From 5d986787b1ddbe7e27291b1426e23262cfcfe188 Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Wed, 29 Aug 2018 17:46:56 +0200 Subject: [PATCH] default data directory migration from /var/tmp/ntopng to /var/lib/ntopng --- doc/nedge/src/conf_backup.rst | 4 ++-- doc/src/cli_options.rst | 4 ++-- doc/src/web_gui/interfaces.rst | 2 +- doc/src/web_gui/settings.rst | 4 ++-- httpdocs/misc/ntopng-utils-manage-config.in | 7 ++++++- include/Ntop.h | 6 +++--- include/Prefs.h | 3 +++ include/ntop_defines.h | 7 ++++--- ntopng.8 | 4 ++-- packages/etc/ntopng/nedge.conf | 2 +- packages/etc/ntopng/ntopng.conf | 2 +- packages/ntopng.spec.in | 11 +++++++++++ packages/ubuntu/debian.ntopng/postinst | 19 ++++++++++++++++++- scripts/locales/en.lua | 1 + scripts/lua/examples/sqlite.lua | 4 ++-- scripts/lua/inc/footer.lua | 6 ++++++ src/Ntop.cpp | 7 +++++-- src/Prefs.cpp | 10 ++++++++-- src/Utils.cpp | 3 ++- src/main.cpp | 7 ++++--- 20 files changed, 84 insertions(+), 29 deletions(-) diff --git a/doc/nedge/src/conf_backup.rst b/doc/nedge/src/conf_backup.rst index 34310842b5..ade56ac3e2 100644 --- a/doc/nedge/src/conf_backup.rst +++ b/doc/nedge/src/conf_backup.rst @@ -18,9 +18,9 @@ nEdge configuration can be restored by placing the compressed tarball (downloaded via Backup Configuration) into the nEdge data directory and restarting the service. The tarball must be named conf.tar.gz. -For example, assuming the default /var/tmp/ntopng data directory has not been changed, one can +For example, assuming the default /var/lib/ntopng data directory has not been changed, one can restore a previously backed-up configuration by placing the compressed -tarball in /var/tmp/ntopng/conf.tar.gz and then issuing a +tarball in /var/lib/ntopng/conf.tar.gz and then issuing a :code:`systemctl restart nedge`. .. note:: diff --git a/doc/src/cli_options.rst b/doc/src/cli_options.rst index 68112b6929..398ec8dfa5 100644 --- a/doc/src/cli_options.rst +++ b/doc/src/cli_options.rst @@ -25,7 +25,7 @@ ntopng supports a large number of command line parameters. To see what they are, [--interface|-i] | Input interface name (numeric/symbolic), | view or pcap file path [--data-dir|-d] | Data directory (must be writable). - | Default: /var/tmp/ntopng + | Default: /var/lib/ntopng [--install-dir|-t] | Set the installation directory to . | Should be set when installing ntopng | under custom directories @@ -39,7 +39,7 @@ ntopng supports a large number of command line parameters. To see what they are, [--prefs-dir|-4] | Preferences directory used to serialize | and deserialize file | containing runtime preferences. - | Default: /var/tmp/ntopng + | Default: /var/lib/ntopng [--no-promisc|-u] | Don't set the interface in promisc mode. [--traffic-filtering|-k] | Filter traffic using cloud services. | (default: disabled). Available options: diff --git a/doc/src/web_gui/interfaces.rst b/doc/src/web_gui/interfaces.rst index b8e48f48ac..407ee72625 100644 --- a/doc/src/web_gui/interfaces.rst +++ b/doc/src/web_gui/interfaces.rst @@ -216,5 +216,5 @@ to generate a PCAP file containing the traffic of all the flows marked as "Unkno which can then be submitted to the ntop team for further analysis. Pcap files are generated under the ntopng data directory, into the "pcap" folder -of a specific network inteface id (e.g. `/var/tmp/ntopng/0/pcap`). In particular, +of a specific network inteface id (e.g. `/var/lib/ntopng/0/pcap`). In particular, The unknown traffic is stored into the folder "pcap/ndpi_unknown". diff --git a/doc/src/web_gui/settings.rst b/doc/src/web_gui/settings.rst index 0af259a5c1..a2121a9c0f 100644 --- a/doc/src/web_gui/settings.rst +++ b/doc/src/web_gui/settings.rst @@ -64,9 +64,9 @@ ntopng configuration can be restored by placing the compressed tarball (downloaded via Backup Configuration) into the ntopng data directory and restarting the service. The tarball must be named conf.tar.gz. -For example, assuming the default /var/tmp/ntopng data directory has not been changed, one can +For example, assuming the default /var/lib/ntopng data directory has not been changed, one can restore a previously backed-up configuration by placing the compressed -tarball in /var/tmp/ntopng/conf.tar.gz and then issuing a +tarball in /var/lib/ntopng/conf.tar.gz and then issuing a :code:`systemctl restart ntopng`. .. note:: diff --git a/httpdocs/misc/ntopng-utils-manage-config.in b/httpdocs/misc/ntopng-utils-manage-config.in index d710aff91e..f7ee25c33b 100755 --- a/httpdocs/misc/ntopng-utils-manage-config.in +++ b/httpdocs/misc/ntopng-utils-manage-config.in @@ -2,7 +2,12 @@ DEFAULT_CONF_FILE="/etc/ntopng/ntopng.conf" -DEFAULT_DATADIR="/var/tmp/ntopng" +DEFAULT_DATADIR="/var/lib/ntopng" +OLD_DEFAULT_DATADIR="/var/tmp/ntopng" +if [ -d "${OLD_DEFAULT_DATADIR}" ]; then + DEFAULT_DATADIR="${OLD_DEFAULT_DATADIR}" +fi + DATADIR="${DEFAULT_DATADIR}" DATADIR_SET=false diff --git a/include/Ntop.h b/include/Ntop.h index 7a2a179628..086201ad4e 100644 --- a/include/Ntop.h +++ b/include/Ntop.h @@ -40,9 +40,9 @@ class Ntop { private: AddressTree local_interface_addresses; char epoch_buf[11]; - char working_dir[MAX_PATH]; /**< Array of working directory. */ - char install_dir[MAX_PATH]; /**< Array of install directory. */ - char startup_dir[MAX_PATH]; /**< Array of startup directory. */ + char working_dir[MAX_PATH]; /**< Working directory. */ + char install_dir[MAX_PATH]; /**< Install directory. */ + char startup_dir[MAX_PATH]; /**< Startup directory. */ char *custom_ndpi_protos; /**< Pointer of a custom protocol for nDPI. */ NetworkInterface **iface; /**< Array of network interfaces. */ u_int8_t num_defined_interfaces; /**< Number of defined interfaces. */ diff --git a/include/Prefs.h b/include/Prefs.h index c66cdba94d..85c7d10acc 100644 --- a/include/Prefs.h +++ b/include/Prefs.h @@ -103,6 +103,7 @@ class Prefs { char *config_file_path, *ndpi_proto_path; char *packet_filter; char *user; + bool user_set; char *redis_host; char *redis_password; char *pid_path; @@ -178,6 +179,8 @@ class Prefs { inline bool are_ixia_timestamps_enabled() { return(enable_ixia_timestamps); }; inline bool are_vss_apcon_timestamps_enabled() { return(enable_vss_apcon_timestamps); }; inline char* get_user() { return(user); }; + inline void set_user(const char *u) { if(user) free(user); user = strdup(u); user_set = true; }; + inline bool is_user_set() { return user_set; }; inline u_int8_t get_num_user_specified_interfaces() { return(num_interfaces); }; inline bool do_read_flows_from_nprobe_mysql() { return(read_flows_from_mysql); }; inline bool do_dump_flows_on_es() { return(dump_flows_on_es); }; diff --git a/include/ntop_defines.h b/include/ntop_defines.h index 10e9870a7d..d85520edd1 100644 --- a/include/ntop_defines.h +++ b/include/ntop_defines.h @@ -359,7 +359,8 @@ #define NTOPNG_NDPI_OS_PROTO_ID (NDPI_LAST_IMPLEMENTED_PROTOCOL+NDPI_MAX_NUM_CUSTOM_PROTOCOLS-2) #define CONST_DEFAULT_HOME_NET "192.168.1.0/24" -#define CONST_DEFAULT_DATA_DIR "/var/tmp/ntopng" +#define CONST_OLD_DEFAULT_DATA_DIR "/var/tmp/ntopng" +#define CONST_DEFAULT_DATA_DIR "/var/lib/ntopng" #define CONST_DEFAULT_MAX_UI_STRLEN 24 #define CONST_DEFAULT_IS_AUTOLOGOUT_ENABLED 1 #define CONST_DEFAULT_IS_IDLE_LOCAL_HOSTS_CACHE_ENABLED 1 @@ -377,14 +378,14 @@ #define CONST_DEFAULT_SCRIPTS_DIR "scripts" #define CONST_DEFAULT_CALLBACKS_DIR "scripts/callbacks" #define CONST_DEFAULT_USERS_FILE "ntopng-users.conf" -#define CONST_DEFAULT_WRITABLE_DIR "/var/tmp" #define CONST_DEFAULT_INSTALL_DIR (DATA_DIR "/ntopng") #define CONST_ALT_INSTALL_DIR "/usr/share/ntopng" #define CONST_ALT2_INSTALL_DIR "/usr/local/share/ntopng" #define CONST_HTTP_PREFIX_STRING "@HTTP_PREFIX@" #define CONST_NTOP_STARTUP_EPOCH "@NTOP_STARTUP_EPOCH@" #define CONST_NTOP_PRODUCT_NAME "@NTOP_PRODUCT_NAME@" -#define CONST_DEFAULT_NTOP_USER "nobody" +#define CONST_OLD_DEFAULT_NTOP_USER "nobody" +#define CONST_DEFAULT_NTOP_USER "ntopng" #define CONST_TOO_EARLY "(Too Early)" #define CONST_LUA_OK 1 diff --git a/ntopng.8 b/ntopng.8 index 082ea044e0..0358c8d4f6 100644 --- a/ntopng.8 +++ b/ntopng.8 @@ -186,13 +186,13 @@ can be instructed to act as a publisher delivering flows to a ZeroMQ endpoint us Finally using \-i dummy it is possible to create a dummy interface that generates a large number of flows/hosts in order to saturate ntopng resources. This way ntopng can be tested for performance issues as well proper handling of low-memory situations. .It \-d|\-\-data\-dir\ -Specifies the data directory (it must be writable). Default directory is /var/tmp/ntopng +Specifies the data directory (it must be writable). Default directory is /var/lib/ntopng .It \-t|\-\-install\-dir\ Specifies the installation directory. Default directory is retrieved from common install paths. .It \-G|\-\-pid\-path\ -Specifies the path where the PID (process ID) is saved. Default is /var/tmp/ntopng.pid +Specifies the path where the PID (process ID) is saved. Default is /var/run/ntopng.pid .It \-k|\-\-traffic\-filtering\ Set the key used to access httpbl services (default: disabled). Please read README.httpbl and README.flashstart for more info. diff --git a/packages/etc/ntopng/nedge.conf b/packages/etc/ntopng/nedge.conf index d7638ffa39..906c4985a0 100644 --- a/packages/etc/ntopng/nedge.conf +++ b/packages/etc/ntopng/nedge.conf @@ -63,7 +63,7 @@ # -d|--data-dir # Specifies the data directory (it must be writable by the user that is executing ntopng). # -# -d=/var/tmp/ntopng +# -d=/var/lib/ntopng # # -q|--disable-autologout # Disable web interface logout for inactivity. diff --git a/packages/etc/ntopng/ntopng.conf b/packages/etc/ntopng/ntopng.conf index 24ec47b500..f66b9d64b7 100644 --- a/packages/etc/ntopng/ntopng.conf +++ b/packages/etc/ntopng/ntopng.conf @@ -62,7 +62,7 @@ # -d|--data-dir # Specifies the data directory (it must be writable by the user that is executing ntopng). # -# -d=/var/tmp/ntopng +# -d=/var/lib/ntopng # # -q|--disable-autologout # Disable web interface logout for inactivity. diff --git a/packages/ntopng.spec.in b/packages/ntopng.spec.in index 0c3a2c7efa..27ce561a58 100644 --- a/packages/ntopng.spec.in +++ b/packages/ntopng.spec.in @@ -37,6 +37,7 @@ if [ -d $RPM_BUILD_ROOT ]; then fi mkdir -p $RPM_BUILD_ROOT/usr/bin $RPM_BUILD_ROOT/usr/share/ntopng $RPM_BUILD_ROOT/usr/share/man/man8 +mkdir -p $RPM_BUILD_ROOT/var/lib/ntopng mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d %if 0%{?centos_ver} != 7 mkdir -p $RPM_BUILD_ROOT/etc/init.d @@ -100,6 +101,8 @@ rm -fr $RPM_BUILD_ROOT #/etc/ntopng/ntopng.conf.sample #/etc/ntopng/ntopng.start +%dir %attr(700, ntopng, ntopng) /var/lib/ntopng + # Set the default attributes of all of the files specified to have an # owner and group of root and to inherit the permissions of the file # itself. @@ -115,6 +118,14 @@ rm -fr $RPM_BUILD_ROOT # un-install: preun -> (delete) -> postun %pre +if ! grep -q ntopng /etc/group; then + echo 'Creating ntopng group' + /usr/sbin/groupadd -r ntopng +fi +if ! /usr/bin/id -u ntopng > /dev/null 2>&1; then + echo 'Creating ntopng user' + /usr/sbin/useradd -M -N -g ntopng -r ntopng +fi %if 0%{?centos_ver} != 7 case "$1" in 1) diff --git a/packages/ubuntu/debian.ntopng/postinst b/packages/ubuntu/debian.ntopng/postinst index f61e1f4563..402ed19865 100755 --- a/packages/ubuntu/debian.ntopng/postinst +++ b/packages/ubuntu/debian.ntopng/postinst @@ -17,11 +17,28 @@ esac umask 022 +if ! grep -q ntopng /etc/group; then + echo 'Creating ntopng group' + /usr/sbin/groupadd -r ntopng +fi + +if ! /usr/bin/id -u ntopng > /dev/null 2>&1; then + echo "Creating ntopng user..." + /usr/sbin/useradd -M -N -g ntopng -r ntopng +fi + +DATA_DIR=/var/lib/ntopng +if [ ! -d "$DATA_DIR" ]; then + mkdir $DATA_DIR + /bin/chown ntopng:ntopng $DATA_DIR + /bin/chmod 700 $DATA_DIR +fi + echo "Rebuilding ld cache..." /sbin/ldconfig if [ ! -f /usr/local/bin/ntopng ] && [ ! -L /usr/local/bin/ntopng ] ; then - ln -s /usr/bin/ntopng /usr/local/bin/ntopng + ln -s /usr/bin/ntopng /usr/local/bin/ntopng fi if [ -d /usr/local/share/ntopng ] ; then diff --git a/scripts/locales/en.lua b/scripts/locales/en.lua index d45fd59ea5..f2c6277163 100644 --- a/scripts/locales/en.lua +++ b/scripts/locales/en.lua @@ -156,6 +156,7 @@ local lang = { ["built_on"] = "Built on", ["copyright"] = "Copyright", ["cpu_load"] = "CPU load", + ["datadir_warning"] = "Data directory migration notice", ["last_log"] = "Last Log Trace", ["licence"] = "License", ["licence_expires_in"] = "License expires in %{time}", diff --git a/scripts/lua/examples/sqlite.lua b/scripts/lua/examples/sqlite.lua index cc0a6868f8..deec111272 100644 --- a/scripts/lua/examples/sqlite.lua +++ b/scripts/lua/examples/sqlite.lua @@ -25,7 +25,7 @@ if (query == nil) then ]] @@ -71,4 +71,4 @@ else end end print ('Total flows: ' .. num .. '') -dofile(dirs.installdir .. "/scripts/lua/inc/footer.lua") \ No newline at end of file +dofile(dirs.installdir .. "/scripts/lua/inc/footer.lua") diff --git a/scripts/lua/inc/footer.lua b/scripts/lua/inc/footer.lua index 53abfdd04e..7fa0b55639 100644 --- a/scripts/lua/inc/footer.lua +++ b/scripts/lua/inc/footer.lua @@ -71,6 +71,12 @@ if have_nedge then ) end +if(dirs.workingdir == "/var/tmp/ntopng") then + print('
') + print(i18n("about.datadir_warning")) + print('') +end + if(info["pro.systemid"] and (info["pro.systemid"] ~= "")) then local do_show = false diff --git a/src/Ntop.cpp b/src/Ntop.cpp index 472c3c7362..09ef0cba1e 100644 --- a/src/Ntop.cpp +++ b/src/Ntop.cpp @@ -93,8 +93,11 @@ Ntop::Ntop(char *appName) { dirs[0] = startup_dir; dirs[1] = install_dir; #else - /* Folder will be created lazily, avoid creating it now */ - snprintf(working_dir, sizeof(working_dir), "%s/ntopng", CONST_DEFAULT_WRITABLE_DIR); + /* Note: working_dir folder will be created lazily, avoid creating it now */ + if (Utils::dir_exists(CONST_OLD_DEFAULT_DATA_DIR)) /* keep using the old dir */ + snprintf(working_dir, sizeof(working_dir), CONST_OLD_DEFAULT_DATA_DIR); + else + snprintf(working_dir, sizeof(working_dir), CONST_DEFAULT_DATA_DIR); //umask(0); diff --git a/src/Prefs.cpp b/src/Prefs.cpp index e7e6a47601..3cd68eb90f 100755 --- a/src/Prefs.cpp +++ b/src/Prefs.cpp @@ -70,6 +70,7 @@ Prefs::Prefs(Ntop *_ntop) { https_port = 0; // CONST_DEFAULT_NTOP_PORT+1; change_user = true, daemonize = false; user = strdup(CONST_DEFAULT_NTOP_USER); + user_set = false; http_binding_address1 = NULL; http_binding_address2 = NULL; https_binding_address1 = NULL; // CONST_ANY_ADDRESS; @@ -1203,8 +1204,7 @@ int Prefs::setOption(int optkey, char *optarg) { break; case 'U': - free(user); - user = strdup(optarg); + set_user(optarg); break; case 'V': @@ -1359,6 +1359,12 @@ int Prefs::checkOptions() { if(https_binding_address1 == NULL) https_binding_address1 = strdup(CONST_ANY_ADDRESS); if(https_binding_address2 == NULL) https_binding_address2 = strdup(CONST_ANY_ADDRESS); + if (strcmp(ntop->get_working_dir(), CONST_OLD_DEFAULT_DATA_DIR) == 0 && !is_user_set()) { + /* Using the old /var/tmp/ntopng with the default user: + * keep using 'nobody' to preserve backward compaitibility */ + set_user(CONST_OLD_DEFAULT_NTOP_USER); + } + return(0); } diff --git a/src/Utils.cpp b/src/Utils.cpp index 6471b4ff45..72c7268377 100755 --- a/src/Utils.cpp +++ b/src/Utils.cpp @@ -484,7 +484,8 @@ int Utils::dropPrivileges() { pw = getpwnam(username); if(pw == NULL) { - username = "anonymous"; + /* if the user (e.g. 'ntopng') does not exists, falls back to 'nobody' */ + username = CONST_OLD_DEFAULT_NTOP_USER; pw = getpwnam(username); } diff --git a/src/main.cpp b/src/main.cpp index 653d11891d..9bada2ec9c 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -313,8 +313,9 @@ int main(int argc, char *argv[]) */ if(prefs->do_change_user() && (prefs->get_http_port() >= 1024) - && (prefs->get_https_port() >= 1024)) + && (prefs->get_https_port() >= 1024)) { Utils::dropPrivileges(); + } ntop->loadGeolocation(prefs->get_docs_dir()); ntop->loadMacManufacturers(prefs->get_docs_dir()); @@ -352,8 +353,8 @@ int main(int argc, char *argv[]) if((fd = fopen(path, "w")) == NULL) { ntop->getTrace()->traceEvent(TRACE_ERROR, - "Unable to write on %s [%s]: %s. Please specify a different directory (-d)", - ntop->get_working_dir(), path, strerror(errno)); + "Unable to write on %s as '%s' [%s]: %s. Please specify a different directory (-d)", + ntop->get_working_dir(), prefs->get_user(), path, strerror(errno)); exit(EXIT_FAILURE); } else { chmod(path, CONST_DEFAULT_FILE_MODE);