oils_ctl.sh and autogen.sh should not require the opensrf account

Branch is at https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads / working/user/jboyer/lp1900005_dont_sweat_the_user

Basic test plan from the commit message follows.

To test:
Pre-patch:
Use oils_ctl.sh to start SIP or z3950 as opensrf, Success.
Use oils_ctl.sh to start SIP or z3950 as yourself, Failure.
Use oils_ctl.sh to start SIP or z3950 as root, Failure.
Run autogen.sh as opensrf, Success.
Run autogen.sh as yourself, Failure.
Run autogen.sh as root, Failure.

Post patch:
Use oils_ctl.sh to start SIP or z3950 as opensrf, Success.
Use oils_ctl.sh to start SIP or z3950 as your normal user, Success.
Use oils_ctl.sh to start SIP or z3950 as root, Failure.
Run autogen.sh as opensrf, Success.
Run autogen.sh as yourself, potential Success - IF you're able to write to the correct directory / files.
Run autogen.sh as root, Failure.

Some quick testing notes: while you do need to do a full OpenSRF / Evergreen install in order to test this, you don't need to worry about setting up Apache / websocketd / Nginx or having a TLS certificate or anything like that. You can practically test with just ps or top, though using srfsh to perform a request and also logging into SIP with netcat / nc / telnet / whatever would be more thorough.

Per discussion at https://stackoverflow.com/questions/18215973/how-to-check-if-running-as-root-in-a-bash-script, checking against 'id -u' is probably a bit better; it at least guards setups where the root user's username is not actually 'root'.

Also, the checks for write-ability by autogen.sh should be more comprehensive:

- also check the = FMDOJODIR, SLIMPACDIR, and LOCALSTATEDIR/web/ directories
- also check for ability to write to the actual files

Looks like SKINDIR can simply get dropped.

Good points. I've force-pushed an update to the same branch that:
Uses id -u to verify user id rather than name,
Checks all 3 output directories in autogen.sh, and
Removes a couple unused variables in autogen.sh: SKINDIR and COMPRESSOR.

There's a third, optional, commit that also normalizes the indenting on 4 spaces rather than a mixture of 4 spaces and tabs and removes unnecessary semicolons.

Note to self, cut and copy do different things.

Branch is at https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/jboyer/lp1900005_dont_sweat_the_user / working/user/jboyer/lp1900005_dont_sweat_the_user

Jason, thanks for this work.

I tested it with the opensrf user and everything works as expected.

I tested with another user who was added to the opensrf group as well as a couple of others.

This user was able to start OpenSRF services, but the PID files were not created because of permissions issues. This means that the user had to include the --kill-with-fire option to stop the services. Additionally, it appears that the services implemented in C were not running.

This other user was also able to start the SIPServer with oils_ctl.sh, but the PID file was also not created. I had to use pkill to stop the SIPServer after it was started.

Note that because of the lack of running C services, the SIPServer would not actually function if used, neither would most of Evergreen.

I understand that I could easily repair some of this by changing permissions on a couple of directories, but I don't think that should be necessary.

I think a better, more Linux-like, approach would be to provide start up scripts or programs that are started as root and then switch to he appropriate user once started. This is pretty much the expected behavior of normal system services.

Hi Jason, you're right that the long term correction is to throw some systemd units into place, but the pid directory issue should be fixed by using -d to tell it where the pid files can be written. This will likely make the C services happier also.

I've squashed and signed off Jason Boyer's commits, available at the top of https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/miker/lp1900005_dont_sweat_the_user-signoff now.

While I agree that providing systemd units (or similar as appropriate) for startup would be good for simple installations, there are use cases that benefit from more flexibility. This branch removes the hard requirement that there only be one (non-virtualized) running copy of Evergreen on a server, and that the username of the account starting the code be spelled exactly "opensrf".

Thanks, Jasons, for writing and testing!

Works well for me! Pushed to 3.7 and above. Thanks, Jason and Mike!