Hobbit startup script. 🔗 link

Hi,

 
I understand that hobbit needs to run as the hobbit user, but it is a bit
annoying to have the hobbit startup script require the hobbit user to run
it.

 
When I want to run it automagically out of /etc/init.d I have to change the
script to not check for hobbit and then do an su to the hobbit user thus:

 
su -c "/home/xymon/server/bin/hobbitlaunch
--config=/home/xymon/server/etc/hobbitlaunch.cfg
--env=/home/xymon/server/etc/hob

bitserver.cfg --log=/var/log/xymon/hobbitlaunch.log
--pidfile=/var/log/xymon/hobbitlaunch.pid"

 
why is it done this way rather than as above, thus allowing the server to
start out of init.d?

On Friday 05 June 2009 12:09:00 David Peters wrote:

I don't quite understand the second part of your statement above ...

Which script are you referring to here? The "runclient.sh" script ?

Have you looked at (e.g.) rpm/hobbit-init.d and debian/hobbit.init in the 
source distribution ? They basically run 'su - hobbit runclient.sh ...', and 
are suitable for use from /etc/init.d

Of course, the next question I have is, what Unix or Linux distribution are 
you on, and why didn't you install from packages (which would have avoided you 
worrying about this in the first place).

Regards,
Buchan

I am running on Solaris, and I am testing 4.3.0 which is why I am not using
rpm's etc.

-----Original Message-----
From: Buchan Milne [mailto:user-9b139aff4dec@xymon.invalid] 
Sent: Friday, 5 June 2009 8:30 PM
To: user-ae9b8668bcde@xymon.invalid
Cc: David Peters
Subject: Re: [hobbit] Hobbit startup script.

On Friday 05 June 2009 12:09:00 David Peters wrote:

I don't quite understand the second part of your statement above ...

Which script are you referring to here? The "runclient.sh" script ?

Have you looked at (e.g.) rpm/hobbit-init.d and debian/hobbit.init in the 
source distribution ? They basically run 'su - hobbit runclient.sh ...', and

are suitable for use from /etc/init.d

Of course, the next question I have is, what Unix or Linux distribution are 
you on, and why didn't you install from packages (which would have avoided
you 
worrying about this in the first place).

Regards,
Buchan

I do get your answer though. There should be a script for the OS I am on
that calls runclient.sh and does the su there, not inside the runclient
script.

-----Original Message-----
From: Buchan Milne [mailto:user-9b139aff4dec@xymon.invalid] 
Sent: Friday, 5 June 2009 8:30 PM
To: user-ae9b8668bcde@xymon.invalid
Cc: David Peters
Subject: Re: [hobbit] Hobbit startup script.

On Friday 05 June 2009 12:09:00 David Peters wrote:

I don't quite understand the second part of your statement above ...

Which script are you referring to here? The "runclient.sh" script ?

Have you looked at (e.g.) rpm/hobbit-init.d and debian/hobbit.init in the 
source distribution ? They basically run 'su - hobbit runclient.sh ...', and

are suitable for use from /etc/init.d

Of course, the next question I have is, what Unix or Linux distribution are 
you on, and why didn't you install from packages (which would have avoided
you 
worrying about this in the first place).

Regards,
Buchan

Find something simple (like the syslog startup script) and hack it into a xymon startup script.  For the start command, "su - hobbit -c <wherever>runclient.sh".

Here is an example that I use:

#!/sbin/sh
#
#       Greg Hubbard, EDS, January 2006
#
#       Made from Solaris syslog startup script

BBHOME=/app/hobbit/client; export BBHOME
BBUSER=xymon; export BBUSER
HOST="`uname -n`.domain.com"

case "$1" in
'start')
        if [ -f $BBHOME/runclient.sh ]; then
                echo 'Hobbit client starting.'
                #
                su - $BBUSER -c "cd $BBHOME; ./runclient.sh --hostname=$HOST start"
        fi
        ;;

'stop')
        if [ -f $BBHOME/runclient.sh ]; then

                su - $BBUSER -c "cd $BBHOME; ./runclient.sh stop"
        fi
        ;;

*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac
This is for a client.  The server startup is similar, except it runs the server startup script.  This is not the most clever or elaborate of scripts, but it does work for me.

