HomePhabricator

When already running as the daemon user, don't "sudo" daemon commands

Description

When already running as the daemon user, don't "sudo" daemon commands

Summary:
The cluster synchronization code runs either actively (before returning a response to git clone, for example) or passively (routinely, as the daemons update reposiories).

The active sync runs as the web user (if running git clone http://...) or the VCS user (if running git clone ssh://...). But the passive sync runs as the daemon user.

All of these sync processes need to run actual commands as the daemon user (git fetch ...).

For the active ones, we must sudo.

For the passive ones, we're already the right user. We run the same code, and end up trying to sudo to ourselves, which sudo isn't happy about by default.

Depending on how sudo is configured and which users things are running as this might work anyway, but it's silly and if it doesn't work it requires you to go make non-obvious, weird config changes that are unintuitive and somewhat nonsensical. This is probably worse on the balance than adding a bit of complexity to the code.

Instead, test which user we're running as. If it's already the right user, don't sudo.

Test Plan:

  • Ran bin/repository update --trace as daemon user, saw no more sudo.
  • Ran a git clone to make sure that didn't break.

Reviewers: chad, avivey

Reviewed By: avivey

Differential Revision: https://secure.phabricator.com/D16391

Details

Provenance
epriestleyAuthored on Aug 11 2016, 11:02 PM
epriestleyPushed on Aug 11 2016, 11:41 PM
Reviewer
avivey
Differential Revision
D16391: When already running as the daemon user, don't "sudo" daemon commands
Parents
rP39d4e21eec56: Fix a bad DiffusionCommandEngine parameter from HTTPEngine conversion
Branches
Unknown
Tags
Unknown
Build Status
Buildable 13298
Build 17053: Run Core Tests