1 |
slords |
1.1 |
diff -up e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts.fixwww e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts |
2 |
|
|
--- e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts.fixwww 2013-03-09 15:25:42.230988632 -0700 |
3 |
|
|
+++ e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts 2013-03-09 15:25:25.879950605 -0700 |
4 |
|
|
@@ -48,6 +48,53 @@ system(qw(/usr/sbin/groupadd -g 21 -r -f |
5 |
|
|
system(qw(/usr/sbin/useradd -u 38 -s /sbin/nologin -d /etc/ntp ntp)) |
6 |
|
|
unless (getpwnam("ntp")); |
7 |
|
|
|
8 |
|
|
+#-------------------------------------------------- |
9 |
|
|
+# create user "www" if not already present; otherwise change comment to |
10 |
|
|
+# "e-smith private web server" (used to just say "e-smith web server") |
11 |
|
|
+#-------------------------------------------------- |
12 |
|
|
+ |
13 |
|
|
+if ( !getpwnam("www") ) |
14 |
|
|
+{ |
15 |
|
|
+ if ($ldapauth eq 'enabled') |
16 |
|
|
+ { |
17 |
|
|
+ `/usr/sbin/cpu groupadd -g 102 www`; |
18 |
|
|
+ `/usr/sbin/cpu useradd -u 102 -g 102 -f 'e-smith' -E 'web server' -d /home/e-smith -G shared -M -s /bin/false www`; |
19 |
|
|
+ } |
20 |
|
|
+ else |
21 |
|
|
+ { |
22 |
|
|
+ die "Error creating www user or group" unless ( |
23 |
|
|
+ system("/usr/sbin/groupadd -g 102 -o www") == 0 && |
24 |
|
|
+ system("/usr/sbin/useradd -u 102 -g 102 -o -c 'e-smith web server' -d /home/e-smith -M -s /bin/false www") == 0 |
25 |
|
|
+ ); |
26 |
|
|
+ } |
27 |
|
|
+} |
28 |
|
|
+else |
29 |
|
|
+{ |
30 |
|
|
+ my $uid = `/usr/bin/id -u www`; |
31 |
|
|
+ chomp($uid); |
32 |
|
|
+ my $gid = `/usr/bin/id -g www`; |
33 |
|
|
+ chomp($gid); |
34 |
|
|
+ if ( $uid ne '102' || $gid ne '102' ) |
35 |
|
|
+ { |
36 |
|
|
+ if ($ldapauth eq 'enabled') |
37 |
|
|
+ { |
38 |
|
|
+ die "Error changing www uid or gid" unless ( |
39 |
|
|
+ system("/usr/sbin/cpu groupmod -g 102 www") == 0 && |
40 |
|
|
+ system("/usr/sbin/cpu usermod -u 102 -g 102 www") == 0 |
41 |
|
|
+ ); |
42 |
|
|
+ } |
43 |
|
|
+ else |
44 |
|
|
+ { |
45 |
|
|
+ die "Error changing www uid or gid" unless ( |
46 |
|
|
+ system("/usr/sbin/groupmod -g 102 -o www") == 0 && |
47 |
|
|
+ system("/usr/sbin/usermod -u 102 -g 102 -o www") == 0 |
48 |
|
|
+ ); |
49 |
|
|
+ } |
50 |
|
|
+ warn "failed to fix permissions for www" unless ( |
51 |
|
|
+ system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0 |
52 |
|
|
+ ); |
53 |
|
|
+ } |
54 |
|
|
+} |
55 |
|
|
|
56 |
|
|
# create user "admin" if not already present; |
57 |
|
|
if ( !getpwnam("admin") ) |
58 |
|
|
@@ -127,91 +174,46 @@ if ( !getpwnam("public") ) |
59 |
|
|
} |
60 |
|
|
|
61 |
|
|
#-------------------------------------------------- |
62 |
|
|
-# create user "www" if not already present; otherwise change comment to |
63 |
|
|
-# "e-smith private web server" (used to just say "e-smith web server") |
64 |
|
|
+# www account already exists. Make sure that it is in groups "admin" |
65 |
|
|
+# and "shared" without disturbing any other group memberships. |
66 |
|
|
+# First get list of existing groups for www. |
67 |
|
|
#-------------------------------------------------- |
68 |
|
|
|
69 |
|
|
-if ( !getpwnam("www") ) |
70 |
|
|
+my $groups = `/usr/bin/id -G -n www 2>/dev/null`; |
71 |
|
|
+if ($? != 0) |
72 |
|
|
{ |
73 |
|
|
- if ($ldapauth eq 'enabled') |
74 |
|
|
- { |
75 |
|
|
- `/usr/sbin/cpu useradd -u 102 -g 102 -f 'e-smith' -E 'web server' -d /home/e-smith -G shared -M -s /bin/false www`; |
76 |
|
|
- } |
77 |
|
|
- else |
78 |
|
|
- { |
79 |
|
|
- `/usr/sbin/useradd -u 102 -g 102 -c 'e-smith web server' -d /home/e-smith -G shared -M -s /bin/false www`; |
80 |
|
|
- } |
81 |
|
|
+ die "Failed to get supplementary group list for www.\n"; |
82 |
|
|
} |
83 |
|
|
-else |
84 |
|
|
-{ |
85 |
|
|
- my $uid = `/usr/bin/id -u www`; |
86 |
|
|
- chomp($uid); |
87 |
|
|
- my $gid = `/usr/bin/id -g www`; |
