Page MenuHomePhabricator

When already running as the daemon user, don't "sudo" daemon commands
ClosedPublic

Authored by epriestley on Aug 11 2016, 11:08 PM.
Tags
None
Referenced Files
F14057613: D16391.diff
Sun, Nov 17, 5:12 AM
F14034101: D16391.id39421.diff
Sat, Nov 9, 10:08 PM
F14034092: D16391.id39421.diff
Sat, Nov 9, 10:04 PM
F14015155: D16391.id39418.diff
Sun, Nov 3, 2:49 PM
F14015154: D16391.id.diff
Sun, Nov 3, 2:48 PM
F14015153: D16391.id39421.diff
Sun, Nov 3, 2:48 PM
F14015142: D16391.diff
Sun, Nov 3, 2:35 PM
F14013753: D16391.id39418.diff
Sat, Nov 2, 12:13 PM
Subscribers
None
Tokens
"100" token, awarded by jmeador.

Details

Summary

The cluster synchronization code runs either actively (before returning a response to git clone, for example) or passively (routinely, as the daemons update reposiories).

The active sync runs as the web user (if running git clone http://...) or the VCS user (if running git clone ssh://...). But the passive sync runs as the daemon user.

All of these sync processes need to run actual commands as the daemon user (git fetch ...).

For the active ones, we must sudo.

For the passive ones, we're already the right user. We run the same code, and end up trying to sudo to ourselves, which sudo isn't happy about by default.

Depending on how sudo is configured and which users things are running as this might work anyway, but it's silly and if it doesn't work it requires you to go make non-obvious, weird config changes that are unintuitive and somewhat nonsensical. This is probably worse on the balance than adding a bit of complexity to the code.

Instead, test which user we're running as. If it's already the right user, don't sudo.

Test Plan
  • Ran bin/repository update --trace as daemon user, saw no more sudo.
  • Ran a git clone to make sure that didn't break.

Diff Detail

Repository
rP Phabricator
Branch
sudo1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 13295
Build 17049: Run Core Tests
Build 17048: arc lint + arc unit

Event Timeline

epriestley retitled this revision from to When already running as the daemon user, don't "sudo" daemon commands.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
avivey added a reviewer: avivey.
This revision is now accepted and ready to land.Aug 11 2016, 11:30 PM
This revision was automatically updated to reflect the committed changes.