Compare commits
3 commits
8202a2563b
...
ba8d3b3eb7
| Author | SHA1 | Date | |
|---|---|---|---|
| ba8d3b3eb7 | |||
| 6f89e169c8 | |||
| 99a1b72a26 |
1 changed files with 35 additions and 15 deletions
50
lumberjack
50
lumberjack
|
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
# Script details.
|
# Script details.
|
||||||
NAME="${0##*/}"
|
NAME="${0##*/}"
|
||||||
VERSION="0.3.2"
|
VERSION="0.4.0"
|
||||||
|
|
||||||
|
|
||||||
# Functions.
|
# Functions.
|
||||||
|
|
@ -68,6 +68,7 @@ die() {
|
||||||
# $1 The text of the error message to display on stderr.
|
# $1 The text of the error message to display on stderr.
|
||||||
|
|
||||||
(( DEBUG == 1 )) && printf "%s: %s: %s\\n" "$(date "+%Y%m%d %H%M%S.%N")" "die" "$1" >>"$DEBUG_FILE"
|
(( DEBUG == 1 )) && printf "%s: %s: %s\\n" "$(date "+%Y%m%d %H%M%S.%N")" "die" "$1" >>"$DEBUG_FILE"
|
||||||
|
syslog "err" "$1"
|
||||||
printf "%s: %s\\n" "$NAME" "$1" >&2
|
printf "%s: %s\\n" "$NAME" "$1" >&2
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
@ -87,6 +88,14 @@ display_help() {
|
||||||
-f Request flushing of the log file to disk after every write.
|
-f Request flushing of the log file to disk after every write.
|
||||||
This may significantly reduce performance and result in a lot of
|
This may significantly reduce performance and result in a lot of
|
||||||
disk writes. Best to let the kernel do appropriate buffering.
|
disk writes. Best to let the kernel do appropriate buffering.
|
||||||
|
-g <group> Set name of the group to run with. With this option, as soon as
|
||||||
|
$NAME starts it will re-exec itself to run as this group.
|
||||||
|
Log files created by $NAME will be owned by this group. The
|
||||||
|
default is to run as a primary group of any user given by '-u'
|
||||||
|
or the user that executed $NAME, which is usually root.
|
||||||
|
When combind with '-u', the group $NAME will run under is no
|
||||||
|
longer the primary group of that user but will be this group.
|
||||||
|
This option is only available to root.
|
||||||
-h Display this help.
|
-h Display this help.
|
||||||
-i <pipe> Read input from the pipe/FIFO at <pipe>, rather than stdin.
|
-i <pipe> Read input from the pipe/FIFO at <pipe>, rather than stdin.
|
||||||
If the pipe/FIFO does not exist, it will be created. Use '-o'
|
If the pipe/FIFO does not exist, it will be created. Use '-o'
|
||||||
|
|
@ -223,7 +232,7 @@ open_fd() {
|
||||||
# shellcheck disable=SC1083
|
# shellcheck disable=SC1083
|
||||||
if ! { exec {FDS["$1"]}>>"$2"; } 2>/dev/null; then
|
if ! { exec {FDS["$1"]}>>"$2"; } 2>/dev/null; then
|
||||||
(( FLAGS[${1}_open-fd-fail] == 0 )) && {
|
(( FLAGS[${1}_open-fd-fail] == 0 )) && {
|
||||||
syslog "error" "failed to open log file for writing: $2"
|
syslog "err" "failed to open log file for writing: $2"
|
||||||
FLAGS[${1}_open-fd-fail]=1
|
FLAGS[${1}_open-fd-fail]=1
|
||||||
}
|
}
|
||||||
return 1
|
return 1
|
||||||
|
|
@ -289,6 +298,9 @@ sigterm_handler() {
|
||||||
close_fd "$SITE"
|
close_fd "$SITE"
|
||||||
done
|
done
|
||||||
disown -a
|
disown -a
|
||||||
|
(( FLAGS[created-fifo] == 1 )) && {
|
||||||
|
rm -f "$INPUT" 2>/dev/null || syslog "warn" "failed to remove pipe/fifo: $INPUT"
|
||||||
|
}
|
||||||
exit 0
|
exit 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -355,6 +367,7 @@ PIPE_UMASK="066"
|
||||||
PIPE_OWNER=""
|
PIPE_OWNER=""
|
||||||
SYSLOG_FACILITY="user"
|
SYSLOG_FACILITY="user"
|
||||||
RUNAS_USER=""
|
RUNAS_USER=""
|
||||||
|
RUNAS_GROUP=""
|
||||||
FLAGS=([flush]=0 [raw]=0 [compress]=0 [make-parents]=0 [created-fifo]=0 [timed-out]=0 [basedir-vanished]=0 [basedir-notdir]=0)
|
FLAGS=([flush]=0 [raw]=0 [compress]=0 [make-parents]=0 [created-fifo]=0 [timed-out]=0 [basedir-vanished]=0 [basedir-notdir]=0)
