2010-11-19 Ramon Novoa <rnovoa@artica.es>

* pandora_agent, AIX/pandora_agent.conf, pandora_agent_daemon, Linux/pandora_agent.conf, HP-UX/pandora_agent.conf, NT4/pandora_agent.conf, SunOS/pandora_agent.conf, FreeBSD/pandora_agent.conf: Added a new configuration option that lets the agent run as a different user by changing the process' EUID. * pandora_agent_installer: Several fixes. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3609 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2010-11-19 14:18:34 +00:00 · 2010-11-19 14:18:34 +00:00 · e039d58020
parent 321b6d27b1
commit e039d58020
10 changed files with 118 additions and 81 deletions
--- a/pandora_agents/unix/AIX/pandora_agent.conf
+++ b/pandora_agents/unix/AIX/pandora_agent.conf
@ -82,6 +82,9 @@ transfer_mode tentacle
 # If set to 1 allows the agent to be configured via the web console (Only Enterprise version) 
 # remote_config 1

+# User the agent will run as
+#pandora_user root
+
 # Secondary server configuration
 # ==============================

--- a/pandora_agents/unix/ChangeLog
+++ b/pandora_agents/unix/ChangeLog
@ -1,3 +1,14 @@
+2010-11-19  Ramon Novoa  <rnovoa@artica.es>
+
+	* pandora_agent, AIX/pandora_agent.conf,
+	  pandora_agent_daemon, Linux/pandora_agent.conf,
+	  HP-UX/pandora_agent.conf, NT4/pandora_agent.conf,
+	  SunOS/pandora_agent.conf, FreeBSD/pandora_agent.conf: Added a new
+	  configuration option that lets the agent run as a different user
+	  by changing the process' EUID.
+
+	* pandora_agent_installer: Several fixes.
+
 2010-11-15  Raúl Mateos  <raulofpandora@gmail.com>

 	* pandora_agent*, pandora_exec, plugins/pandora_update: Small changes:
--- a/pandora_agents/unix/FreeBSD/pandora_agent.conf
+++ b/pandora_agents/unix/FreeBSD/pandora_agent.conf
@ -88,6 +88,9 @@ transfer_mode tentacle
 # If set to 1 allows the agent to be configured via the web console (Only Enterprise version) 
 # remote_config 1

+# User the agent will run as
+#pandora_user root
+
 # Secondary server configuration
 # ==============================

--- a/pandora_agents/unix/HP-UX/pandora_agent.conf
+++ b/pandora_agents/unix/HP-UX/pandora_agent.conf
@ -82,6 +82,9 @@ transfer_mode tentacle
 # If set to 1 allows the agent to be configured via the web console (Only Enterprise version) 
 # remote_config 1

+# User the agent will run as
+#pandora_user root
+
 # Secondary server configuration
 # ==============================

--- a/pandora_agents/unix/Linux/pandora_agent.conf
+++ b/pandora_agents/unix/Linux/pandora_agent.conf
@ -100,6 +100,9 @@ transfer_mode tentacle
 # Number of threads to execute modules in parallel
 #agent_threads 1

+# User the agent will run as
+pandora_user ramon
+
 # Secondary server configuration
 # ==============================

--- a/pandora_agents/unix/NT4/pandora_agent.conf
+++ b/pandora_agents/unix/NT4/pandora_agent.conf
@ -100,6 +100,9 @@ remote_config 1
 # Number of threads to execute modules in parallel
 #agent_threads 1

+# User the agent will run as
+#pandora_user root
+
 # Secondary server configuration
 # ==============================

--- a/pandora_agents/unix/SunOS/pandora_agent.conf
+++ b/pandora_agents/unix/SunOS/pandora_agent.conf
@ -82,6 +82,9 @@ transfer_mode tentacle
 # If set to 1 allows the agent to be configured via the web console (Only Enterprise version) 
 # remote_config 1

+# User the agent will run as
+#pandora_user root
+
 # Secondary server configuration
 # ==============================

--- a/pandora_agents/unix/pandora_agent
+++ b/pandora_agents/unix/pandora_agent
@ -1293,6 +1293,20 @@ print_usage unless ($#ARGV == 0);
 $ConfDir = fix_directory ($ARGV[0]);
 error ("Directory '$ConfDir' does not exist.") unless (-d "$ConfDir");

