[prog] check if script parent process is "init"
John Clarke
johnc+linuxchix at kirriwa.net
Mon Apr 19 15:46:47 EST 2004
On Sat, Apr 17, 2004 at 11:10:01AM +0200, dominik schramm wrote:
> What struck me is that, although John's comments are very clear and
> logical,
Thanks :-)
> Because some daemons require a password on the startup command line,
> I wanted to ensure that the scripts used during init cannot be
> accidentally used like "/etc/init.d/mydaemon start".
Why? I'd be more concerned about a normal user being able to read or
execute the scripts. Admins should know what they're doing :-)
> If the administrator intentionally bypasses this safety check by using
> "/etc/rc3.d/S96mydaemon start" -- well, that's his/her decision.
Fair enough.
> The method I'm using to determine if the script is being run by init
> right now relies on the following check:
>
> # quiet, inverse matching
> if grep -q -v "^Ppid:[^0-9]*1$" /proc/$$/status
> then
> echo must be run by init
> exit 1
> fi
>
> > [...] In the SysVInit scripts, init runs /etc/rc.d/rc which in turn
> > runs the various startup scripts. [...]
> > /etc/rc.d/rc contains essentially this loop (cutting out all the
> > irrelevant stuff):
> >
> > # Now run the START scripts.
> > for i in /etc/rc$runlevel.d/S*; do
> > $i start
> > done
>
> Debian actually has this in this loop:
> startup $i start
It doesn't really matter -- the important thing is that the init
scripts are started from another shell script, so the PPID of the
startup scripts will *never* be 1. I use Redhat but as you've found,
Debian runs the startup scripts in a similar way.
> Unfortunately I don't have a SuSE system at home, but is it possible
> that SuSE *sources* the init script? Like this:
>
> for i in S*; do
> . $i start
> done
No idea, I've never seen a SuSE installation, but it's the only way I
can see that the PPID would be 1. I wouldn't rely on it though - if
SuSE change this in a future release your scripts will break.
> On the other hand, this would mean that init scripts can only be
> Bash scripts if rc itself is a Bash script (am I right?), which
Not true. Any program can run a shell script:
[johnc at dropbear ~/tmp]$ cat test.c
#include <unistd.h>
int main(int argc, char *argv[])
{
execl("./test.sh", "test.sh", "1", "2", "3", NULL);
return 0;
}
[johnc at dropbear ~/tmp]$ cat test.sh
#!/bin/bash
echo args=$*
echo ppid=$PPID
[johnc at dropbear ~/tmp]$ gcc -W -Wall -Wno-unused-parameter -o test test.c
[johnc at dropbear ~/tmp]$ ps
PID TTY TIME CMD
4469 pts/8 00:00:00 bash
13317 pts/8 00:00:00 ps
[johnc at dropbear ~/tmp]$ ./test
args=1 2 3
ppid=4469
> in Debian it isn't.
Yes it is, well, it is on the one Debian machine on which I have shell
access:
[jrc at zeus ~]$ cat /etc/issue
Debian GNU/\s 3.0 \n \l
[jrc at zeus ~]$ grep -w rc /etc/inittab
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
[jrc at zeus ~]$ file /etc/init.d/rc
/etc/init.d/rc: Bourne shell script text executable
> Could anyone using SuSE check?
Aren't you using SuSE?
Cheers,
John
--
> Kingdoms have subjects; democracies have citizens.
And democracies++ will have objects.
-- Anthony de Boer
More information about the Programming
mailing list