From: David Peters [mailto:user-66917457e380@xymon.invalid]
Sent: Friday, June 05, 2009 5:09 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: [hobbit] Hobbit startup script.

Hi,

I understand that hobbit needs to run as the hobbit user, but it is a bit annoying to have the hobbit startup script require the hobbit user to run it.

When I want to run it automagically out of /etc/init.d I have to change the script to not check for hobbit and then do an su to the hobbit user thus:

su -c "/home/xymon/server/bin/hobbitlaunch --config=/home/xymon/server/etc/hobbitlaunch.cfg --env=/home/xymon/server/etc/hob
bitserver.cfg --log=/var/log/xymon/hobbitlaunch.log --pidfile=/var/log/xymon/hobbitlaunch.pid"

why is it done this way rather than as above, thus allowing the server to start out of init.d?

On Friday 05 June 2009 12:44:24 David Peters wrote:

Yes, such as either of the two script shipped in the source distribution. While they are in "debian" and "rpm" directories, they are not very specific to each distribution. If you are on Solaris 10, someone has created an SMF script ...

Yes, you should not be using the runclient.sh script to start the service at boot etc.


Regards,
Buchan

Sorry, I am referring to the server startup script. All I do atm is copy the
/home/xymon/server/hobbit.sh script and make the modifications as per below.
I just wonder however why the script requires to be run as hobbit. I have
changed the script as per my instructions and it has been running fine for a
couple of years now.

-----Original Message-----
From: Buchan Milne [mailto:user-9b139aff4dec@xymon.invalid] 
Sent: Saturday, 6 June 2009 12:16 AM
To: user-ae9b8668bcde@xymon.invalid
Cc: David Peters
Subject: Re: [hobbit] Hobbit startup script.

On Friday 05 June 2009 12:44:24 David Peters wrote:

Yes, such as either of the two script shipped in the source distribution. 
While they are in "debian" and "rpm" directories, they are not very specific
to 
each distribution. If you are on Solaris 10, someone has created an SMF
script 
...

Yes, you should not be using the runclient.sh script to start the service at

boot etc.


Regards,
Buchan

Attached is a version of the hobbit/xymon init script I use. The package
we have performs a bunch of substitutions on this to get it to conform
to other changes, so it may not work out of the box for you. This should
give you at least an idea of one way to do it, though.


Regards,
Japheth Cleaver

Sorry I wasn't asking how to do it, just why the script has to run as 
hobbit when you install out of the box.

David Peters

+61 2 63913565
+61 4 17863572


From:
"Cleaver, Japheth" <user-2a1212dafc7b@xymon.invalid>
To:
<user-ae9b8668bcde@xymon.invalid>
Date:
09/06/2009 02:06 AM

Subject:
RE: [hobbit] Hobbit startup script.

Attached is a version of the hobbit/xymon init script I use. The package
we have performs a bunch of substitutions on this to get it to conform
to other changes, so it may not work out of the box for you. This should
give you at least an idea of one way to do it, though.


Regards,
Japheth Cleaver

[attachment "hobbit.initscript.fedora.txt" deleted by David 
Peters/DPI/NSW] 


This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of their organisation.

From: Buchan Milne [mailto:user-9b139aff4dec@xymon.invalid]

SMF

As if by magic...

----
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM
'/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type='manifest' name='export'>
  <service name='site/hobbit-server' type='service' version='0'>
    <create_default_instance enabled='true'/>
    <dependency name='filesystem' grouping='require_all'
restart_on='none' type='service'>
      <service_fmri value='svc:/system/filesystem/local'/>
    </dependency>
    <dependency name='multi-user-server' grouping='optional_all'
restart_on='none' type='service'>
      <service_fmri value='svc:/milestone/multi-user-server'/>
    </dependency>
    <dependency name='hobbitserver_file' grouping='require_all'
restart_on='none' type='path'>
      <service_fmri
value='file://localhost/opt/hobbit/server/etc/hobbitserver.cfg'/>
    </dependency>
    <dependency name='bbhosts_file' grouping='require_all'
restart_on='none' type='path'>
      <service_fmri
value='file://localhost/opt/hobbit/server/etc/bb-hosts'/>
    </dependency>
    <exec_method name='start' type='method'
exec='/opt/hobbit/server/hobbit.sh start' timeout_seconds='30'>
      <method_context>
        <method_credential user='hobbit'/>
      </method_context>
    </exec_method>
    <exec_method name='stop' type='method'
exec='/opt/hobbit/server/hobbit.sh stop' timeout_seconds='30'>
      <method_context>
        <method_credential user='hobbit'/>
      </method_context>
    </exec_method>
    <exec_method name='refresh' type='method'
exec='/opt/hobbit/server/hobbit.sh restart' timeout_seconds='30'>
      <method_context>
        <method_credential user='hobbit'/>
      </method_context>
    </exec_method>
    <property_group name='startd' type='framework'>
      <propval name='ignore_error' type='astring' value='core,signal'/>
    </property_group>
    <stability value='Unstable'/>
    <template>
      <common_name>
        <loctext xml:lang='C'>Hobbit Monitor Server</loctext>
      </common_name>
      <documentation>
        <doc_link name='hobbit_monitor_site'
uri='http://hobbitmon.sourceforge.net/'/>;
      </documentation>
    </template>
  </service>
</service_bundle>
----

Don't remember where this one came from but it will be one of my head or
another person in this distribution group.

|\/|artin


*************************************************************************************
The message is intended for the named addressee only and may not be disclosed to or used by anyone else, nor may it be copied in any way. 

The contents of this message and its attachments are confidential and may also be subject to legal privilege.  If you are not the named addressee and/or have received this message in error, please advise us by e-mailing user-61c7f445d564@xymon.invalid and delete the message and any attachments without retaining any copies. 

Internet communications are not secure and COLT does not accept responsibility for this message, its contents nor responsibility for any viruses. 

No contracts can be created or varied on behalf of COLT Telecommunications, its subsidiaries or affiliates ("COLT") and any other party by email Communications unless expressly agreed in writing with such other party.  

Please note that incoming emails will be automatically scanned to eliminate potential viruses and unsolicited promotional emails. For more information refer to www.colt.net or contact us on +44(0)20 7390 3900.

There is a very good "How-to" on The Shire done by Galen Johnson about
Solaris 10 Xymon SMF.

Look here: http://xymonton.trantor.org/doku.php/addons:hobbitsmf

Johann

It's a security thing.  It is not good practice to run applications as root.  If someone exploits a "let to be discovered" bug in Xymon they will not be able to crash it and become root.

Craig

It still runs as hobbit, it is just that any script in init.d gets run as root by init.  So consequently anything that needs to be run by a user such as hobbit, has its startup script coded to do an su hobbit -c "blahblahblah". In other words, hobbit still runs as hobbit but the startup script can be run as root.

Anyway I think this discussion is dead. :-)

David Peters

+61 2 63913565
+61 4 17863572


Craig Cook <user-850f03189cf7@xymon.invalid> wrote on 09/06/2009 11:04:18 PM:

[image removed] 
RE: [hobbit] Hobbit startup script.

Craig Cook 
to:

'user-ae9b8668bcde@xymon.invalid'

10/06/2009 12:33 AM

Please respond to hobbit

This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of their organisation.

It still runs as hobbit, it is just that any script in init.d gets run as root by init.

Correct.  Init.d scripts are run by root on system startup.  Well, actually scripts in the rc.d dirs.

So consequently anything that needs to be run by a user such as hobbit, has its startup script coded to do an su hobbit -c "blahblahblah".

Correct.  Any example scripts people have provided do the "su hobbit -c " thing *because* the hobbit application will not allow you to start it as the root user, due to security issues.

In other words, hobbit still runs as hobbit but the startup script can be run as root.

Correct, if you are using an init.d script.  You can not run the "hobbit.sh" startup/shutdown script in the hobbit home directory as root for security reasons previously mentioned (nor should you edit that hobbit.sh script to allow root to start it).

Craig