sword.log
+
+setuid www-data
+setgid www-data
+
pre-start script
- LOCATION="/var/www/ica-atom"
-
- sudo rm -rf ${LOCATION}/cache/*
- sudo -u www-data php ${LOCATION}/symfony cc
+ # Fix for the cache issue in Qubit
+ rm -rf ${LOCATION}/cache/*
+ php ${LOCATION}/symfony cc
end script
script
- USER="www-data"
- LOCATION="/var/www/ica-atom"
- LOGFILE="/tmp/qubit-sword.log"
-
- # Running sudo twice permits the output redirection, fix this
- sudo sudo -u ${USER} php \
- -d memory_limit=-1 \
- -d error_reporting="E_ALL" \
- ${LOCATION}/symfony \
- gearman:worker \
- --config=sword \
- --application=qubit \
- --connection=propel \
- --timeout=-1 \
- --count=0 >> ${LOGFILE} 2>&1
+ php \
+ -d memory_limit=-1 \
+ -d error_reporting="E_ALL" \
+ ${LOCATION}/symfony \
+ gearman:worker \
+ --config=sword \
+ --application=qubit \
+ --connection=propel \
+ --timeout=-1 \
+ --count=0 >> ${LOGFILE} 2>&1
end script
--
You received this message because you are subscribed to the Google Groups
"Qubit Toolkit Commits" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/qubit-commits?hl=en.
