Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F13181973
D15760.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D15760.diff
View Options
diff --git a/conf/aphlict/aphlict.default.json b/conf/aphlict/aphlict.default.json
--- a/conf/aphlict/aphlict.default.json
+++ b/conf/aphlict/aphlict.default.json
@@ -22,5 +22,6 @@
"path": "/var/log/aphlict.log"
}
],
- "pidfile": "/var/tmp/aphlict/pid/aphlict.pid"
+ "pidfile": "/var/tmp/aphlict/pid/aphlict.pid",
+ "user": ""
}
diff --git a/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php b/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php
--- a/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php
+++ b/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php
@@ -79,6 +79,7 @@
'cluster' => 'optional list<wild>',
'pidfile' => 'string',
'memory.hint' => 'optional int',
+ 'user' => 'optional string|null',
));
} catch (Exception $ex) {
throw new PhutilArgumentUsageException(
@@ -287,6 +288,14 @@
$dir,
$ex->getMessage()));
}
+
+ $user = idx($data, 'user');
+ if ($user && ($user === 'root')) {
+ throw new PhutilArgumentUsageException(
+ pht(
+ 'The notification server should not be run as root :'.
+ 'thus, you should specify an other user than root.'));
+ }
}
final public function getPIDPath() {
@@ -521,12 +530,23 @@
}
private function getStartCommand(array $server_argv) {
- return csprintf(
- '%R %Ls -- %s %Ls',
- $this->getNodeBinary(),
- $this->getNodeArgv(),
- $this->getAphlictScriptPath(),
- $server_argv);
+ $user = idx($this->configData, 'user');
+ if ($user) {
+ return csprintf(
+ 'sudo -En -u %s %R %Ls -- %s %Ls',
+ $user,
+ $this->getNodeBinary(),
+ $this->getNodeArgv(),
+ $this->getAphlictScriptPath(),
+ $server_argv);
+ } else {
+ return csprintf(
+ '%R %Ls -- %s %Ls',
+ $this->getNodeBinary(),
+ $this->getNodeArgv(),
+ $this->getAphlictScriptPath(),
+ $server_argv);
+ }
}
}
diff --git a/src/docs/user/configuration/notifications.diviner b/src/docs/user/configuration/notifications.diviner
--- a/src/docs/user/configuration/notifications.diviner
+++ b/src/docs/user/configuration/notifications.diviner
@@ -83,6 +83,11 @@
- `memory.hint`: //Optional int.// Suggestion to `node` about how much
memory to use, via `--max-old-stack-size`. In most cases, this can be
left unspecified.
+ - `user`: //Optional string.// User that must run the `node` server.
+ Be sure you can `sudo` from your current user to this user without password
+ for the `node` command. If left unspecified, phabricator will skip the sudo
+ part. Since aphlict requires the node server to use low privileges, `user`
+ cannot be set to `root`.
Each server in the `servers` list should be an object with these keys:
File Metadata
Details
Attached
Mime Type
text/plain
Expires
May 10 2024, 5:23 PM (5 w, 1 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6283877
Default Alt Text
D15760.diff (2 KB)
Attached To
Mode
D15760: Add a user field into aphlict configuration
Attached
Detach File
Event Timeline
Log In to Comment