e-smith-base/sme9/e-smith-base-5.4.0-init-accounts.patch

diff -ruN e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts
--- e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts        2013-05-09 22:44:13.000000000 -0700
+++ e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts    2013-05-09 22:34:43.000000000 -0700
@@ -32,214 +32,14 @@
 
 my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 
-# create group "shared" if not already present
-if ($ldapauth eq 'enabled')
-{
-    system(qw(/usr/sbin/cpu -g 500 groupadd shared)) unless getgrnam("shared");
-}
-else
-{
-    system(qw(/usr/sbin/groupadd -r -g 500 shared)) unless getgrnam("shared");
-}
-
-# Create other required groups and users
-system(qw(/usr/sbin/groupadd -g 21 -r -f slocate))
-    unless getgrnam("slocate");
-system(qw(/usr/sbin/useradd -u 38 -s /sbin/nologin -d /etc/ntp ntp))
-    unless (getpwnam("ntp"));
-
-#--------------------------------------------------
-# create user "www" if not already present; otherwise change comment to
-# "e-smith private web server" (used to just say "e-smith web server")
-#--------------------------------------------------
-
-if ( !getpwnam("www") )
-{
-    if ($ldapauth eq 'enabled')
-    {
-        `/usr/sbin/cpu groupadd -g 102 www`;
-        `/usr/sbin/cpu useradd -u 102 -g 102 -f 'e-smith' -E 'web server' -d /home/e-smith -G shared -M -s /bin/false www`;
-    }
-    else
-    {
-        die "Error creating www user or group" unless (
-            system("/usr/sbin/groupadd -g 102 -o www") == 0 &&
-            system("/usr/sbin/useradd -u 102 -g 102 -o -c 'e-smith web server' -d /home/e-smith -M -s /bin/false www") == 0
-        );
-    }
-}
-else
-{
-    my $uid = `/usr/bin/id -u www`;
-    chomp($uid);
-    my $gid = `/usr/bin/id -g www`;
-    chomp($gid);
-    if ( $uid ne '102' || $gid ne '102' )
-    {
-        if ($ldapauth eq 'enabled')
-        {
-            die "Error changing www uid or gid" unless (
-                system("/usr/sbin/cpu groupmod -g 102 www") == 0 &&
-                system("/usr/sbin/cpu usermod -u 102 -g 102 www") == 0
-            );
-        }
-        else
-        {
-            die "Error changing www uid or gid" unless (
-                system("/usr/sbin/groupmod -g 102 -o www") == 0 &&
-                system("/usr/sbin/usermod -u 102 -g 102 -o www") == 0
-            );
-        }
-        warn "failed to fix permissions for www" unless (
-            system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
-        );
-    }
-}
-
-# create user "admin" if not already present;
-if ( !getpwnam("admin") )
-{
-    if ($ldapauth eq 'enabled')
-    {
-        `/usr/sbin/cpu useradd -u 101 -f 'e-smith' -E 'administrator' -d /home/e-smith -G shared -M -s /sbin/e-smith/console admin`;
-        `/usr/bin/gpasswd -a admin root`;
-    }
-    else
-    {
-        `/usr/sbin/useradd -u 101 -c 'e-smith administrator' -d /home/e-smith -G root,shared -M -s /sbin/e-smith/console admin`;
-    }
-}
-else
-{
-    #--------------------------------------------------
-    # admin account already exists. Change shell, and also make sure
-    # that it is in groups "root" and "shared" without disturbing any
-    # other group memberships.  First get list of existing groups for
-    # admin.
-    #--------------------------------------------------
-    
-    my $cmd = "/usr/bin/id -G -n admin";
-    my $groups = `$cmd 2>/dev/null`; 
-    if ($? != 0)
-    {
-       die "Failed to get supplementary group list for admin.\n";
-    }
-    chomp ($groups);
-
-    my @groupList = split (/\s+/, $groups);
-
-    #--------------------------------------------------
-    # Modify group list to make sure "root" and "shared"
-    # are listed exactly once each.