|
||||||
|
|
||||||
# trap signals.
|
# trap signals.
|
||||||
|
|
@ -392,6 +405,14 @@ while :; do
|
||||||
shift
|
shift
|
||||||
continue
|
continue
|
||||||
;;
|
;;
|
||||||
|
-g)
|
||||||
|
# Set the group to run as.
|
||||||
|
(( UID != 0 )) && die "only root can use -g"
|
||||||
|
getent group "$2" >/dev/null 2>&1 || die "invalid group given for -g: $2"
|
||||||
|
RUNAS_GROUP="$2"
|
||||||
|
shift 2
|
||||||
|
continue
|
||||||
|
;;
|
||||||
-h|-help|--help)
|
-h|-help|--help)
|
||||||
# Show the help screen and exit.
|
# Show the help screen and exit.
|
||||||
display_help
|
display_help
|
||||||
|
|
@ -540,23 +561,22 @@ TEMPLATE="$2"
|
||||||
|
|
||||||
# If input is to be a pipe/FIFO, create it if necessary.
|
# If input is to be a pipe/FIFO, create it if necessary.
|
||||||
[[ -n "$INPUT" ]] && {
|
[[ -n "$INPUT" ]] && {
|
||||||
if [[ ! -e "$INPUT" ]]; then
|
[[ ! -e "$INPUT" ]] || [[ ! -p "$INPUT" ]] && {
|
||||||
umask "$PIPE_UMASK"
|
umask "$PIPE_UMASK"
|
||||||
|
rm -f "$INPUT"
|
||||||
mkfifo "$INPUT" 2>/dev/null || die "failed to create pipe/FIFO: $INPUT"
|
mkfifo "$INPUT" 2>/dev/null || die "failed to create pipe/FIFO: $INPUT"
|
||||||
FLAGS[created-fifo]=1
|
FLAGS[created-fifo]=1
|
||||||
[[ -n "$PIPE_OWNER" ]] && { chown "$PIPE_OWNER" "$INPUT" >/dev/null 2>&1 || die "failed to chown pipe/FIFO: $INPUT"; }
|
[[ -n "$PIPE_OWNER" ]] && { chown "$PIPE_OWNER" "$INPUT" >/dev/null 2>&1 || die "failed to chown pipe/FIFO: $INPUT"; }
|
||||||
elif [[ ! -p "$INPUT" ]]; then
|
}
|
||||||
die "not a pipe/FIFO: $INPUT"
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Apply user and setting.
|
# Apply user and setting.
|
||||||
[[ -n "$RUNAS_USER" ]] && {
|
[[ -n "$RUNAS_USER" ]] || [[ -n "$RUNAS_GROUP" ]] && {
|
||||||
SETPRIV="$(command -v setpriv)"
|
SETPRIV="$(command -v setpriv)"
|
||||||
if [[ -n "$SETPRIV" ]]; then
|
if [[ -n "$SETPRIV" ]]; then
|
||||||
exec "$SETPRIV" --keep-groups --reuid "$RUNAS_USER" --regid "$RUNAS_USER" -- "$0" "${ORIG_ARGS[@]}" "$BASEDIR" "$TEMPLATE" || die "failed to exec to change user"
|
exec "$SETPRIV" --keep-groups --reuid "${RUNAS_USER:-$(whoami)}" ${RUNAS_GROUP:+--regid "$RUNAS_GROUP"} -- "$0" "${ORIG_ARGS[@]}" "$BASEDIR" "$TEMPLATE" || die "failed to exec to change user/group"
|
||||||
else
|
else
|
||||||
die "cannot exec to change user: setpriv not found"
|
die "cannot exec to change user/group: setpriv not found"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -594,7 +614,7 @@ while :; do
|
||||||
}
|
}
|
||||||
elif (( ERR != 0 )); then
|
elif (( ERR != 0 )); then
|
||||||
# Unhandled error - log the issue and continue.
|
# Unhandled error - log the issue and continue.
|
||||||
syslog "error" "unhandled return code from 'read': $ERR"
|
syslog "err" "unhandled return code from 'read': $ERR"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -602,7 +622,7 @@ while :; do
|
||||||
# Note: We won't make this directory ourselves - as it's the base directory it should exist on the system to start with.
|
# Note: We won't make this directory ourselves - as it's the base directory it should exist on the system to start with.
|
||||||
if [[ ! -e "$BASEDIR" ]]; then
|
if [[ ! -e "$BASEDIR" ]]; then
|
||||||
(( FLAGS[basedir-vanished] == 0 )) && {
|
(( FLAGS[basedir-vanished] == 0 )) && {
|
||||||
syslog "error" "base directory has vanished"
|
syslog "err" "base directory has vanished"
|
||||||
FLAGS[basedir-vanished]=1
|
FLAGS[basedir-vanished]=1
|
||||||
}
|
}
|
||||||
continue
|
continue
|
||||||
|
|
@ -616,7 +636,7 @@ while :; do
|
||||||
# Make sure the base path is a directory.
|
# Make sure the base path is a directory.
|
||||||
if ! is_dir "$BASEDIR"; then
|
if ! is_dir "$BASEDIR"; then
|
||||||
(( FLAGS[basedir-notdir] == 0 )) && {
|
(( FLAGS[basedir-notdir] == 0 )) && {
|
||||||
syslog "error" "base path is no longer a directory"
|
syslog "err" "base path is no longer a directory"
|
||||||
FLAGS[basedir-notdir]=1
|
FLAGS[basedir-notdir]=1
|
||||||
}
|
}
|
||||||
continue
|
continue
|
||||||
|
|
@ -676,7 +696,7 @@ while :; do
|
||||||
rm -rf "${BASEDIR:?}/${LINKFILE_EXPANDED//\{\}/$SITE}"
|
rm -rf "${BASEDIR:?}/${LINKFILE_EXPANDED//\{\}/$SITE}"
|
||||||
if ! ln -sfr "$FILENAME" "$BASEDIR/${LINKFILE_EXPANDED//\{\}/$SITE}"; then
|
if ! ln -sfr "$FILENAME" "$BASEDIR/${LINKFILE_EXPANDED//\{\}/$SITE}"; then
|
||||||
(( FLAGS[${SITE}_fix-link] == 0 )) && {
|
(( FLAGS[${SITE}_fix-link] == 0 )) && {
|
||||||
syslog "error" "failed to fix link: $BASEDIR/${LINKFILE_EXPANDED//\{\}/$SITE}"
|
syslog "err" "failed to fix link: $BASEDIR/${LINKFILE_EXPANDED//\{\}/$SITE}"
|
||||||
FLAGS[${SITE}_fix-link]=1
|
FLAGS[${SITE}_fix-link]=1
|
||||||
}
|
}
|
||||||
continue
|
continue
|
||||||
|
|
@ -700,7 +720,7 @@ while :; do
|
||||||
# If in raw mode, we need a placeholder for the FDS array element as LOG_VHOST would normally be unset.
|
# If in raw mode, we need a placeholder for the FDS array element as LOG_VHOST would normally be unset.
|
||||||
if (( FLAGS[raw] == 0 )); then
|
if (( FLAGS[raw] == 0 )); then
|
||||||
[[ ! "$LOG_VHOST" ]] && {
|
[[ ! "$LOG_VHOST" ]] && {
|
||||||
syslog "error" "empty VirtualHost site identifier"
|
syslog "err" "empty VirtualHost site identifier"
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -753,7 +773,7 @@ while :; do
|
||||||
rm -rf "${BASEDIR:?}/${LINKFILE_EXPANDED//\{\}/$LOG_VHOST}"
|
rm -rf "${BASEDIR:?}/${LINKFILE_EXPANDED//\{\}/$LOG_VHOST}"
|
||||||
if ! ln -sfr "$FILENAME" "$BASEDIR/${LINKFILE_EXPANDED//\{\}/$LOG_VHOST}" 2>/dev/null; then
|
if ! ln -sfr "$FILENAME" "$BASEDIR/${LINKFILE_EXPANDED//\{\}/$LOG_VHOST}" 2>/dev/null; then
|
||||||
(( FLAGS[${LOG_VHOST}_create-link] == 0 )) && {
|
(( FLAGS[${LOG_VHOST}_create-link] == 0 )) && {
|
||||||
syslog "error" "failed to create link: $BASEDIR/${LINKFILE_EXPANDED//\{\}/$LOG_VHOST}"
|
syslog "err" "failed to create link: $BASEDIR/${LINKFILE_EXPANDED//\{\}/$LOG_VHOST}"
|
||||||
FLAGS[${LOG_VHOST}_create-link]=1
|
FLAGS[${LOG_VHOST}_create-link]=1
|
||||||
}
|
}
|
||||||
continue
|
continue
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue