mysql connection through ssl tunnel

Matthew Seaman m.seaman at infracaninophile.co.uk
Wed Oct 22 09:30:04 PDT 2008 

John Almberg wrote:
>>> Now I just need to figure out how to start it on reboot, but that is 
>>> something I've been meaning to learn, anyway, so I don't mind.
>>
>> I hope you guys will bear with me just a little more... I have spent 
>> the day trying to figure out how to create an rc script for autossh. 
>> Very cool, and not as hard as I'd anticipated. It is attached below.
>>
>> The script works perfectly *iff* I run it from the command line as a 
>> non-root user, like so:
>>
>> /usr/local/etc/rc.d/autossh start
>>
>> However, it does NOT work when executed by root. Instead, I get the 
>> following error message in /var/log/messages
>>
>>   messages:Oct 21 19:01:38 on autossh[89267]: ssh exited prematurely 
>> with status 255; autossh exiting
>>
>> So (my understanding), autossh is starting, and tries to create the 
>> tunnel, but the tunnel creation fails with the unhelpful 255 error 
>> message.
>>
>> But only when executed by root. That's the puzzling part.
>>
>> I don't allow root logins on this server, but don't see how that could 
>> cause this problem....
>>
>> I'm stumped. Any hints, much appreciated.
>>
>> -- John
>>
>> ----------------------
>>
>> #!/bin/sh
>> # PROVIDE: autossh
>> # REQUIRE: LOGIN
>> # KEYWORD: shutdown
>>
>> . /etc/rc.subr
>>
>> name="autossh"
>> rcvar=`set_rcvar`
>> start_cmd="${name}_start"
>> stop_cmd=":"
>>
>> load_rc_config $name
>> eval "${rcvar}=\${${rcvar}:='NO'}"
>>
>> command="/usr/local/bin/autossh"
>> command_args="-M 20000 -fNg -L 33006:127.0.0.1:3306 admin at example.com"
>> #pidfile="/var/run/autossh.pid"
>> #AUTOSSH_PIDFILE="$pidfile"; export AUTOSSH_PIDFILE
>>
>> autossh_start()
>> {
>>   ${command} ${command_args}
>>   echo "started autossh"
>> }
>>
>> run_rc_command "$1"
>>
> 
> Answering my own question (probably the best way)...
> 
> I solved this problem by figuring out how to execute the command inside 
> the rc script as a non-root user. Like so:
> 
> autossh_start()
> {
>   echo "${command} ${command_args}"
>   su admin -c "${command} ${command_args}"
>   echo "started autossh"
> }
> 
> 
> This works beautifully, so I almost hesitate to ask, but is there 
> anything wrong with this approach?

Nothing, except you're re-inventing the wheel.  rc.subr already
has a mechanism for running commands as another user.  Instead
of defining a new start() function, simply add something like:

 : ${autossh_user:='admin'}

towards the top of the script.  (This also means you can override
the setting by defining 'autossh_user="someoneelse"' in /etc/rc.conf
in the usual way)

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081022/f1a5c512/signature.pgp

More information about the freebsd-questions mailing list