+# Get user to run as
+my $pandora_user = read_config ('pandora_user');
+if (defined ($pandora_user)) {
+	# Change the EUID
+	my $pandora_user_uid = getpwnam ($pandora_user);
+	if (!defined ($pandora_user_uid)) {
+		error ("Cannot get uid for user $pandora_user. Does the user exist and can we read /etc/passwd?");
+	}
+	$> = $pandora_user_uid;
+	if ($> != $pandora_user_uid) {
+		error ("Cannot run as $pandora_user: Insufficient permissions.");
+	}
+}
+
 # Guess the OS version
 $OS_VERSION = guess_os_version ($OS);

@ -1301,6 +1315,7 @@ md5_init ();

 # Start logging
 start_log ();
+log_message ('log', 'Running as user ' . getpwuid ($>));

 # Read configuration file
 read_config ();
--- a/pandora_agents/unix/pandora_agent_daemon
+++ b/pandora_agents/unix/pandora_agent_daemon
@ -22,7 +22,6 @@

 PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
 PANDORA_PATH=/etc/pandora
-PANDORA_USER=root
 DAEMON=/usr/bin/pandora_agent
 LOGFILE=/var/log/pandora/pandora_agent.log

@ -73,12 +72,7 @@ case "$1" in
 			echo "Cannot launch again. Aborting."
 			exit 1
 		fi
-		if [ "$PANDORA_USER" = "root" ]
-		then
-			nohup $DAEMON $PANDORA_PATH 2> $LOGFILE & 
-		else
-			sudo -u $PANDORA_USER $DAEMON $PANDORA_PATH >/dev/null 2> $LOGFILE & 
-		fi
+		nohup $DAEMON $PANDORA_PATH 2> $LOGFILE & 
 		rm nohup.out 2> /dev/null
 		sleep 2
 		PANDORA_PID=`pidof_pandora`
--- a/pandora_agents/unix/pandora_agent_installer
+++ b/pandora_agents/unix/pandora_agent_installer
@ -26,7 +26,7 @@ TENTACLE=/usr/bin/tentacle_client
 PANDORA_MAN=/usr/share/man

 MODE=$1
-PANDORA_BASE=$2
+PANDORA_BASE=`echo $2 | sed -e 's/\/$//'`
 PANDORA_USER=$3

 # Check for Perl 5.6.x or higher available
@ -170,20 +170,76 @@ install () {
 		echo "Checking Pandora FMS Agent on $PANDORA_BASE$PANDORA_BIN...."
 	fi

-	echo "Creating Pandora FMS Agent home directory at $PANDORA_BASE$PANDORA_HOME"
-	if [ ! -z "$PANDORA_BASE" ]
+    # Alter dynamically the daemon launcher and setup the new path 
+    # if PANDORA_BASE is customized.
+
+    if [ ! -z "$PANDORA_BASE" ]
+    then
+	if [ "$OS_NAME" = "FreeBSD" ]
 	then
-		mkdir -p $PANDORA_BASE 2> /dev/null
-		mkdir -p $PANDORA_BASE/var/log 2> /dev/null
-		mkdir -p $PANDORA_BASE/$PANDORA_MAN/man1 2> /dev/null
-		if [ "$OS_NAME" = "FreeBSD" ]
-		then
-			mkdir -p $PANDORA_BASE/usr/local/bin 2> /dev/null
-		else
-			mkdir -p $PANDORA_BASE/usr/bin 2> /dev/null
-		fi
+	    DAEMON_SCRIPT=FreeBSD/pandora_agent
+            DAEMON_TEMP=pandora_agent_daemon_temp
+	else
+            DAEMON_SCRIPT=pandora_agent_daemon
+            DAEMON_TEMP=pandora_agent_daemon_temp
 	fi
        
