add custom user for bin mode
This commit is contained in:
parent
a418873901
commit
fe43e03daf
|
@ -6,6 +6,7 @@
|
||||||
Schema:
|
Schema:
|
||||||
|
|
||||||
* `command` (required, string) - command to execute (will be executed in a shell)
|
* `command` (required, string) - command to execute (will be executed in a shell)
|
||||||
|
* `user` (optional, string) - custom user as process owner (only `bin` mode and only for linux), usually requires root privileges
|
||||||
* `interval` (optional, interval) - interval between attempts
|
* `interval` (optional, interval) - interval between attempts
|
||||||
* `timeout` (optional, interval) - maximum execution timeout (enabled only for bin mode and only if positive)
|
* `timeout` (optional, interval) - maximum execution timeout (enabled only for bin mode and only if positive)
|
||||||
* `graceful_timeout` (optional, interval) - maximum execution timeout after which SIGINT will be sent (enabled only for bin mode and only if positive).
|
* `graceful_timeout` (optional, interval) - maximum execution timeout after which SIGINT will be sent (enabled only for bin mode and only if positive).
|
||||||
|
|
|
@ -34,6 +34,7 @@ func (m *markerResponse) WriteHeader(statusCode int) {
|
||||||
}
|
}
|
||||||
|
|
||||||
type binHandler struct {
|
type binHandler struct {
|
||||||
|
user string
|
||||||
command string
|
command string
|
||||||
workDir string
|
workDir string
|
||||||
shell string
|
shell string
|
||||||
|
@ -70,8 +71,13 @@ func (bh *binHandler) ServeHTTP(writer http.ResponseWriter, request *http.Reques
|
||||||
cmd.Stdout = marker
|
cmd.Stdout = marker
|
||||||
cmd.Env = env
|
cmd.Env = env
|
||||||
internal.SetBinFlags(cmd)
|
internal.SetBinFlags(cmd)
|
||||||
|
err := setUser(cmd, bh.user)
|
||||||
err := bh.run(ctx, cmd)
|
if err != nil {
|
||||||
|
writer.Header().Set("X-Return-Code", strconv.Itoa(cmd.ProcessState.ExitCode()))
|
||||||
|
writer.WriteHeader(http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
err = bh.run(ctx, cmd)
|
||||||
|
|
||||||
if codeReset, ok := writer.(interface{ Status(status int) }); ok && err != nil {
|
if codeReset, ok := writer.(interface{ Status(status int) }); ok && err != nil {
|
||||||
codeReset.Status(http.StatusBadGateway)
|
codeReset.Status(http.StatusBadGateway)
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
//+build !linux
|
||||||
|
|
||||||
|
package server
|
||||||
|
|
||||||
|
import "os/exec"
|
||||||
|
|
||||||
|
func setUser(cmd *exec.Cmd, user string) error {
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -0,0 +1,35 @@
|
||||||
|
package server
|
||||||
|
|
||||||
|
import (
|
||||||
|
"os/exec"
|
||||||
|
"os/user"
|
||||||
|
"strconv"
|
||||||
|
"syscall"
|
||||||
|
)
|
||||||
|
|
||||||
|
func setUser(cmd *exec.Cmd, userName string) error {
|
||||||
|
if userName == "" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
info, err := user.Lookup(userName)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
uid, err := strconv.Atoi(info.Uid)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
gid, err := strconv.Atoi(info.Gid)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if cmd.SysProcAttr == nil {
|
||||||
|
cmd.SysProcAttr = &syscall.SysProcAttr{}
|
||||||
|
}
|
||||||
|
cmd.SysProcAttr.Credential = &syscall.Credential{
|
||||||
|
Uid: uint32(uid),
|
||||||
|
Gid: uint32(gid),
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -34,6 +34,7 @@ type Unit struct {
|
||||||
Mode string `yaml:"mode,omitempty"` // execution mode: bin, cgi or proxy
|
Mode string `yaml:"mode,omitempty"` // execution mode: bin, cgi or proxy
|
||||||
WorkDir string `yaml:"workdir,omitempty"` // working directory for the worker. if empty - temporary one will generated automatically
|
WorkDir string `yaml:"workdir,omitempty"` // working directory for the worker. if empty - temporary one will generated automatically
|
||||||
Command string `yaml:"command"` // command in a shell to execute
|
Command string `yaml:"command"` // command in a shell to execute
|
||||||
|
User string `yaml:"user,omitempty"` // user name as process owner (only for bin mode)
|
||||||
Timeout time.Duration `yaml:"timeout,omitempty"` // maximum execution timeout (enabled only for bin mode and only if positive)
|
Timeout time.Duration `yaml:"timeout,omitempty"` // maximum execution timeout (enabled only for bin mode and only if positive)
|
||||||
GracefulTimeout time.Duration `yaml:"graceful_timeout,omitempty"` // maximum execution timeout after which SIGINT will be sent (enabled only for bin mode and only if positive)
|
GracefulTimeout time.Duration `yaml:"graceful_timeout,omitempty"` // maximum execution timeout after which SIGINT will be sent (enabled only for bin mode and only if positive)
|
||||||
Shell string `yaml:"shell,omitempty"` // shell to execute command in bin mode (default - /bin/sh)
|
Shell string `yaml:"shell,omitempty"` // shell to execute command in bin mode (default - /bin/sh)
|
||||||
|
@ -258,6 +259,7 @@ func (cfg Unit) createRunner() (http.Handler, error) {
|
||||||
switch cfg.Mode {
|
switch cfg.Mode {
|
||||||
case "bin":
|
case "bin":
|
||||||
return &binHandler{
|
return &binHandler{
|
||||||
|
user: cfg.User,
|
||||||
command: cfg.Command,
|
command: cfg.Command,
|
||||||
workDir: cfg.WorkDir,
|
workDir: cfg.WorkDir,
|
||||||
shell: cfg.Shell,
|
shell: cfg.Shell,
|
||||||
|
|
Loading…
Reference in New Issue