Re: mysql connection through ssl tunnel

Wed, 22 Oct 2008 09:30:23 -0700 

John Almberg wrote:
Now I just need to figure out how to start it on reboot, but that is something I've been meaning to learn, anyway, so I don't mind. 


I hope you guys will bear with me just a little more... I have spent 
the day trying to figure out how to create an rc script for autossh. 
Very cool, and not as hard as I'd anticipated. It is attached below.



The script works perfectly *iff* I run it from the command line as a 
non-root user, like so:


/usr/local/etc/rc.d/autossh start


However, it does NOT work when executed by root. Instead, I get the 
following error message in /var/log/messages



  messages:Oct 21 19:01:38 on autossh[89267]: ssh exited prematurely 
with status 255; autossh exiting



So (my understanding), autossh is starting, and tries to create the 
tunnel, but the tunnel creation fails with the unhelpful 255 error 
message.


But only when executed by root. That's the puzzling part.


I don't allow root logins on this server, but don't see how that could 
cause this problem....


I'm stumped. Any hints, much appreciated.

-- John

----------------------

#!/bin/sh
# PROVIDE: autossh
# REQUIRE: LOGIN
# KEYWORD: shutdown

. /etc/rc.subr

name="autossh"
rcvar=`set_rcvar`
start_cmd="${name}_start"
stop_cmd=":"

load_rc_config $name
eval "${rcvar}=\${${rcvar}:='NO'}"

command="/usr/local/bin/autossh"
command_args="-M 20000 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED]"
#pidfile="/var/run/autossh.pid"
#AUTOSSH_PIDFILE="$pidfile"; export AUTOSSH_PIDFILE

autossh_start()
{
  ${command} ${command_args}
  echo "started autossh"
}

run_rc_command "$1"



Answering my own question (probably the best way)...


I solved this problem by figuring out how to execute the command inside 
the rc script as a non-root user. Like so:


autossh_start()
{
  echo "${command} ${command_args}"
  su admin -c "${command} ${command_args}"
  echo "started autossh"
}



This works beautifully, so I almost hesitate to ask, but is there 
anything wrong with this approach?


Nothing, except you're re-inventing the wheel.  rc.subr already
has a mechanism for running commands as another user.  Instead
of defining a new start() function, simply add something like:

: ${autossh_user:='admin'}

towards the top of the script.  (This also means you can override
the setting by defining 'autossh_user="someoneelse"' in /etc/rc.conf
in the usual way)

        Cheers,

        Matthew

--
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                 Kent, CT11 9PW




Attachment:
signature.asc

Description: OpenPGP digital signature






















					Reply via email to