+        AGENT_CFG=$OS_NAME/pandora_agent.conf
+        AGENT_CFG_TEMP=$OS_NAME/pandora_agent.conf.temp
+
+        echo $PANDORA_BASE > PANDORA_BASE.temp
+        sed 's/\//\\\//g' PANDORA_BASE.temp > PANDORA_BASE.temp2
+
+        PANDORA_BASE_DECODED=`cat PANDORA_BASE.temp2`
+        rm PANDORA_BASE.temp PANDORA_BASE.temp2
+
+	if [ "$OS_NAME" = "FreeBSD" ]
+	then
+	    sed -e "s/^PATH\=[.]*/PATH\=$PANDORA_BASE_DECODED\/usr\/local\/bin\:/g" $DAEMON_SCRIPT > $DAEMON_TEMP
+	    mv $DAEMON_TEMP $DAEMON_SCRIPT
+
+	    sed -e "s/^command\=[.]*/command\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
+	    mv $DAEMON_TEMP $DAEMON_SCRIPT
+
+	    sed -e 's/^command_args\=\"[.]*/command_args\=\"$PANDORA_BASE_DECODED/g' $DAEMON_SCRIPT > $DAEMON_TEMP
+	    mv $DAEMON_TEMP $DAEMON_SCRIPT
+
+	    sed -e 's/^required_files\=\"[.]*/required_files\=\"$PANDORA_BASE_DECODED/g' $DAEMON_SCRIPT > $DAEMON_TEMP
+	    mv $DAEMON_TEMP $DAEMON_SCRIPT
+	else
+            sed -e "s/^PATH\=[.]*/PATH\=$PANDORA_BASE_DECODED\/usr\/bin\:/g" $DAEMON_SCRIPT > $DAEMON_TEMP
+            mv  $DAEMON_TEMP $DAEMON_SCRIPT
+
+            sed -e "s/^PANDORA_PATH\=[.]*/PANDORA_PATH\=$PANDORA_BASE_DECODED/g"  $DAEMON_SCRIPT > $DAEMON_TEMP
+            mv  $DAEMON_TEMP $DAEMON_SCRIPT
+
+            sed -e "s/^LOGFILE\=[.]*/LOGFILE\=$PANDORA_BASE_DECODED/g"  $DAEMON_SCRIPT > $DAEMON_TEMP
+            mv  $DAEMON_TEMP $DAEMON_SCRIPT
+
+            sed -e "s/^DAEMON\=[.]*/DAEMON\=$PANDORA_BASE_DECODED/g"  $DAEMON_SCRIPT > $DAEMON_TEMP
+            mv  $DAEMON_TEMP $DAEMON_SCRIPT
+	fi
+
+        sed -e "s/^temporal [.]*/temporal $PANDORA_BASE_DECODED/g" $AGENT_CFG > $AGENT_CFG_TEMP
+        mv $AGENT_CFG_TEMP $AGENT_CFG
+
+        sed -e "s/^logfile [.]*/logfile $PANDORA_BASE_DECODED/g" $AGENT_CFG > $AGENT_CFG_TEMP
+        mv $AGENT_CFG_TEMP $AGENT_CFG
+    fi
+    echo "Creating Pandora FMS Agent home directory at $PANDORA_BASE$PANDORA_HOME"
+    if [ ! -z "$PANDORA_BASE" ]
+    then
+	mkdir -p $PANDORA_BASE 2> /dev/null
+	mkdir -p $PANDORA_BASE/var/log 2> /dev/null
+	mkdir -p $PANDORA_BASE/$PANDORA_MAN/man1 2> /dev/null
+	if [ "$OS_NAME" = "FreeBSD" ]
+	then
+            mkdir -p $PANDORA_BASE/usr/local/bin 2> /dev/null
+	else
+            mkdir -p $PANDORA_BASE/usr/bin 2> /dev/null
+	fi
+    fi
+
 	mkdir -p $PANDORA_BASE$PANDORA_HOME 2> /dev/null

 	# Create directories based on PANDORA_BASE 
@ -196,10 +252,10 @@ install () {
 	# Set the user the agent will run as
 	if [ "$PANDORA_USER" != "" ]
 	then
-		sed -e "s/^\s*PANDORA_USER=.*/PANDORA_USER=$PANDORA_USER/" pandora_agent_daemon > pandora_agent_daemon.tmp 	2> /dev/null && \
-		mv pandora_agent_daemon.tmp pandora_agent_daemon
-		rm -f pandora_agent_daemon.tmp 2> /dev/null
+		sed -e "s/.*pandora_user .*/pandora_user $PANDORA_USER/" $AGENT_CFG > $AGENT_CFG_TEMP 2> /dev/null && \
+		mv $AGENT_CFG_TEMP $AGENT_CFG
 		chmod 755 pandora_agent_daemon
+		chown -R $PANDORA_USER $PANDORA_BASE
 	else
 		PANDORA_USER="root"
 	fi
@ -269,64 +325,7 @@ install () {
 		chown root:root $PANDORA_BASE$PANDORA_LOG_DIR/$PANDORA_LOG
 	fi

-	# Alter dynamically the daemon launcher and setup the new path 
-	# if PANDORA_BASE is customized.
-
-	if [ ! -z "$PANDORA_BASE" ]
-	then
-		if [ "$OS_NAME" = "FreeBSD" ]
-		then
-			DAEMON_SCRIPT=FreeBSD/pandora_agent
-			DAEMON_TEMP=pandora_agent_daemon_temp
-		else
-			DAEMON_SCRIPT=pandora_agent_daemon
-			DAEMON_TEMP=pandora_agent_daemon_temp
-		fi
-
-		AGENT_CFG=$OS_NAME/pandora_agent.conf
-		AGENT_CFG_TEMP=$OS_NAME/pandora_agent.conf.temp
-
-		echo $PANDORA_BASE > PANDORA_BASE.temp
-		sed 's/\//\\\//g' PANDORA_BASE.temp > PANDORA_BASE.temp2
-
-		PANDORA_BASE_DECODED=`cat PANDORA_BASE.temp2`
-		rm PANDORA_BASE.temp PANDORA_BASE.temp2
-
-		if [ "$OS_NAME" = "FreeBSD" ]
-		then
-			sed -e "s/^PATH\=[.]*/PATH\=$PANDORA_BASE_DECODED\/usr\/local\/bin\:/g" $DAEMON_SCRIPT > $DAEMON_TEMP
-			mv $DAEMON_TEMP $DAEMON_SCRIPT
-
-			sed -e "s/^command\=[.]*/command\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
-			mv $DAEMON_TEMP $DAEMON_SCRIPT
-
-			sed -e 's/^command_args\=\"[.]*/command_args\=\"$PANDORA_BASE_DECODED/g' $DAEMON_SCRIPT > $DAEMON_TEMP
-			mv $DAEMON_TEMP $DAEMON_SCRIPT
-
-			sed -e 's/^required_files\=\"[.]*/required_files\=\"$PANDORA_BASE_DECODED/g' $DAEMON_SCRIPT > $DAEMON_TEMP
-			mv $DAEMON_TEMP $DAEMON_SCRIPT
-		else
-			sed -e "s/^PATH\=[.]*/PATH\=$PANDORA_BASE_DECODED\/usr\/bin\:/g" $DAEMON_SCRIPT > $DAEMON_TEMP
-			mv $DAEMON_TEMP $DAEMON_SCRIPT
-
-			sed -e "s/^PANDORA_PATH\=[.]*/PANDORA_PATH\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
-			mv $DAEMON_TEMP $DAEMON_SCRIPT
-
-			sed -e "s/^LOGFILE\=[.]*/LOGFILE\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
-			mv $DAEMON_TEMP $DAEMON_SCRIPT
-
-			sed -e "s/^DAEMON\=[.]*/DAEMON\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
-			mv $DAEMON_TEMP $DAEMON_SCRIPT
-		fi
-
-		sed -e "s/^temporal [.]*/temporal $PANDORA_BASE_DECODED/g" $AGENT_CFG > $AGENT_CFG_TEMP
-		mv $AGENT_CFG_TEMP $AGENT_CFG
-
-		sed -e "s/^logfile [.]*/logfile $PANDORA_BASE_DECODED/g" $AGENT_CFG > $AGENT_CFG_TEMP
-		mv $AGENT_CFG_TEMP $AGENT_CFG
-	fi
-
-	echo "Copying default agent configuration to $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf"
+    echo "Copying default agent configuration to $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf"

 	cp $OS_NAME/pandora_agent.conf $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf
 	chmod 600 $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf