From 93ab01263c2f819962346555d3d199e9751ab8a2 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Mon, 19 Sep 2016 09:27:38 +0100 Subject: [PATCH] Change the ownership of the pid folder when using a sub-folder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is an alternative to the fix made in 3b52909 which removed the chown call entirely. Prior to 3b52909, the ownership of $PID_FOLDER was always changed even when its value was /var/run. This was problematic as it could prevent other services from creating their pid folder or file. When a sub-folder is used, changing its ownership so that it’s owned by the user that will run the app is desirable as it limits access to the folder. Rather than removing the chown call entirely, this commit ensures that it only happens when a sub-folder is being used to hold the pid file. Closes gh-6532 --- .../org/springframework/boot/loader/tools/launch.script | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spring-boot-tools/spring-boot-loader-tools/src/main/resources/org/springframework/boot/loader/tools/launch.script b/spring-boot-tools/spring-boot-loader-tools/src/main/resources/org/springframework/boot/loader/tools/launch.script index db3fa0087d0..597a0347b34 100755 --- a/spring-boot-tools/spring-boot-loader-tools/src/main/resources/org/springframework/boot/loader/tools/launch.script +++ b/spring-boot-tools/spring-boot-loader-tools/src/main/resources/org/springframework/boot/loader/tools/launch.script @@ -106,6 +106,7 @@ fi # Build the pid and log filenames if [[ "$identity" == "$init_script" ]] || [[ "$identity" == "$APP_NAME" ]]; then PID_FOLDER="$PID_FOLDER/${identity}" + pid_subfolder=$PID_FOLDER fi pid_file="$PID_FOLDER/${identity}.pid" log_file="$LOG_FOLDER/$LOG_FILENAME" @@ -143,6 +144,9 @@ do_start() { mkdir "$PID_FOLDER" &> /dev/null if [[ -n "$run_user" ]]; then checkPermissions || return $? + if [[ -z "$pid_subfolder" ]]; then + chown "$run_user" "$pid_subfolder" + fi chown "$run_user" "$pid_file" chown "$run_user" "$log_file" if [ $USE_START_STOP_DAEMON = true ] && type start-stop-daemon > /dev/null 2>&1; then