- -w test won't work in vserver, and stderr should be redirected priour stdout

[packages/openssh.git] / opensshd.init

diff --git a/opensshd.init b/opensshd.init
index 58808bcf963e7a57dce1d7375f1a44303bcdfe39..a6cf16ed9bbf17b16ab0a780a7d24ab181835445 100644 (file)
--- a/opensshd.init
+++ b/opensshd.init
@@ -8,6 +8,7 @@
 #              Ssh can be used for remote login, remote file copying, TCP port \
 #              forwarding etc. Ssh offers strong encryption and authentication.
 
+SSHD_OOM_ADJUST=-17
 
 # Source function library
 . /etc/rc.d/init.d/functions
@@ -27,11 +28,20 @@ if is_yes "${NETWORKING}"; then
 else
        exit 0
 fi
-                       
-RETVAL=0
-# See how we were called.
-case "$1" in
-  start)
+
+adjust_oom() {
+       if [ -e /var/run/sshd.pid ]; then
+               for pid in $(cat /var/run/sshd.pid); do
+                       echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_adj
+               done
+       fi
+}
+
+checkconfig() {
+       /usr/sbin/sshd -t || exit 1
+}
+
+start() {
        # generate new keys with empty passwords if they do not exist
        if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
                /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2
@@ -49,6 +59,8 @@ case "$1" in
                [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
        fi
 
+       checkconfig
+
        if [ ! -f /etc/ssh/ssh_host_key ]; then
                msg_not_running OpenSSH
                nls "No SSH host key found! You must run \"%s init\" first." "$0"
@@ -58,26 +70,41 @@ case "$1" in
        # Check if the service is already running?
        if [ ! -f /var/lock/subsys/sshd ]; then
                msg_starting OpenSSH
-               daemon /usr/sbin/sshd 
+               daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd
                RETVAL=$?
-               [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd                
+               adjust_oom
+               [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
        else
                msg_already_running OpenSSH
        fi
-       ;;
-  stop)
+}
+
+stop() {
        if [ -f /var/lock/subsys/sshd ]; then
                msg_stopping OpenSSH
-               killproc sshd
-               rm -f /var/run/sshd.pid /var/lock/subsys/sshd >/dev/null 2>&1
+               # we use start-stop-daemon to stop sshd, as it is unacceptable for such
+               # critical service as sshd to kill it by procname, but unfortunately
+               # rc-scripts does not provide way to kill *only* by pidfile
+               start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
+               rm -f /var/lock/subsys/sshd >/dev/null 2>&1
        else
                msg_not_running OpenSSH
-       fi      
+       fi
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+  start)
+       start
+       ;;
+  stop)
+       stop
        ;;
   restart)
-       $0 stop
-       $0 start
-       exit $?
+       checkconfig
+       stop
+       start
        ;;
   status)
        status sshd
@@ -100,11 +127,12 @@ case "$1" in
        ;;
   reload|force-reload)
        if [ -f /var/lock/subsys/sshd ]; then
+               checkconfig
                msg_reloading OpenSSH
                killproc sshd -HUP
                RETVAL=$?
        else
-               msg_not_running OpenSSH >&2
+               msg_not_running OpenSSH
                exit 7
        fi
        ;;