mysql connection through ssl tunnel

John Almberg jalmberg at identry.com
Wed Oct 22 09:19:39 PDT 2008 

>> Now I just need to figure out how to start it on reboot, but that  
>> is something I've been meaning to learn, anyway, so I don't mind.
>
> I hope you guys will bear with me just a little more... I have  
> spent the day trying to figure out how to create an rc script for  
> autossh. Very cool, and not as hard as I'd anticipated. It is  
> attached below.
>
> The script works perfectly *iff* I run it from the command line as  
> a non-root user, like so:
>
> /usr/local/etc/rc.d/autossh start
>
> However, it does NOT work when executed by root. Instead, I get the  
> following error message in /var/log/messages
>
>   messages:Oct 21 19:01:38 on autossh[89267]: ssh exited  
> prematurely with status 255; autossh exiting
>
> So (my understanding), autossh is starting, and tries to create the  
> tunnel, but the tunnel creation fails with the unhelpful 255 error  
> message.
>
> But only when executed by root. That's the puzzling part.
>
> I don't allow root logins on this server, but don't see how that  
> could cause this problem....
>
> I'm stumped. Any hints, much appreciated.
>
> -- John
>
> ----------------------
>
> #!/bin/sh
> # PROVIDE: autossh
> # REQUIRE: LOGIN
> # KEYWORD: shutdown
>
> . /etc/rc.subr
>
> name="autossh"
> rcvar=`set_rcvar`
> start_cmd="${name}_start"
> stop_cmd=":"
>
> load_rc_config $name
> eval "${rcvar}=\${${rcvar}:='NO'}"
>
> command="/usr/local/bin/autossh"
> command_args="-M 20000 -fNg -L 33006:127.0.0.1:3306 admin at example.com"
> #pidfile="/var/run/autossh.pid"
> #AUTOSSH_PIDFILE="$pidfile"; export AUTOSSH_PIDFILE
>
> autossh_start()
> {
>   ${command} ${command_args}
>   echo "started autossh"
> }
>
> run_rc_command "$1"
>

Answering my own question (probably the best way)...

I solved this problem by figuring out how to execute the command  
inside the rc script as a non-root user. Like so:

autossh_start()
{
   echo "${command} ${command_args}"
   su admin -c "${command} ${command_args}"
   echo "started autossh"
}


This works beautifully, so I almost hesitate to ask, but is there  
anything wrong with this approach?

-- John

More information about the freebsd-questions mailing list