Hi,

during the period of setting up the boinc test server I came across the fact that by default the server software runs as user root on the system.

This is not always a good thing!

To allow the server deamons to be able to run as non-root and apache too, I had to patch the server software; the files uploaded by clients are made group/world writeable and the directories created when using the fan-out features, are also group/world writable. Now the file_upload_handler cgi script running as i.e. 'wwwrun' creates files that can be removed by the file_deleter deamon running as i.e. 'boinc'. This allows for the server deamons to run as non-root and that protects the system a bit more if a critical deamon/cgi script goes haywire...

The lib/filesys.C patch:

--- boinc/lib/filesys.C 2005-07-14 18:46:38.000000000 +0200
+++ Boinc_2005-10-06_source_fixes.dir/lib/filesys.C 2006-02-12 18:36:15.229663336 +0100
@@ -17,6 +17,10 @@
// or write to the Free Software Foundation, Inc.,
// 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

+
+// M.F.Somers UPDATE: make files uploaded world writeable so other deamons running
+// with different user ID actually can delete them files !
+
#if defined(_WIN32) && !defined(__STDWX_H__) && !defined(_BOINC_WIN_) && !defined(_AFX_STDAFX_H_)
#include "boinc_win.h"
#endif
@@ -443,7 +447,15 @@
#ifdef _WIN32
return !CreateDirectory(path, NULL);
#else
- return mkdir(path, 0777);
+// return mkdir(path, 0777);
+// M.F.Somers UPDATE: Set group write bits for non-root file-deleter to be able to delete files...
+
+ mode_t old_mask = umask( 00000 );
+ int retval = mkdir( path, 0777 );
+ chmod( path, 0777 );
+ umask( old_mask );
+
+ return( retval );
#endif
}

and the sched/file_upload_handler.C patch:

--- boinc/sched/file_upload_handler.C 2005-10-04 20:30:49.000000000 +0200
+++ Boinc_2005-10-06_source_fixes.dir/sched/file_upload_handler.C 2006-02-12 18:36:11.598215400 +0100
@@ -17,6 +17,9 @@
// or write to the Free Software Foundation, Inc.,
// 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

+// M.F.Somers UPDATE: added the write flags for group and others so the filedeleter deamon, running as non-root
+// is allowed to delete the created files...
+
// The BOINC file upload handler.
// See doc/upload.html for protocol spec.
//
@@ -145,10 +148,15 @@
// open file. We use raw IO not buffered IO so that we can use reliable
// posix file locking. Advisory file locking is not guaranteed reliable when
// used with stream buffered IO.
- int fd=open(path, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+
+// M.F.Somers UPDATE: added the write flags for group and others so the filedeleter deamon, running as non-root
+// is allowed to delete the created files ;-)...
+
+ int fd=open(path, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IWGRP|S_IRGRP|S_IWOTH|S_IROTH);
if (fd<0) {
return return_error(ERR_TRANSIENT, "can't open file %s: %s\\n", path, strerror(errno));
}
+ fchmod( fd, S_IRUSR|S_IWUSR|S_IWGRP|S_IRGRP|S_IWOTH|S_IROTH );

// Put an advisory lock on the file. This will prevent OTHER instances of file_upload_handler
// from being able to write to the file.


Cheers,

mark somers.

---

mark somers
mail: [email protected]
web: http://rulgla.leidenuniv.nl/Researchers/Somers.htm