/[smeserver]/rpms/e-smith-base/sme9/e-smith-base-5.4.0-init-accounts.patch
ViewVC logotype

Annotation of /rpms/e-smith-base/sme9/e-smith-base-5.4.0-init-accounts.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Mon Mar 24 03:05:36 2014 UTC (10 years, 7 months ago) by wellsi
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
* Sun Mar 23 2014 Ian Wells <esmith@wellsi.com> 5.6.0-1.sme
- Roll new stream to remove obsolete images [SME: 7962]

1 wellsi 1.1 diff -ruN e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts
2     --- e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts 2013-05-09 22:44:13.000000000 -0700
3     +++ e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts 2013-05-09 22:34:43.000000000 -0700
4     @@ -32,214 +32,14 @@
5    
6     my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
7    
8     -# create group "shared" if not already present
9     -if ($ldapauth eq 'enabled')
10     -{
11     - system(qw(/usr/sbin/cpu -g 500 groupadd shared)) unless getgrnam("shared");
12     -}
13     -else
14     -{
15     - system(qw(/usr/sbin/groupadd -r -g 500 shared)) unless getgrnam("shared");
16     -}
17     -
18     -# Create other required groups and users
19     -system(qw(/usr/sbin/groupadd -g 21 -r -f slocate))
20     - unless getgrnam("slocate");
21     -system(qw(/usr/sbin/useradd -u 38 -s /sbin/nologin -d /etc/ntp ntp))
22     - unless (getpwnam("ntp"));
23     -
24     -#--------------------------------------------------
25     -# create user "www" if not already present; otherwise change comment to
26     -# "e-smith private web server" (used to just say "e-smith web server")
27     -#--------------------------------------------------
28     -
29     -if ( !getpwnam("www") )
30     -{
31     - if ($ldapauth eq 'enabled')
32     - {
33     - `/usr/sbin/cpu groupadd -g 102 www`;
34     - `/usr/sbin/cpu useradd -u 102 -g 102 -f 'e-smith' -E 'web server' -d /home/e-smith -G shared -M -s /bin/false www`;
35     - }
36     - else
37     - {
38     - die "Error creating www user or group" unless (
39     - system("/usr/sbin/groupadd -g 102 -o www") == 0 &&
40     - system("/usr/sbin/useradd -u 102 -g 102 -o -c 'e-smith web server' -d /home/e-smith -M -s /bin/false www") == 0
41     - );
42     - }
43     -}
44     -else
45     -{
46     - my $uid = `/usr/bin/id -u www`;
47     - chomp($uid);
48     - my $gid = `/usr/bin/id -g www`;
49     - chomp($gid);
50     - if ( $uid ne '102' || $gid ne '102' )
51     - {
52     - if ($ldapauth eq 'enabled')
53     - {
54     - die "Error changing www uid or gid" unless (
55     - system("/usr/sbin/cpu groupmod -g 102 www") == 0 &&
56     - system("/usr/sbin/cpu usermod -u 102 -g 102 www") == 0
57     - );
58     - }
59     - else
60     - {
61     - die "Error changing www uid or gid" unless (
62     - system("/usr/sbin/groupmod -g 102 -o www") == 0 &&
63     - system("/usr/sbin/usermod -u 102 -g 102 -o www") == 0
64     - );
65     - }
66     - warn "failed to fix permissions for www" unless (
67     - system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
68     - );
69     - }
70     -}
71     -
72     -# create user "admin" if not already present;
73     -if ( !getpwnam("admin") )
74     -{
75     - if ($ldapauth eq 'enabled')
76     - {
77     - `/usr/sbin/cpu useradd -u 101 -f 'e-smith' -E 'administrator' -d /home/e-smith -G shared -M -s /sbin/e-smith/console admin`;
78     - `/usr/bin/gpasswd -a admin root`;
79     - }
80     - else
81     - {
82     - `/usr/sbin/useradd -u 101 -c 'e-smith administrator' -d /home/e-smith -G root,shared -M -s /sbin/e-smith/console admin`;
83     - }
84     -}
85     -else
86     -{
87     - #--------------------------------------------------
88     - # admin account already exists. Change shell, and also make sure
89     - # that it is in groups "root" and "shared" without disturbing any
90     - # other group memberships. First get list of existing groups for
91     - # admin.
92     - #--------------------------------------------------
93     -
94     - my $cmd = "/usr/bin/id -G -n admin";
95     - my $groups = `$cmd 2>/dev/null`;
96     - if ($? != 0)
97     - {
98     - die "Failed to get supplementary group list for admin.\n";
99     - }
100     - chomp ($groups);
101     -
102     - my @groupList = split (/\s+/, $groups);
103     -
104     - #--------------------------------------------------
105     - # Modify group list to make sure "root" and "shared"
106     - # are listed exactly once each.
107     - #--------------------------------------------------
108     -
109     - @groupList = grep (!/^admin$/, @groupList);
110     - @groupList = grep (!/^root$/, @groupList);
111     - @groupList = grep (!/^shared$/, @groupList);
112     - @groupList = grep (!/^www$/, @groupList);
113     -
114     - push @groupList, 'shared', 'www';
115     -
116     - # Only push root if not using ldap (root not in ldap)
117     - push @groupList, 'root' if ($ldapauth ne 'enabled');
118     -
119     - #--------------------------------------------------
120     - # Run usermod command to update group list for admin.
121     - #--------------------------------------------------
122     -
123     - $groups = join (',', sort (@groupList));
124     - if ($ldapauth eq 'enabled')
125     - {
126     - $cmd = "/usr/sbin/cpu usermod -f 'e-smith' -E 'administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
127     - }
128     - else
129     - {
130     - $cmd = "/usr/sbin/usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
131     - }
132     - `$cmd`;
133     - if ($? != 0)
134     - {
135     - die "Failed to change shell and modify supplementary group list for admin.\n";
136     - }
137     - `/usr/bin/gpasswd -a admin root` if ($ldapauth eq 'enabled');
138     -}
139     -
140     -#--------------------------------------------------
141     -# create user "public" if not already present
142     -#--------------------------------------------------
143     -
144     -if ( !getpwnam("public") )
145     -{
146     - `/usr/sbin/useradd -c 'e-smith guest' -d /home/e-smith -G shared -M -s /bin/false public`;
147     -}
148     -
149     -#--------------------------------------------------
150     -# www account already exists. Make sure that it is in groups "admin"
151     -# and "shared" without disturbing any other group memberships.
152     -# First get list of existing groups for www.
153     -#--------------------------------------------------
154     -
155     -my $groups = `/usr/bin/id -G -n www 2>/dev/null`;
156     -if ($? != 0)
157     -{
158     - die "Failed to get supplementary group list for www.\n";
159     -}
160     -chomp ($groups);
161     -
162     -my @groupList = split (/\s+/, $groups);
163     -
164     -#--------------------------------------------------
165     -# Modify group list to make sure "admin" and "shared"
166     -# are listed exactly once each.
167     -#--------------------------------------------------
168     -
169     -@groupList = grep (!/^www$/, @groupList);
170     -@groupList = grep (!/^shared$/, @groupList);
171     -
172     -push @groupList, 'shared';
173     -
174     -#--------------------------------------------------
175     -# Run usermod command to update group list for www.
176     -#--------------------------------------------------
177     -
178     -$groups = join (',', sort (@groupList));
179     -if ($ldapauth eq 'enabled')
180     -{
181     - `/usr/sbin/cpu usermod -f 'e-smith' -E 'web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
182     -}
183     -else
184     -{
185     - `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
186     -}
187     -if ($? != 0)
188     -{
189     - die "Failed to modify supplementary group list for www.\n";
190     -}
191     -
192     -# Now that www exists, change uid/gid of user and group apache
193     -# so they become alias of the www account
194     -if ( !getpwnam("apache") )
195     -{
196     - die "Error creating apache user or group" unless (
197     - system("/usr/sbin/groupadd -g 102 -o apache") == 0 &&
198     - system("/usr/sbin/useradd -u 102 -g 102 -o -c 'Apache' -d /var/www -M -s /bin/nologin apache") == 0
199     - );
200     -}
201     -else
202     -{
203     - my $id = `/usr/bin/id -u apache`;
204     - chomp($id);
205     - if ( $id ne '102')
206     - {
207     - die "Error changing apache uid or gid" unless (
208     - system("/usr/sbin/groupmod -g 102 -o apache") == 0 &&
209     - system("/usr/sbin/usermod -u 102 -g 102 -o apache") == 0
210     - );
211     - warn "failed to fix permissions for apache" unless (
212     - system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
213     - );
214     - }
215     -}
216     +# fix permissions for www and apache
217     +warn "failed to fix permissions for www" unless (
218     + system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
219     + );
220     +
221     +warn "failed to fix permissions for apache" unless (
222     + system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
223     + );
224    
225     # delete unwanted user accounts
226     foreach my $user (qw(halt shutdown sync))

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed