This is a web interface for adding users to LoKi. It gives the same
functionality as logging onto LoKi and running adduser user as root.
A daemon sets up - and listen to - a unix domain socket /var/lock/sas.sock.
The web interface sends all info through the socket to the daemon, which then
creates the user in sgdb and the linux system. A cron job checks every minute
that the daemon is running, and starts it if not.
If the daemon is killed, the socket file still exits - just delete it using rm -rf
/var/lock/sas.sock. The daemon automatically deletes the file on startup.
If you want to temporally disable the daemon, the easiest ting is to uncomment
exit 0 in adduser_daemon.sh
The daemon is written in lua using the Lua Event Machine and the luasql library.
dbconnect.inc.php and db_credentials.lua contains usernames and passwords
for connecting to the MySQL databases on Loki and Dragon and are thus
encrypted using git-crypt. They are encrypted using PGP and the
[email protected] public key.
To decrypt, the corresponding private key is needed. This key is already
installed on the root account on LoKi and Dragon. The only thing needed
after git clone on Dragon is
git-crypt unlockThe pass phrase is the same as the one for the root user account.
In short, logon to LoKi and do the following (remember that you need to give the full path, when making soft links.)
ssh user@loki
git clone [email protected]:Studentergaarden/adduser.git
# or maybe
git clone https://github.com/Studentergaarden/adduser.git
cd adduser
git-crypt unlock
ln -s /full/path/web/{validUser.php,jquery-1.11.2.min.js,createUser.php} /share/sites/sas.studentergaarden.dk/DocumentRoot/
ln -s /full/path/adduser_crontab /etc/cron.d/adduser_crontab
ln -s /full/path/adduser_daemon.sh /root/scripts/lua/adduser_daemon.shChange the log and script path respectively in adduser_crontab and adduser_daemon.sh
The unix domain socket can be tested with socat
#setup the socket
socat -v UNIX-LISTEN:/var/lock/sas.sock,user=www-data -
# listen to the socket in another terminal
socat -v READLINE UNIX-CONNECT:/var/lock/sas.sockThe web interface should now be able to communicate through the socket.
A process have an PID(Process ID), PPID(Parent Process ID), PGID(Process Group ID) and SID(Session ID). PPID is the id of the process that started the process in question. Sessions and process groups are just ways to treat a number of related processes as a unit. All the members of a process group always belong to the same session, but a session may have multiple process groups.
Normally, a shell will be a session leader, and every pipeline executed by that shell will be a process group. This is to make it easy to kill the children of a shell when it exits.
To view these IDs, use
ps xao pid,ppid,pgid,sid,comm | grep name
ps aux | grep nameSee the man for ps.
There are two ways to detach processes, nohub and disown.
disown removes the job from the shell’s job list(fg, bg, jobs cannot be used).
According to most pages I read, the following seems to true
Processes wont receive
sighup. However note that it still is connected to the terminal, so if the terminal is destroyed (which can happen if it was a pty, like those created by xterm or ssh, and the controlling program is terminated, by closing the xterm or terminating the SSH connection), the program will fail as soon as it tries to read from standard input or write from standard output.In order to avoid the process to die when the controlling program is closed, use
disown -h. This is the same as usingnohupinbash.zshdoes not have any arguments for the implementation ofdisown.
However I have not seen any difference between disown and disown -h. Neither
is the process SIGHUP’ed when the controlling program is closed.
./my-prog.sh
C-z
bg
disown # or disown %1
# or simply
./my-prog.sg &!nohup redirects standard output and standard error to the file nohup.out, so
the program won’t fail for writing to standard output if the terminal fails, and
whatever the process writes is not lost. It does not remove the process from the
shell’s job control and also does not put it in the background (but since a
foreground nohup job is more or less useless, you’d generally put it into the
background using &). For example, unlike with disown, the shell will still
tell you when the nohup job has completed (unless the shell is terminated
before, of course).
nohup ./my-prog.sh &To summerize nohup and disown both can be said to suppress SIGHUP, but in
different ways. nohup makes the program ignore the signal initially (the
program may change this). nohup also tries to arrange for the program not to
have a controlling terminal, so that it won’t be sent SIGHUP by the kernel when
the terminal is closed. disown is purely internal to the shell; it causes the
shell not to send SIGHUP when it terminates. When the parent shell died, and the
shell was the session leader in charge of the controlling tty, the process
does not have a tty anymore( shown as ? in the tty column in ps-output) .
Additionally the process gets init, with PID 1, as a new parent process.
reptyr is a utility for taking an existing running program and attaching it to a
new terminal. On debian Lenny reptyr-0.3-2 has to be used due to an old version
of glibc.
In case reptyr gives the following error:
$ reptyr 1851 Unable to attach to pid 1851: Operation not permitted The kernel denied permission while attaching. If your uid matches the target's, check the value of /proc/sys/kernel/yama/ptrace_scope. For more information, see /etc/sysctl.d/10-ptrace.conf
It means that the kernel is running in a lesser permissive mode when it comes to
attaching processes. Only attaching direct child processes are allowed to harden
the kernel. To get reptyr working /etc/sysctl.d/10-ptrace.conf to be
kernel.yama.ptrace_scope = 0Then reload the sysctl rule
sudo sysctl -p /etc/sysctl.d/10-ptrace.confhttps://blogs.oracle.com/ksplice/entry/disown_zombie_children_and_the http://askubuntu.com/questions/506510/what-is-the-difference-between-terminal-console-shell-and-command-line
Because of problems with lua, mySQL and UTF-8, all the database stuff is now done in php. The following info is not relevant anymore, but kept for reference.
Get the files from github, git clone https://github.com/keplerproject/luasql.git
Make sure mysql is uncommented as the driver in the config file and set the
location of lua.h
# Driver (leave uncommented ONLY the line with the name of the driver)
T= mysql
# Lua includes director
LUA_INC= /usr/src/lua/lem/lua/and then run make.
When you load a module with require, Lua uses the package paths to determine
where to look for the module.
package.path: Where Lua looks for .lua modules package.cpath: Where Lua looks for .so/.dll modules
You can check what the current paths are like with
print(package.path.."\n"..package.cpath)Add the mysql.so file (dynamic linked library) to the path
mkdir -p /usr/local/lib/lua/5.2/luasql/
cp src/mysql.so /usr/local/lib/lua/5.2/luasql/mysql.so