-    #--------------------------------------------------
-
-    @groupList = grep (!/^admin$/, @groupList);
-    @groupList = grep (!/^root$/, @groupList);
-    @groupList = grep (!/^shared$/, @groupList);
-    @groupList = grep (!/^www$/, @groupList);
-
-    push @groupList, 'shared', 'www';
-
-    # Only push root if not using ldap (root not in ldap)
-    push @groupList, 'root' if ($ldapauth ne 'enabled');
-
-    #--------------------------------------------------
-    # Run usermod command to update group list for admin.
-    #--------------------------------------------------
-
-    $groups = join (',', sort (@groupList));
-    if ($ldapauth eq 'enabled')
-    {
-        $cmd = "/usr/sbin/cpu usermod -f 'e-smith' -E 'administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
-    }
-    else
-    {
-        $cmd = "/usr/sbin/usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
-    }
-    `$cmd`;
-    if ($? != 0)
-    {
-       die "Failed to change shell and modify supplementary group list for admin.\n";
-    }
-    `/usr/bin/gpasswd -a admin root` if ($ldapauth eq 'enabled');
-}
-
-#--------------------------------------------------
-# create user "public" if not already present
-#--------------------------------------------------
-
-if ( !getpwnam("public") )
-{
-    `/usr/sbin/useradd  -c 'e-smith guest' -d /home/e-smith -G shared -M -s /bin/false public`;
-}
-
-#--------------------------------------------------
-# www account already exists. Make sure that it is in groups "admin"
-# and "shared" without disturbing any other group memberships.
-# First get list of existing groups for www.
-#--------------------------------------------------
-
-my $groups = `/usr/bin/id -G -n www 2>/dev/null`; 
-if ($? != 0)
-{
-    die "Failed to get supplementary group list for www.\n";
-}
-chomp ($groups);
-
-my @groupList = split (/\s+/, $groups);
-
-#--------------------------------------------------
-# Modify group list to make sure "admin" and "shared"
-# are listed exactly once each.
-#--------------------------------------------------
-
-@groupList = grep (!/^www$/, @groupList);
-@groupList = grep (!/^shared$/, @groupList);
-
-push @groupList, 'shared';
-
-#--------------------------------------------------
-# Run usermod command to update group list for www.
-#--------------------------------------------------
-
-$groups = join (',', sort (@groupList));
-if ($ldapauth eq 'enabled')
-{
-    `/usr/sbin/cpu usermod -f 'e-smith' -E 'web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
-}
-else
-{
-    `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
-}
-if ($? != 0)
-{
-    die "Failed to modify supplementary group list for www.\n";
-}
-
-# Now that www exists, change uid/gid of user and group apache
-# so they become alias of the www account
-if ( !getpwnam("apache") )
-{
-    die "Error creating apache user or group" unless (
-        system("/usr/sbin/groupadd -g 102 -o apache") == 0 &&
-        system("/usr/sbin/useradd -u 102 -g 102 -o -c 'Apache' -d /var/www -M -s /bin/nologin apache") == 0
-    );
-}
-else
-{
-    my $id = `/usr/bin/id -u apache`;
-    chomp($id);
-    if ( $id ne '102')
-    {
-        die "Error changing apache uid or gid" unless (
-            system("/usr/sbin/groupmod -g 102 -o apache") == 0 &&
-            system("/usr/sbin/usermod -u 102 -g 102 -o apache") == 0
-        );
-        warn "failed to fix permissions for apache" unless (
-            system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
-        );
-    }
-}
+# fix permissions for www and apache
+warn "failed to fix permissions for www" unless (
+     system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
+     );
+
+warn "failed to fix permissions for apache" unless (
+     system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
+     );
 
 # delete unwanted user accounts
 foreach my $user (qw(halt shutdown sync))
1	wellsi	1.1	diff -ruN e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts
2			--- e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts 2013-05-09 22:44:13.000000000 -0700
3			+++ e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts 2013-05-09 22:34:43.000000000 -0700
4			@@ -32,214 +32,14 @@
5
6			my $ldapauth = $conf->get('ldap')->prop('Authentication') \|\| 'disabled';
7
8			-# create group "shared" if not already present
9			-if ($ldapauth eq 'enabled')
10			-{
11			- system(qw(/usr/sbin/cpu -g 500 groupadd shared)) unless getgrnam("shared");
12			-}
13			-else
14			-{
15			- system(qw(/usr/sbin/groupadd -r -g 500 shared)) unless getgrnam("shared");
16			-}
17			-
18			-# Create other required groups and users
19			-system(qw(/usr/sbin/groupadd -g 21 -r -f slocate))
20			- unless getgrnam("slocate");
21			-system(qw(/usr/sbin/useradd -u 38 -s /sbin/nologin -d /etc/ntp ntp))
22			- unless (getpwnam("ntp"));
23			-
24			-#--------------------------------------------------
25			-# create user "www" if not already present; otherwise change comment to
26			-# "e-smith private web server" (used to just say "e-smith web server")
27			-#--------------------------------------------------
28			-
29			-if ( !getpwnam("www") )
30			-{
31			- if ($ldapauth eq 'enabled')
32			- {
33			- `/usr/sbin/cpu groupadd -g 102 www`;
34			- `/usr/sbin/cpu useradd -u 102 -g 102 -f 'e-smith' -E 'web server' -d /home/e-smith -G shared -M -s /bin/false www`;
35			- }
36			- else
37			- {
38			- die "Error creating www user or group" unless (
39			- system("/usr/sbin/groupadd -g 102 -o www") == 0 &&
40			- system("/usr/sbin/useradd -u 102 -g 102 -o -c 'e-smith web server' -d /home/e-smith -M -s /bin/false www") == 0
41			- );
42			- }
43			-}
44			-else
45			-{
46			- my $uid = `/usr/bin/id -u www`;
47			- chomp($uid);
48			- my $gid = `/usr/bin/id -g www`;
49			- chomp($gid);
50			- if ( $uid ne '102' \|\| $gid ne '102' )
51			- {
52			- if ($ldapauth eq 'enabled')
53			- {
54			- die "Error changing www uid or gid" unless (
55			- system("/usr/sbin/cpu groupmod -g 102 www") == 0 &&
56			- system("/usr/sbin/cpu usermod -u 102 -g 102 www") == 0
57			- );
58			- }
59			- else
60			- {
61			- die "Error changing www uid or gid" unless (
62			- system("/usr/sbin/groupmod -g 102 -o www") == 0 &&
63			- system("/usr/sbin/usermod -u 102 -g 102 -o www") == 0
64			- );
65			- }
66			- warn "failed to fix permissions for www" unless (
67			- system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
68			- );
69			- }
70			-}
71			-
72			-# create user "admin" if not already present;
73			-if ( !getpwnam("admin") )
74			-{
75			- if ($ldapauth eq 'enabled')
76			- {
77			- `/usr/sbin/cpu useradd -u 101 -f 'e-smith' -E 'administrator' -d /home/e-smith -G shared -M -s /sbin/e-smith/console admin`;
78			- `/usr/bin/gpasswd -a admin root`;
79			- }
80			- else
81			- {
82			- `/usr/sbin/useradd -u 101 -c 'e-smith administrator' -d /home/e-smith -G root,shared -M -s /sbin/e-smith/console admin`;
83			- }
84			-}
85			-else
86			-{
87			- #--------------------------------------------------
88			- # admin account already exists. Change shell, and also make sure
89			- # that it is in groups "root" and "shared" without disturbing any
90			- # other group memberships. First get list of existing groups for
91			- # admin.
92			- #--------------------------------------------------
93			-
94			- my $cmd = "/usr/bin/id -G -n admin";
95			- my $groups = `$cmd 2>/dev/null`;
96			- if ($? != 0)
97			- {
98			- die "Failed to get supplementary group list for admin.\n";
99			- }
100			- chomp ($groups);
101			-
102			- my @groupList = split (/\s+/, $groups);
103			-
104			- #--------------------------------------------------
105			- # Modify group list to make sure "root" and "shared"
106			- # are listed exactly once each.
