Documentation ¶
Overview ¶
runner fork/exec's the requested child process connected to a pty passed in from the client. If the pty doesn't exist the process will fail. The cmdclient package creates a pty. The pty file descriptor is passed to the cmdrunner via an SCM_RIGHTS ancilliary message passed via main.sock. This is done through the opd Run RPC. Run now blocks until the process exits and returns the exit code from the opd child. A diagram of how process spawning works is included below: +---------------+ main.sock +----------------------+ | +------------------>+ | | opc +<------------------+ opd | | | | | |.+-----------+.| |.+------------------+.| ++ ++ ++ ++ || cmdc || || cmdrunner || ++ ++ ++ ++ |'+-----------+'| |'+------------------+'| +^-+--------+-^-+ +----------------------+ | | | | |fork/exec | | | | V in/out | | .+-----------+. | | | | + requested + | | in/out + process + +-+-v--+ | | '+---^-+-----+' | tty | | | | | +------+ | | in/out +------+ | | | | | user | +---v-+-----------------------------------+-V--------+ +------+ | PTY | +----------------------------------------------------+
Opd is a daemon that authorizes and runs commands from the Vyatta operational template tree.
Usage:
-debug Enable debug logging -adebug Enable authorization debug logging -cpuprofile=<filename> Defines a file which to write a cpu profile that can be parsed with go pprof. When defined, the daemon will begin recording cpu profile information when it receives a SIGUSR1 signal. Then on a subsequent SIGUSR1 it will write the profile information to the defined file. -memprofile=<filename> Defines a file which to write a memory profile that can be parsed with go pprof. When defined, a heap profile will be written when the daemon receives the SIGUSR2 signal. -ruleset=<filename> Default: "/opt/vyatta/etc/opruleset.txt" When defined the default path to the operational ruleset is overridden by the provided filename. -tmplpath=<path> Default: "/opt/vyatta/share/vyatta-op/templates" When defined the default path to the operational templates is overridden by the provided path. -pidfile=<filename> When defined opd will write its pid to the defined file. -logfile=<filename> When defined opd will redirect its stdout and stderr to the defined file. -user=<user> When defined opd will set its loginuid to the uid of this user. -group=<group> When defined opd will make its main socket owned by and writeble by this group. SIGHUP Issuing SIGHUP to the daemon will trigger a reread of the operational templates and the authorization ruleset from their defined paths. In the case of the authorization ruleset if an invalid file is found the ruleset will remain unchanged.
Notes ¶
Bugs ¶
workaround bash not allowing exported arrays
Click to show internal directories.
Click to hide internal directories.