diff -up e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts.fixwww e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts --- e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts.fixwww 2013-03-09 15:25:42.230988632 -0700 +++ e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts 2013-03-09 15:25:25.879950605 -0700 @@ -48,6 +48,53 @@ system(qw(/usr/sbin/groupadd -g 21 -r -f system(qw(/usr/sbin/useradd -u 38 -s /sbin/nologin -d /etc/ntp ntp)) unless (getpwnam("ntp")); +#-------------------------------------------------- +# create user "www" if not already present; otherwise change comment to +# "e-smith private web server" (used to just say "e-smith web server") +#-------------------------------------------------- + +if ( !getpwnam("www") ) +{ + if ($ldapauth eq 'enabled') + { + `/usr/sbin/cpu groupadd -g 102 www`; + `/usr/sbin/cpu useradd -u 102 -g 102 -f 'e-smith' -E 'web server' -d /home/e-smith -G shared -M -s /bin/false www`; + } + else + { + die "Error creating www user or group" unless ( + system("/usr/sbin/groupadd -g 102 -o www") == 0 && + system("/usr/sbin/useradd -u 102 -g 102 -o -c 'e-smith web server' -d /home/e-smith -M -s /bin/false www") == 0 + ); + } +} +else +{ + my $uid = `/usr/bin/id -u www`; + chomp($uid); + my $gid = `/usr/bin/id -g www`; + chomp($gid); + if ( $uid ne '102' || $gid ne '102' ) + { + if ($ldapauth eq 'enabled') + { + die "Error changing www uid or gid" unless ( + system("/usr/sbin/cpu groupmod -g 102 www") == 0 && + system("/usr/sbin/cpu usermod -u 102 -g 102 www") == 0 + ); + } + else + { + die "Error changing www uid or gid" unless ( + system("/usr/sbin/groupmod -g 102 -o www") == 0 && + system("/usr/sbin/usermod -u 102 -g 102 -o www") == 0 + ); + } + warn "failed to fix permissions for www" unless ( + system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0 + ); + } +} # create user "admin" if not already present; if ( !getpwnam("admin") ) @@ -127,91 +174,46 @@ if ( !getpwnam("public") ) } #-------------------------------------------------- -# create user "www" if not already present; otherwise change comment to -# "e-smith private web server" (used to just say "e-smith web server") +# www account already exists. Make sure that it is in groups "admin" +# and "shared" without disturbing any other group memberships. +# First get list of existing groups for www. #-------------------------------------------------- -if ( !getpwnam("www") ) +my $groups = `/usr/bin/id -G -n www 2>/dev/null`; +if ($? != 0) { - if ($ldapauth eq 'enabled') - { - `/usr/sbin/cpu useradd -u 102 -g 102 -f 'e-smith' -E 'web server' -d /home/e-smith -G shared -M -s /bin/false www`; - } - else - { - `/usr/sbin/useradd -u 102 -g 102 -c 'e-smith web server' -d /home/e-smith -G shared -M -s /bin/false www`; - } + die "Failed to get supplementary group list for www.\n"; } -else -{ - my $uid = `/usr/bin/id -u www`; - chomp($uid); - my $gid = `/usr/bin/id -g www`; - chomp($gid); - if ( $uid ne '102' || $gid ne '102' ) - { - if ($ldapauth eq 'enabled') - { - die "Error changing www uid or gid" unless ( - system("/usr/sbin/cpu groupmod -g 102 www") == 0 && - system("/usr/sbin/cpu usermod -u 102 -g 102 www") == 0 - ); - } - else - { - die "Error changing www uid or gid" unless ( - system("/usr/sbin/groupmod -g 102 -o www") == 0 && - system("/usr/sbin/usermod -u 102 -g 102 -o www") == 0 - ); - } - warn "failed to fix permissions for www" unless ( - system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0 - ); - } - - - #-------------------------------------------------- - # www account already exists. Make sure that it is in groups "admin" - # and "shared" without disturbing any other group memberships. - # First get list of existing groups for www. - #-------------------------------------------------- - - my $groups = `/usr/bin/id -G -n www 2>/dev/null`; - if ($? != 0) - { - die "Failed to get supplementary group list for www.\n"; - } - chomp ($groups); +chomp ($groups); - my @groupList = split (/\s+/, $groups); +my @groupList = split (/\s+/, $groups); - #-------------------------------------------------- - # Modify group list to make sure "admin" and "shared" - # are listed exactly once each. - #-------------------------------------------------- +#-------------------------------------------------- +# Modify group list to make sure "admin" and "shared" +# are listed exactly once each. +#-------------------------------------------------- - @groupList = grep (!/^www$/, @groupList); - @groupList = grep (!/^shared$/, @groupList); +@groupList = grep (!/^www$/, @groupList); +@groupList = grep (!/^shared$/, @groupList); - push @groupList, 'shared'; +push @groupList, 'shared'; - #-------------------------------------------------- - # Run usermod command to update group list for www. - #-------------------------------------------------- +#-------------------------------------------------- +# Run usermod command to update group list for www. +#-------------------------------------------------- - $groups = join (',', sort (@groupList)); - if ($ldapauth eq 'enabled') - { - `/usr/sbin/cpu usermod -f 'e-smith' -E 'web server' -d /home/e-smith -G '$groups' -s /bin/false www`; - } - else - { - `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`; - } - if ($? != 0) - { - die "Failed to modify supplementary group list for www.\n"; - } +$groups = join (',', sort (@groupList)); +if ($ldapauth eq 'enabled') +{ + `/usr/sbin/cpu usermod -f 'e-smith' -E 'web server' -d /home/e-smith -G '$groups' -s /bin/false www`; +} +else +{ + `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`; +} +if ($? != 0) +{ + die "Failed to modify supplementary group list for www.\n"; } # Now that www exists, change uid/gid of user and group apache