107			- #--------------------------------------------------
108			-
109			- @groupList = grep (!/^admin$/, @groupList);
110			- @groupList = grep (!/^root$/, @groupList);
111			- @groupList = grep (!/^shared$/, @groupList);
112			- @groupList = grep (!/^www$/, @groupList);
113			-
114			- push @groupList, 'shared', 'www';
115			-
116			- # Only push root if not using ldap (root not in ldap)
117			- push @groupList, 'root' if ($ldapauth ne 'enabled');
118			-
119			- #--------------------------------------------------
120			- # Run usermod command to update group list for admin.
121			- #--------------------------------------------------
122			-
123			- $groups = join (',', sort (@groupList));
124			- if ($ldapauth eq 'enabled')
125			- {
126			- $cmd = "/usr/sbin/cpu usermod -f 'e-smith' -E 'administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
127			- }
128			- else
129			- {
130			- $cmd = "/usr/sbin/usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
131			- }
132			- `$cmd`;
133			- if ($? != 0)
134			- {
135			- die "Failed to change shell and modify supplementary group list for admin.\n";
136			- }
137			- `/usr/bin/gpasswd -a admin root` if ($ldapauth eq 'enabled');
138			-}
139			-
140			-#--------------------------------------------------
141			-# create user "public" if not already present
142			-#--------------------------------------------------
143			-
144			-if ( !getpwnam("public") )
145			-{
146			- `/usr/sbin/useradd -c 'e-smith guest' -d /home/e-smith -G shared -M -s /bin/false public`;
147			-}
148			-
149			-#--------------------------------------------------
150			-# www account already exists. Make sure that it is in groups "admin"
151			-# and "shared" without disturbing any other group memberships.
152			-# First get list of existing groups for www.
153			-#--------------------------------------------------
154			-
155			-my $groups = `/usr/bin/id -G -n www 2>/dev/null`;
156			-if ($? != 0)
157			-{
158			- die "Failed to get supplementary group list for www.\n";
159			-}
160			-chomp ($groups);
161			-
162			-my @groupList = split (/\s+/, $groups);
163			-
164			-#--------------------------------------------------
165			-# Modify group list to make sure "admin" and "shared"
166			-# are listed exactly once each.
167			-#--------------------------------------------------
168			-
169			-@groupList = grep (!/^www$/, @groupList);
170			-@groupList = grep (!/^shared$/, @groupList);
171			-
172			-push @groupList, 'shared';
173			-
174			-#--------------------------------------------------
175			-# Run usermod command to update group list for www.
176			-#--------------------------------------------------
177			-
178			-$groups = join (',', sort (@groupList));
179			-if ($ldapauth eq 'enabled')
180			-{
181			- `/usr/sbin/cpu usermod -f 'e-smith' -E 'web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
182			-}
183			-else
184			-{
185			- `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
186			-}
187			-if ($? != 0)
188			-{
189			- die "Failed to modify supplementary group list for www.\n";
190			-}
191			-
192			-# Now that www exists, change uid/gid of user and group apache
193			-# so they become alias of the www account
194			-if ( !getpwnam("apache") )
195			-{
196			- die "Error creating apache user or group" unless (
197			- system("/usr/sbin/groupadd -g 102 -o apache") == 0 &&
198			- system("/usr/sbin/useradd -u 102 -g 102 -o -c 'Apache' -d /var/www -M -s /bin/nologin apache") == 0
199			- );
200			-}
201			-else
202			-{
203			- my $id = `/usr/bin/id -u apache`;
204			- chomp($id);
205			- if ( $id ne '102')
206			- {
207			- die "Error changing apache uid or gid" unless (
208			- system("/usr/sbin/groupmod -g 102 -o apache") == 0 &&
209			- system("/usr/sbin/usermod -u 102 -g 102 -o apache") == 0
210			- );
211			- warn "failed to fix permissions for apache" unless (
212			- system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
213			- );
214			- }
215			-}
216			+# fix permissions for www and apache
217			+warn "failed to fix permissions for www" unless (
218			+ system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
219			+ );
220			+
221			+warn "failed to fix permissions for apache" unless (
222			+ system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
223			+ );
224
225			# delete unwanted user accounts
226			foreach my $user (qw(halt shutdown sync))