Я пытаюсь заставить Kibana прослушивать порт 80, поэтому он должен работать как root. Как я могу это сделать? Сценарий инициализации выглядит следующим образом:
#!/bin/sh
# Init script for kibana
# Maintained by
# Generated by pleaserun.
# Implemented based on LSB Core 3.1:
# * Sections: 20.2, 20.3
#
### BEGIN INIT INFO
# Provides: kibana
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description:
# Description: no description given
### END INIT INFO
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
name=kibana
program=/opt/kibana/bin/kibana
args=''
pidfile="/var/run/$name.pid"
[ -r /etc/default/$name ] && . /etc/default/$name
[ -r /etc/sysconfig/$name ] && . /etc/sysconfig/$name
trace() {
logger -t "/etc/init.d/kibana" "$@"
}
emit() {
trace "$@"
echo "$@"
}
start() {
# Ensure the log directory is setup correctly.
[ ! -d "/var/log/kibana/" ] && mkdir "/var/log/kibana/"
chown "$user":"$group" "/var/log/kibana/"
chmod 755 "/var/log/kibana/"
# Setup any environmental stuff beforehand
# Run the program!
chroot --userspec "$user":"$group" "$chroot" sh -c "
cd \"$chdir\"
exec \"$program\" $args
" >> /var/log/kibana/kibana.stdout 2>> /var/log/kibana/kibana.stderr &
# Generate the pidfile from here. If we instead made the forked process
# generate it there will be a race condition between the pidfile writing
# and a process possibly asking for status.
echo $! > $pidfile
emit "$name started"
return 0
}
stop() {
# Try a few times to kill TERM the program
if status ; then
pid=$(cat "$pidfile")
trace "Killing $name (pid $pid) with SIGTERM"
kill -TERM $pid
# Wait for it to exit.
for i in 1 2 3 4 5 ; do
trace "Waiting $name (pid $pid) to die..."
status || break
sleep 1
done
if status ; then
emit "$name stop failed; still running."
else
emit "$name stopped."
fi
fi
}
status() {
if [ -f "$pidfile" ] ; then
pid=$(cat "$pidfile")
if ps -p $pid > /dev/null 2> /dev/null ; then
# process by this pid is running.
# It may not be our pid, but that's what you get with just pidfiles.
# TODO(sissel): Check if this process seems to be the same as the one we
# expect. It'd be nice to use flock here, but flock uses fork, not exec,
# so it makes it quite awkward to use in this case.
return 0
else
return 2 # program is dead but pid file exists
fi
else
return 3 # program is not running
fi
}
force_stop() {
if status ; then
stop
status && kill -KILL $(cat "$pidfile")
fi
}
case "$1" in
force-start|start|stop|force-stop|restart)
trace "Attempting '$1' on kibana"
;;
esac
case "$1" in
force-start)
PRESTART=no
exec "$0" start
;;
start)
status
code=$?
if [ $code -eq 0 ]; then
emit "$name is already running"
exit $code
else
start
exit $?
fi
;;
stop) stop ;;
force-stop) force_stop ;;
status)
status
code=$?
if [ $code -eq 0 ] ; then
emit "$name is running"
else
emit "$name is not running"
fi
exit $code
;;
restart)
stop && start
;;
*)
echo "Usage: $SCRIPTNAME {start|force-start|stop|force-start|force-stop|status|restart}" >&2
exit 3
;;
esac
exit $?
Не запускайте службы как root. Вот один простой, но разумный вариант:
iptables
для перенаправления запросов, полученных через порт 80, на порт 8080.Здесь обсуждаются другие альтернативы: Есть ли способ привязки некорневых процессов к привилегированным портам?
редактировать /etc/sysconfig/kibana
и в конце добавьте строку:
user=root