>Number:         15563
>Category:       bin
>Synopsis:       Enhance rc.subr with two new features. (no su for users, and procname check)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 09 20:56:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Ron Roskens
>Release:        NetBSD-current 2002-02-07
>Organization:
Elfin
>Environment:
	
	
System: NetBSD hysteria.elfin.net 1.5Y NetBSD 1.5Y (HYSTERIA) #5: Fri Nov 23 01:09:23 CST 2001 root@hysteria.elfin.net:/usr/src/sys/arch/i386/compile/HYSTERIA i386
Architecture: i386
Machine: i386
>Description:
The rc.subr documentation incorrectly uses the check_pidfile function.
The correct usage is "check_pidfile $pidfile $command". Comments indicate
that if ${arg}_cmd is set then $command is not needed. This is incorrect in
the case where $pidfile is used.

rc.subr does not have functionality to allow a user to run a rc.d style
script if they are the same user as ${name}_user.

rc.subr does not have functionality to allow a check for a different
process name other than $command.

>How-To-Repeat:

Use a script which sets ${arg}_cmd and $pidfile but does not set $command.

Have a script set ${name}_user and try to run that script as ${name}_user.
Watch it prompt for the password again.

Run a java process through an rc.d style script. See all status commands fail
since $command is not the same as whats running.

>Fix:

Apply the following patch.

--- rc.subr.orig	Sat Feb  9 22:19:11 2002
+++ rc.subr	Sat Feb  9 22:18:53 2002
@@ -226,8 +226,11 @@
 #
 #	extra_commands	n	List of extra commands supported.
 #
-#	pidfile		n	If set, use check_pidfile $pidfile, else if
-#				$command is set, use check_process $command.
+#	pidfile		n	If set, use check_pidfile $pidfile $command,
+#				otherwise use check_process $command.
+#
+#	procname	n	Optional process name to check for in place
+#				of $command.
 #
 #	rcvar		n	This is checked with checkyesno to determine
 #				if the action should be run.
@@ -282,7 +285,7 @@
 #				${command}
 #
 #	stop		if ${pidfile}
-#				_pid=`check_pidfile $pidfile`
+#				_pid=`check_pidfile $pidfile $command`
 #			else
 #				_pid=`check_process $command`
 #			kill $sig_stop $_pid
@@ -327,12 +330,19 @@
 	_keywords="start stop restart rcvar $extra_commands"
 	_pid=
 	_pidcmd=
+
+	if [ -z "$procname" ]; then
+		procname=$command
+	fi
+
 					# setup pid check command if not fast
 	if [ -z "$_rc_fast_run" ]; then
-		if [ -n "$pidfile" ]; then
-			_pidcmd='_pid=`check_pidfile '$pidfile' '$command'`'
-		elif [ -n "$command" ]; then
-			_pidcmd='_pid=`check_process '$command'`'
+		if [ -n "$procname" ]; then
+			if [ -n "$pidfile" ]; then
+				_pidcmd='_pid=`check_pidfile '$pidfile' '$procname'`'
+			else
+				_pidcmd='_pid=`check_process '$procname'`'
+			fi
 		fi
 		if [ -n "$_pidcmd" ]; then
 			_keywords="${_keywords} status poll"
@@ -351,6 +361,11 @@
 	eval _chdir=\$${name}_chdir	_chroot=\$${name}_chroot \
 	    _nice=\$${name}_nice	_user=\$${name}_user \
 	    _group=\$${name}_group	_groups=\$${name}_groups
+
+	# Unset _user if we are the user.
+	if [ -n "$_user" -a "$_user" = "`id -un`" ]; then
+		unset _user     
+	fi
 
 					# if ${rcvar} is set, and $1 is not
 					# "rcvar" or "status", then run
>Release-Note:
>Audit-Trail:
>Unformatted:
 Enhance rc.subr with two new features. (no su for users, and procname check)