mysql connection through ssl tunnel
Matthew Seaman
m.seaman at infracaninophile.co.uk
Wed Oct 22 09:30:04 PDT 2008
John Almberg wrote:
>>> Now I just need to figure out how to start it on reboot, but that is
>>> something I've been meaning to learn, anyway, so I don't mind.
>>
>> I hope you guys will bear with me just a little more... I have spent
>> the day trying to figure out how to create an rc script for autossh.
>> Very cool, and not as hard as I'd anticipated. It is attached below.
>>
>> The script works perfectly *iff* I run it from the command line as a
>> non-root user, like so:
>>
>> /usr/local/etc/rc.d/autossh start
>>
>> However, it does NOT work when executed by root. Instead, I get the
>> following error message in /var/log/messages
>>
>> messages:Oct 21 19:01:38 on autossh[89267]: ssh exited prematurely
>> with status 255; autossh exiting
>>
>> So (my understanding), autossh is starting, and tries to create the
>> tunnel, but the tunnel creation fails with the unhelpful 255 error
>> message.
>>
>> But only when executed by root. That's the puzzling part.
>>
>> I don't allow root logins on this server, but don't see how that could
>> cause this problem....
>>
>> I'm stumped. Any hints, much appreciated.
>>
>> -- John
>>
>> ----------------------
>>
>> #!/bin/sh
>> # PROVIDE: autossh
>> # REQUIRE: LOGIN
>> # KEYWORD: shutdown
>>
>> . /etc/rc.subr
>>
>> name="autossh"
>> rcvar=`set_rcvar`
>> start_cmd="${name}_start"
>> stop_cmd=":"
>>
>> load_rc_config $name
>> eval "${rcvar}=\${${rcvar}:='NO'}"
>>
>> command="/usr/local/bin/autossh"
>> command_args="-M 20000 -fNg -L 33006:127.0.0.1:3306 admin at example.com"
>> #pidfile="/var/run/autossh.pid"
>> #AUTOSSH_PIDFILE="$pidfile"; export AUTOSSH_PIDFILE
>>
>> autossh_start()
>> {
>> ${command} ${command_args}
>> echo "started autossh"
>> }
>>
>> run_rc_command "$1"
>>
>
> Answering my own question (probably the best way)...
>
> I solved this problem by figuring out how to execute the command inside
> the rc script as a non-root user. Like so:
>
> autossh_start()
> {
> echo "${command} ${command_args}"
> su admin -c "${command} ${command_args}"
> echo "started autossh"
> }
>
>
> This works beautifully, so I almost hesitate to ask, but is there
> anything wrong with this approach?
Nothing, except you're re-inventing the wheel. rc.subr already
has a mechanism for running commands as another user. Instead
of defining a new start() function, simply add something like:
: ${autossh_user:='admin'}
towards the top of the script. (This also means you can override
the setting by defining 'autossh_user="someoneelse"' in /etc/rc.conf
in the usual way)
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081022/f1a5c512/signature.pgp
More information about the freebsd-questions
mailing list