88 |
|
|
- chomp($gid); |
89 |
|
|
- if ( $uid ne '102' || $gid ne '102' ) |
90 |
|
|
- { |
91 |
|
|
- if ($ldapauth eq 'enabled') |
92 |
|
|
- { |
93 |
|
|
- die "Error changing www uid or gid" unless ( |
94 |
|
|
- system("/usr/sbin/cpu groupmod -g 102 www") == 0 && |
95 |
|
|
- system("/usr/sbin/cpu usermod -u 102 -g 102 www") == 0 |
96 |
|
|
- ); |
97 |
|
|
- } |
98 |
|
|
- else |
99 |
|
|
- { |
100 |
|
|
- die "Error changing www uid or gid" unless ( |
101 |
|
|
- system("/usr/sbin/groupmod -g 102 -o www") == 0 && |
102 |
|
|
- system("/usr/sbin/usermod -u 102 -g 102 -o www") == 0 |
103 |
|
|
- ); |
104 |
|
|
- } |
105 |
|
|
- warn "failed to fix permissions for www" unless ( |
106 |
|
|
- system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0 |
107 |
|
|
- ); |
108 |
|
|
- } |
109 |
|
|
- |
110 |
|
|
- |
111 |
|
|
- #-------------------------------------------------- |
112 |
|
|
- # www account already exists. Make sure that it is in groups "admin" |
113 |
|
|
- # and "shared" without disturbing any other group memberships. |
114 |
|
|
- # First get list of existing groups for www. |
115 |
|
|
- #-------------------------------------------------- |
116 |
|
|
- |
117 |
|
|
- my $groups = `/usr/bin/id -G -n www 2>/dev/null`; |
118 |
|
|
- if ($? != 0) |
119 |
|
|
- { |
120 |
|
|
- die "Failed to get supplementary group list for www.\n"; |
121 |
|
|
- } |
122 |
|
|
- chomp ($groups); |
123 |
|
|
+chomp ($groups); |
124 |
|
|
|
125 |
|
|
- my @groupList = split (/\s+/, $groups); |
126 |
|
|
+my @groupList = split (/\s+/, $groups); |
127 |
|
|
|
128 |
|
|
- #-------------------------------------------------- |
129 |
|
|
- # Modify group list to make sure "admin" and "shared" |
130 |
|
|
- # are listed exactly once each. |
131 |
|
|
- #-------------------------------------------------- |
132 |
|
|
+#-------------------------------------------------- |
133 |
|
|
+# Modify group list to make sure "admin" and "shared" |
134 |
|
|
+# are listed exactly once each. |
135 |
|
|
+#-------------------------------------------------- |
136 |
|
|
|
137 |
|
|
- @groupList = grep (!/^www$/, @groupList); |
138 |
|
|
- @groupList = grep (!/^shared$/, @groupList); |
139 |
|
|
+@groupList = grep (!/^www$/, @groupList); |
140 |
|
|
+@groupList = grep (!/^shared$/, @groupList); |
141 |
|
|
|
142 |
|
|
- push @groupList, 'shared'; |
143 |
|
|
+push @groupList, 'shared'; |
144 |
|
|
|
145 |
|
|
- #-------------------------------------------------- |
146 |
|
|
- # Run usermod command to update group list for www. |
147 |
|
|
- #-------------------------------------------------- |
148 |
|
|
+#-------------------------------------------------- |
149 |
|
|
+# Run usermod command to update group list for www. |
150 |
|
|
+#-------------------------------------------------- |
151 |
|
|
|
152 |
|
|
- $groups = join (',', sort (@groupList)); |
153 |
|
|
- if ($ldapauth eq 'enabled') |
154 |
|
|
- { |
155 |
|
|
- `/usr/sbin/cpu usermod -f 'e-smith' -E 'web server' -d /home/e-smith -G '$groups' -s /bin/false www`; |
156 |
|
|
- } |
157 |
|
|
- else |
158 |
|
|
- { |
159 |
|
|
- `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`; |
160 |
|
|
- } |
161 |
|
|
- if ($? != 0) |
162 |
|
|
- { |
163 |
|
|
- die "Failed to modify supplementary group list for www.\n"; |
164 |
|
|
- } |
165 |
|
|
+$groups = join (',', sort (@groupList)); |
166 |
|
|
+if ($ldapauth eq 'enabled') |
167 |
|
|
+{ |
168 |
|
|
+ `/usr/sbin/cpu usermod -f 'e-smith' -E 'web server' -d /home/e-smith -G '$groups' -s /bin/false www`; |
169 |
|
|
+} |
170 |
|
|
+else |
171 |
|
|
+{ |
172 |
|
|
+ `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`; |
173 |
|
|
+} |
174 |
|
|
+if ($? != 0) |
175 |
|
|
+{ |
176 |
|
|
+ die "Failed to modify supplementary group list for www.\n"; |
177 |
|
|
} |
178 |
|
|
|
179 |
|
|
# Now that www exists, change uid/gid of user and group apache |