[prog] check if script parent process is "init"

[John Clarke]

On Sat, Apr 17, 2004 at 11:10:01AM +0200, dominik schramm wrote:

> What struck me is that, although John's comments are very clear and 
> logical, 

Thanks :-)

> Because some daemons require a password on the startup command line,
> I wanted to ensure that the scripts used during init cannot be 
> accidentally used like "/etc/init.d/mydaemon start".

Why?  I'd be more concerned about a normal user being able to read or
execute the scripts.  Admins should know what they're doing :-)

> If the administrator intentionally bypasses this safety check by using
> "/etc/rc3.d/S96mydaemon start" -- well, that's his/her decision.

Fair enough.

> The method I'm using to determine if the script is being run by init
> right now relies on the following check:
> 
> # quiet, inverse matching
> if grep -q -v "^Ppid:[^0-9]*1$" /proc/$$/status
> then
>         echo must be run by init
>         exit 1
> fi
> 
> > [...] In the SysVInit scripts, init runs /etc/rc.d/rc which in turn
> > runs the various startup scripts. [...] 
> > /etc/rc.d/rc contains essentially this loop (cutting out all the 
> > irrelevant stuff):
> > 
> >     # Now run the START scripts.
> >     for i in /etc/rc$runlevel.d/S*; do
> >         $i start
> >     done
> 
> Debian actually has this in this loop:
>    startup $i start

It doesn't really matter -- the important thing is that the init
scripts are started from another shell script, so the PPID of the
startup scripts will *never* be 1.  I use Redhat but as you've found,
Debian runs the startup scripts in a similar way.

> Unfortunately I don't have a SuSE system at home, but is it possible 
> that SuSE *sources* the init script? Like this:
> 
> for i in S*; do
>    . $i start
> done

No idea, I've never seen a SuSE installation, but it's the only way I
can see that the PPID would be 1.  I wouldn't rely on it though - if
SuSE change this in a future release your scripts will break.

> On the other hand, this would mean that init scripts can only be 
> Bash scripts if rc itself is a Bash script (am I right?), which

Not true.  Any program can run a shell script:

    [johnc at dropbear ~/tmp]$ cat test.c
    #include <unistd.h>

    int main(int argc, char *argv[])
    {
        execl("./test.sh", "test.sh", "1", "2", "3", NULL);
        return 0;
    }

    [johnc at dropbear ~/tmp]$ cat test.sh
    #!/bin/bash
    echo args=$*
    echo ppid=$PPID

    [johnc at dropbear ~/tmp]$ gcc -W -Wall -Wno-unused-parameter -o test test.c

    [johnc at dropbear ~/tmp]$ ps
      PID TTY          TIME CMD
     4469 pts/8    00:00:00 bash
    13317 pts/8    00:00:00 ps

    [johnc at dropbear ~/tmp]$ ./test
    args=1 2 3
    ppid=4469

> in Debian it isn't.

Yes it is, well, it is on the one Debian machine on which I have shell
access:

    [jrc at zeus ~]$ cat /etc/issue       
    Debian GNU/\s 3.0 \n \l
    [jrc at zeus ~]$ grep -w rc /etc/inittab 
    l0:0:wait:/etc/init.d/rc 0
    l1:1:wait:/etc/init.d/rc 1
    l2:2:wait:/etc/init.d/rc 2
    l3:3:wait:/etc/init.d/rc 3
    l4:4:wait:/etc/init.d/rc 4
    l5:5:wait:/etc/init.d/rc 5
    l6:6:wait:/etc/init.d/rc 6
    [jrc at zeus ~]$ file /etc/init.d/rc
    /etc/init.d/rc: Bourne shell script text executable

> Could anyone using SuSE check?

Aren't you using SuSE?


Cheers,

John
-- 
> Kingdoms have subjects; democracies have citizens.
And democracies++ will have objects.
            -- Anthony de Boer