e-smith-base/sme9/e-smith-base-5.4.0-init-accounts.patch

diff -ruN e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts
--- e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts        2013-05-09 22:44:13.000000000 -0700
+++ e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts    2013-05-09 22:34:43.000000000 -0700
@@ -32,214 +32,14 @@
 
 my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 
-# create group "shared" if not already present
-if ($ldapauth eq 'enabled')
-{
-    system(qw(/usr/sbin/cpu -g 500 groupadd shared)) unless getgrnam("shared");
-}
-else
-{
-    system(qw(/usr/sbin/groupadd -r -g 500 shared)) unless getgrnam("shared");
-}
-
-# Create other required groups and users
-system(qw(/usr/sbin/groupadd -g 21 -r -f slocate))
-    unless getgrnam("slocate");
-system(qw(/usr/sbin/useradd -u 38 -s /sbin/nologin -d /etc/ntp ntp))
-    unless (getpwnam("ntp"));
-
-#--------------------------------------------------
-# create user "www" if not already present; otherwise change comment to
-# "e-smith private web server" (used to just say "e-smith web server")
-#--------------------------------------------------
-
-if ( !getpwnam("www") )
-{
-    if ($ldapauth eq 'enabled')
-    {
-        `/usr/sbin/cpu groupadd -g 102 www`;
-        `/usr/sbin/cpu useradd -u 102 -g 102 -f 'e-smith' -E 'web server' -d /home/e-smith -G shared -M -s /bin/false www`;
-    }
-    else
-    {
-        die "Error creating www user or group" unless (
-            system("/usr/sbin/groupadd -g 102 -o www") == 0 &&
-            system("/usr/sbin/useradd -u 102 -g 102 -o -c 'e-smith web server' -d /home/e-smith -M -s /bin/false www") == 0
-        );
-    }
-}
-else
-{
-    my $uid = `/usr/bin/id -u www`;
-    chomp($uid);
-    my $gid = `/usr/bin/id -g www`;
-    chomp($gid);
-    if ( $uid ne '102' || $gid ne '102' )
-    {
-        if ($ldapauth eq 'enabled')
-        {
-            die "Error changing www uid or gid" unless (
-                system("/usr/sbin/cpu groupmod -g 102 www") == 0 &&
-                system("/usr/sbin/cpu usermod -u 102 -g 102 www") == 0
-            );
-        }
-        else
-        {
-            die "Error changing www uid or gid" unless (
-                system("/usr/sbin/groupmod -g 102 -o www") == 0 &&
-                system("/usr/sbin/usermod -u 102 -g 102 -o www") == 0
-            );
-        }
-        warn "failed to fix permissions for www" unless (
-            system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
-        );
-    }
-}
-
-# create user "admin" if not already present;
-if ( !getpwnam("admin") )
-{
-    if ($ldapauth eq 'enabled')
-    {
-        `/usr/sbin/cpu useradd -u 101 -f 'e-smith' -E 'administrator' -d /home/e-smith -G shared -M -s /sbin/e-smith/console admin`;
-        `/usr/bin/gpasswd -a admin root`;
-    }
-    else
-    {
-        `/usr/sbin/useradd -u 101 -c 'e-smith administrator' -d /home/e-smith -G root,shared -M -s /sbin/e-smith/console admin`;
-    }
-}
-else
-{
-    #--------------------------------------------------
-    # admin account already exists. Change shell, and also make sure
-    # that it is in groups "root" and "shared" without disturbing any
-    # other group memberships.  First get list of existing groups for
-    # admin.
-    #--------------------------------------------------
-    
-    my $cmd = "/usr/bin/id -G -n admin";
-    my $groups = `$cmd 2>/dev/null`; 
-    if ($? != 0)
-    {
-       die "Failed to get supplementary group list for admin.\n";
-    }
-    chomp ($groups);
-
-    my @groupList = split (/\s+/, $groups);
-
-    #--------------------------------------------------
-    # Modify group list to make sure "root" and "shared"
-    # are listed exactly once each.
-    #--------------------------------------------------
-
-    @groupList = grep (!/^admin$/, @groupList);
-    @groupList = grep (!/^root$/, @groupList);
-    @groupList = grep (!/^shared$/, @groupList);
-    @groupList = grep (!/^www$/, @groupList);
-
-    push @groupList, 'shared', 'www';
-
-    # Only push root if not using ldap (root not in ldap)
-    push @groupList, 'root' if ($ldapauth ne 'enabled');
-
-    #--------------------------------------------------
-    # Run usermod command to update group list for admin.
-    #--------------------------------------------------
-
-    $groups = join (',', sort (@groupList));
-    if ($ldapauth eq 'enabled')
-    {
-        $cmd = "/usr/sbin/cpu usermod -f 'e-smith' -E 'administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
-    }
-    else
-    {
-        $cmd = "/usr/sbin/usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
-    }
-    `$cmd`;
-    if ($? != 0)
-    {
-       die "Failed to change shell and modify supplementary group list for admin.\n";
-    }
-    `/usr/bin/gpasswd -a admin root` if ($ldapauth eq 'enabled');
-}
-
-#--------------------------------------------------
-# create user "public" if not already present
-#--------------------------------------------------
-
-if ( !getpwnam("public") )
-{
-    `/usr/sbin/useradd  -c 'e-smith guest' -d /home/e-smith -G shared -M -s /bin/false public`;
-}
-
-#--------------------------------------------------
-# www account already exists. Make sure that it is in groups "admin"
-# and "shared" without disturbing any other group memberships.
-# First get list of existing groups for www.
-#--------------------------------------------------
-
-my $groups = `/usr/bin/id -G -n www 2>/dev/null`; 
-if ($? != 0)
-{
-    die "Failed to get supplementary group list for www.\n";
-}
-chomp ($groups);
-
-my @groupList = split (/\s+/, $groups);
-
-#--------------------------------------------------
-# Modify group list to make sure "admin" and "shared"
-# are listed exactly once each.
-#--------------------------------------------------
-
-@groupList = grep (!/^www$/, @groupList);
-@groupList = grep (!/^shared$/, @groupList);
-
-push @groupList, 'shared';
-
-#--------------------------------------------------
-# Run usermod command to update group list for www.
-#--------------------------------------------------
-
-$groups = join (',', sort (@groupList));
-if ($ldapauth eq 'enabled')
-{
-    `/usr/sbin/cpu usermod -f 'e-smith' -E 'web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
-}
-else
-{
-    `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
-}
-if ($? != 0)
-{
-    die "Failed to modify supplementary group list for www.\n";
-}
-
-# Now that www exists, change uid/gid of user and group apache
-# so they become alias of the www account
-if ( !getpwnam("apache") )
-{
-    die "Error creating apache user or group" unless (
-        system("/usr/sbin/groupadd -g 102 -o apache") == 0 &&
-        system("/usr/sbin/useradd -u 102 -g 102 -o -c 'Apache' -d /var/www -M -s /bin/nologin apache") == 0
-    );
-}
-else
-{
-    my $id = `/usr/bin/id -u apache`;
-    chomp($id);
-    if ( $id ne '102')
-    {
-        die "Error changing apache uid or gid" unless (
-            system("/usr/sbin/groupmod -g 102 -o apache") == 0 &&
-            system("/usr/sbin/usermod -u 102 -g 102 -o apache") == 0
-        );
-        warn "failed to fix permissions for apache" unless (
-            system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
-        );
-    }
-}
+# fix permissions for www and apache
+warn "failed to fix permissions for www" unless (
+     system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
+     );
+
+warn "failed to fix permissions for apache" unless (
+     system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
+     );
 
 # delete unwanted user accounts
 foreach my $user (qw(halt shutdown sync))
1	diff -ruN e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts
2	--- e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts 2013-05-09 22:44:13.000000000 -0700
3	+++ e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts 2013-05-09 22:34:43.000000000 -0700
4	@@ -32,214 +32,14 @@
5
6	my $ldapauth = $conf->get('ldap')->prop('Authentication') \|\| 'disabled';
7
8	-# create group "shared" if not already present
9	-if ($ldapauth eq 'enabled')
10	-{
11	- system(qw(/usr/sbin/cpu -g 500 groupadd shared)) unless getgrnam("shared");
12	-}
13	-else
14	-{
15	- system(qw(/usr/sbin/groupadd -r -g 500 shared)) unless getgrnam("shared");
16	-}
17	-
18	-# Create other required groups and users
19	-system(qw(/usr/sbin/groupadd -g 21 -r -f slocate))
20	- unless getgrnam("slocate");
21	-system(qw(/usr/sbin/useradd -u 38 -s /sbin/nologin -d /etc/ntp ntp))
22	- unless (getpwnam("ntp"));
23	-
24	-#--------------------------------------------------
25	-# create user "www" if not already present; otherwise change comment to
26	-# "e-smith private web server" (used to just say "e-smith web server")
27	-#--------------------------------------------------
28	-
29	-if ( !getpwnam("www") )
30	-{
31	- if ($ldapauth eq 'enabled')
32	- {
33	- `/usr/sbin/cpu groupadd -g 102 www`;
34	- `/usr/sbin/cpu useradd -u 102 -g 102 -f 'e-smith' -E 'web server' -d /home/e-smith -G shared -M -s /bin/false www`;
35	- }
36	- else
37	- {
38	- die "Error creating www user or group" unless (
39	- system("/usr/sbin/groupadd -g 102 -o www") == 0 &&
40	- system("/usr/sbin/useradd -u 102 -g 102 -o -c 'e-smith web server' -d /home/e-smith -M -s /bin/false www") == 0
41	- );
42	- }
43	-}
44	-else
45	-{
46	- my $uid = `/usr/bin/id -u www`;
47	- chomp($uid);
48	- my $gid = `/usr/bin/id -g www`;
49	- chomp($gid);
50	- if ( $uid ne '102' \|\| $gid ne '102' )
51	- {
52	- if ($ldapauth eq 'enabled')
53	- {
54	- die "Error changing www uid or gid" unless (
55	- system("/usr/sbin/cpu groupmod -g 102 www") == 0 &&
56	- system("/usr/sbin/cpu usermod -u 102 -g 102 www") == 0
57	- );
58	- }
59	- else
60	- {
61	- die "Error changing www uid or gid" unless (
62	- system("/usr/sbin/groupmod -g 102 -o www") == 0 &&
63	- system("/usr/sbin/usermod -u 102 -g 102 -o www") == 0
64	- );
65	- }
66	- warn "failed to fix permissions for www" unless (
67	- system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
68	- );
69	- }
70	-}
71	-
72	-# create user "admin" if not already present;
73	-if ( !getpwnam("admin") )
74	-{
75	- if ($ldapauth eq 'enabled')
76	- {
77	- `/usr/sbin/cpu useradd -u 101 -f 'e-smith' -E 'administrator' -d /home/e-smith -G shared -M -s /sbin/e-smith/console admin`;
78	- `/usr/bin/gpasswd -a admin root`;
79	- }
80	- else
81	- {
82	- `/usr/sbin/useradd -u 101 -c 'e-smith administrator' -d /home/e-smith -G root,shared -M -s /sbin/e-smith/console admin`;
83	- }
84	-}
85	-else
86	-{
87	- #--------------------------------------------------
88	- # admin account already exists. Change shell, and also make sure
89	- # that it is in groups "root" and "shared" without disturbing any
90	- # other group memberships. First get list of existing groups for
91	- # admin.
92	- #--------------------------------------------------
93	-
94	- my $cmd = "/usr/bin/id -G -n admin";
95	- my $groups = `$cmd 2>/dev/null`;
96	- if ($? != 0)
97	- {
98	- die "Failed to get supplementary group list for admin.\n";
99	- }
100	- chomp ($groups);
101	-
102	- my @groupList = split (/\s+/, $groups);
103	-
104	- #--------------------------------------------------
105	- # Modify group list to make sure "root" and "shared"
106	- # are listed exactly once each.
107	- #--------------------------------------------------
108	-
109	- @groupList = grep (!/^admin$/, @groupList);
110	- @groupList = grep (!/^root$/, @groupList);
111	- @groupList = grep (!/^shared$/, @groupList);
112	- @groupList = grep (!/^www$/, @groupList);
113	-
114	- push @groupList, 'shared', 'www';
115	-
116	- # Only push root if not using ldap (root not in ldap)
117	- push @groupList, 'root' if ($ldapauth ne 'enabled');
118	-
119	- #--------------------------------------------------
120	- # Run usermod command to update group list for admin.
121	- #--------------------------------------------------
122	-
123	- $groups = join (',', sort (@groupList));
124	- if ($ldapauth eq 'enabled')
125	- {
126	- $cmd = "/usr/sbin/cpu usermod -f 'e-smith' -E 'administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
127	- }
128	- else
129	- {
130	- $cmd = "/usr/sbin/usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
131	- }
132	- `$cmd`;
133	- if ($? != 0)
134	- {
135	- die "Failed to change shell and modify supplementary group list for admin.\n";
136	- }
137	- `/usr/bin/gpasswd -a admin root` if ($ldapauth eq 'enabled');
138	-}
139	-
140	-#--------------------------------------------------
141	-# create user "public" if not already present
142	-#--------------------------------------------------
143	-
144	-if ( !getpwnam("public") )
145	-{
146	- `/usr/sbin/useradd -c 'e-smith guest' -d /home/e-smith -G shared -M -s /bin/false public`;
147	-}
148	-
149	-#--------------------------------------------------
150	-# www account already exists. Make sure that it is in groups "admin"
151	-# and "shared" without disturbing any other group memberships.
152	-# First get list of existing groups for www.
153	-#--------------------------------------------------
154	-
155	-my $groups = `/usr/bin/id -G -n www 2>/dev/null`;
156	-if ($? != 0)
157	-{
158	- die "Failed to get supplementary group list for www.\n";
159	-}
160	-chomp ($groups);
161	-
162	-my @groupList = split (/\s+/, $groups);
163	-
164	-#--------------------------------------------------
165	-# Modify group list to make sure "admin" and "shared"
166	-# are listed exactly once each.
167	-#--------------------------------------------------
168	-
169	-@groupList = grep (!/^www$/, @groupList);
170	-@groupList = grep (!/^shared$/, @groupList);
171	-
172	-push @groupList, 'shared';
173	-
174	-#--------------------------------------------------
175	-# Run usermod command to update group list for www.
176	-#--------------------------------------------------
177	-
178	-$groups = join (',', sort (@groupList));
179	-if ($ldapauth eq 'enabled')
180	-{
181	- `/usr/sbin/cpu usermod -f 'e-smith' -E 'web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
182	-}
183	-else
184	-{
185	- `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
186	-}
187	-if ($? != 0)
188	-{
189	- die "Failed to modify supplementary group list for www.\n";
190	-}
191	-
192	-# Now that www exists, change uid/gid of user and group apache
193	-# so they become alias of the www account
194	-if ( !getpwnam("apache") )
195	-{
196	- die "Error creating apache user or group" unless (
197	- system("/usr/sbin/groupadd -g 102 -o apache") == 0 &&
198	- system("/usr/sbin/useradd -u 102 -g 102 -o -c 'Apache' -d /var/www -M -s /bin/nologin apache") == 0
199	- );
200	-}
201	-else
202	-{
203	- my $id = `/usr/bin/id -u apache`;
204	- chomp($id);
205	- if ( $id ne '102')
206	- {
207	- die "Error changing apache uid or gid" unless (
208	- system("/usr/sbin/groupmod -g 102 -o apache") == 0 &&
209	- system("/usr/sbin/usermod -u 102 -g 102 -o apache") == 0
210	- );
211	- warn "failed to fix permissions for apache" unless (
212	- system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
213	- );
214	- }
215	-}
216	+# fix permissions for www and apache
217	+warn "failed to fix permissions for www" unless (
218	+ system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
219	+ );
220	+
221	+warn "failed to fix permissions for apache" unless (
222	+ system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
223	+ );
224
225	# delete unwanted user accounts
226	foreach my $user (qw(halt shutdown sync))