/[smeserver]/rpms/e-smith-base/sme9/e-smith-base-5.4.0-init-accounts.patch
ViewVC logotype

Contents of /rpms/e-smith-base/sme9/e-smith-base-5.4.0-init-accounts.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Sun May 19 16:01:25 2013 UTC (11 years, 5 months ago) by wellsi
Branch: MAIN
CVS Tags: e-smith-base-5_4_0-40_el6_sme, e-smith-base-5_4_0-44_el6_sme, e-smith-base-5_4_0-49_el6_sme, e-smith-base-5_4_0-37_el6_sme, e-smith-base-5_4_0-42_el6_sme, e-smith-base-5_4_0-43_el6_sme, e-smith-base-5_4_0-34_el6_sme, e-smith-base-5_4_0-35_el6_sme, e-smith-base-5_4_0-36_el6_sme, e-smith-base-5_4_0-41_el6_sme, e-smith-base-5_4_0-50_el6_sme, e-smith-base-5_4_0-58_el6_sme, e-smith-base-5_4_0-45_el6_sme, e-smith-base-5_4_0-57_el6_sme, e-smith-base-5_4_0-46_el6_sme, e-smith-base-5_4_0-62_el6_sme, e-smith-base-5_4_0-39_el6_sme, e-smith-base-5_4_0-56_el6_sme, e-smith-base-5_4_0-52_el6_sme, e-smith-base-5_4_0-54_el6_sme, e-smith-base-5_4_0-51_el6_sme, e-smith-base-5_4_0-47_el6_sme, e-smith-base-5_4_0-55_el6_sme, e-smith-base-5_4_0-38_el6_sme, e-smith-base-5_4_0-53_el6_sme, e-smith-base-5_4_0-61_el6_sme, e-smith-base-5_4_0-60_el6_sme, e-smith-base-5_4_0-48_el6_sme, e-smith-base-5_4_0-59_el6_sme
* Sun May 19 2013 Ian Wells <esmith@wellsi.com> 5.4.0-34.sme
- Remove redundant parts of init-accounts [SME: 3350]

1 diff -ruN e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts
2 --- e-smith-base-5.4.0.old/root/etc/e-smith/events/actions/init-accounts 2013-05-09 22:44:13.000000000 -0700
3 +++ e-smith-base-5.4.0/root/etc/e-smith/events/actions/init-accounts 2013-05-09 22:34:43.000000000 -0700
4 @@ -32,214 +32,14 @@
5
6 my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
7
8 -# create group "shared" if not already present
9 -if ($ldapauth eq 'enabled')
10 -{
11 - system(qw(/usr/sbin/cpu -g 500 groupadd shared)) unless getgrnam("shared");
12 -}
13 -else
14 -{
15 - system(qw(/usr/sbin/groupadd -r -g 500 shared)) unless getgrnam("shared");
16 -}
17 -
18 -# Create other required groups and users
19 -system(qw(/usr/sbin/groupadd -g 21 -r -f slocate))
20 - unless getgrnam("slocate");
21 -system(qw(/usr/sbin/useradd -u 38 -s /sbin/nologin -d /etc/ntp ntp))
22 - unless (getpwnam("ntp"));
23 -
24 -#--------------------------------------------------
25 -# create user "www" if not already present; otherwise change comment to
26 -# "e-smith private web server" (used to just say "e-smith web server")
27 -#--------------------------------------------------
28 -
29 -if ( !getpwnam("www") )
30 -{
31 - if ($ldapauth eq 'enabled')
32 - {
33 - `/usr/sbin/cpu groupadd -g 102 www`;
34 - `/usr/sbin/cpu useradd -u 102 -g 102 -f 'e-smith' -E 'web server' -d /home/e-smith -G shared -M -s /bin/false www`;
35 - }
36 - else
37 - {
38 - die "Error creating www user or group" unless (
39 - system("/usr/sbin/groupadd -g 102 -o www") == 0 &&
40 - system("/usr/sbin/useradd -u 102 -g 102 -o -c 'e-smith web server' -d /home/e-smith -M -s /bin/false www") == 0
41 - );
42 - }
43 -}
44 -else
45 -{
46 - my $uid = `/usr/bin/id -u www`;
47 - chomp($uid);
48 - my $gid = `/usr/bin/id -g www`;
49 - chomp($gid);
50 - if ( $uid ne '102' || $gid ne '102' )
51 - {
52 - if ($ldapauth eq 'enabled')
53 - {
54 - die "Error changing www uid or gid" unless (
55 - system("/usr/sbin/cpu groupmod -g 102 www") == 0 &&
56 - system("/usr/sbin/cpu usermod -u 102 -g 102 www") == 0
57 - );
58 - }
59 - else
60 - {
61 - die "Error changing www uid or gid" unless (
62 - system("/usr/sbin/groupmod -g 102 -o www") == 0 &&
63 - system("/usr/sbin/usermod -u 102 -g 102 -o www") == 0
64 - );
65 - }
66 - warn "failed to fix permissions for www" unless (
67 - system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
68 - );
69 - }
70 -}
71 -
72 -# create user "admin" if not already present;
73 -if ( !getpwnam("admin") )
74 -{
75 - if ($ldapauth eq 'enabled')
76 - {
77 - `/usr/sbin/cpu useradd -u 101 -f 'e-smith' -E 'administrator' -d /home/e-smith -G shared -M -s /sbin/e-smith/console admin`;
78 - `/usr/bin/gpasswd -a admin root`;
79 - }
80 - else
81 - {
82 - `/usr/sbin/useradd -u 101 -c 'e-smith administrator' -d /home/e-smith -G root,shared -M -s /sbin/e-smith/console admin`;
83 - }
84 -}
85 -else
86 -{
87 - #--------------------------------------------------
88 - # admin account already exists. Change shell, and also make sure
89 - # that it is in groups "root" and "shared" without disturbing any
90 - # other group memberships. First get list of existing groups for
91 - # admin.
92 - #--------------------------------------------------
93 -
94 - my $cmd = "/usr/bin/id -G -n admin";
95 - my $groups = `$cmd 2>/dev/null`;
96 - if ($? != 0)
97 - {
98 - die "Failed to get supplementary group list for admin.\n";
99 - }
100 - chomp ($groups);
101 -
102 - my @groupList = split (/\s+/, $groups);
103 -
104 - #--------------------------------------------------
105 - # Modify group list to make sure "root" and "shared"
106 - # are listed exactly once each.
107 - #--------------------------------------------------
108 -
109 - @groupList = grep (!/^admin$/, @groupList);
110 - @groupList = grep (!/^root$/, @groupList);
111 - @groupList = grep (!/^shared$/, @groupList);
112 - @groupList = grep (!/^www$/, @groupList);
113 -
114 - push @groupList, 'shared', 'www';
115 -
116 - # Only push root if not using ldap (root not in ldap)
117 - push @groupList, 'root' if ($ldapauth ne 'enabled');
118 -
119 - #--------------------------------------------------
120 - # Run usermod command to update group list for admin.
121 - #--------------------------------------------------
122 -
123 - $groups = join (',', sort (@groupList));
124 - if ($ldapauth eq 'enabled')
125 - {
126 - $cmd = "/usr/sbin/cpu usermod -f 'e-smith' -E 'administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
127 - }
128 - else
129 - {
130 - $cmd = "/usr/sbin/usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
131 - }
132 - `$cmd`;
133 - if ($? != 0)
134 - {
135 - die "Failed to change shell and modify supplementary group list for admin.\n";
136 - }
137 - `/usr/bin/gpasswd -a admin root` if ($ldapauth eq 'enabled');
138 -}
139 -
140 -#--------------------------------------------------
141 -# create user "public" if not already present
142 -#--------------------------------------------------
143 -
144 -if ( !getpwnam("public") )
145 -{
146 - `/usr/sbin/useradd -c 'e-smith guest' -d /home/e-smith -G shared -M -s /bin/false public`;
147 -}
148 -
149 -#--------------------------------------------------
150 -# www account already exists. Make sure that it is in groups "admin"
151 -# and "shared" without disturbing any other group memberships.
152 -# First get list of existing groups for www.
153 -#--------------------------------------------------
154 -
155 -my $groups = `/usr/bin/id -G -n www 2>/dev/null`;
156 -if ($? != 0)
157 -{
158 - die "Failed to get supplementary group list for www.\n";
159 -}
160 -chomp ($groups);
161 -
162 -my @groupList = split (/\s+/, $groups);
163 -
164 -#--------------------------------------------------
165 -# Modify group list to make sure "admin" and "shared"
166 -# are listed exactly once each.
167 -#--------------------------------------------------
168 -
169 -@groupList = grep (!/^www$/, @groupList);
170 -@groupList = grep (!/^shared$/, @groupList);
171 -
172 -push @groupList, 'shared';
173 -
174 -#--------------------------------------------------
175 -# Run usermod command to update group list for www.
176 -#--------------------------------------------------
177 -
178 -$groups = join (',', sort (@groupList));
179 -if ($ldapauth eq 'enabled')
180 -{
181 - `/usr/sbin/cpu usermod -f 'e-smith' -E 'web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
182 -}
183 -else
184 -{
185 - `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
186 -}
187 -if ($? != 0)
188 -{
189 - die "Failed to modify supplementary group list for www.\n";
190 -}
191 -
192 -# Now that www exists, change uid/gid of user and group apache
193 -# so they become alias of the www account
194 -if ( !getpwnam("apache") )
195 -{
196 - die "Error creating apache user or group" unless (
197 - system("/usr/sbin/groupadd -g 102 -o apache") == 0 &&
198 - system("/usr/sbin/useradd -u 102 -g 102 -o -c 'Apache' -d /var/www -M -s /bin/nologin apache") == 0
199 - );
200 -}
201 -else
202 -{
203 - my $id = `/usr/bin/id -u apache`;
204 - chomp($id);
205 - if ( $id ne '102')
206 - {
207 - die "Error changing apache uid or gid" unless (
208 - system("/usr/sbin/groupmod -g 102 -o apache") == 0 &&
209 - system("/usr/sbin/usermod -u 102 -g 102 -o apache") == 0
210 - );
211 - warn "failed to fix permissions for apache" unless (
212 - system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
213 - );
214 - }
215 -}
216 +# fix permissions for www and apache
217 +warn "failed to fix permissions for www" unless (
218 + system("/bin/rpm --setugids horde imp-h3 ingo-h3 turba-h3 2> /dev/null") == 0
219 + );
220 +
221 +warn "failed to fix permissions for apache" unless (
222 + system("/bin/rpm --setugids httpd mod_auth_tkt mod_ssl php pwauth 2> /dev/null") == 0
223 + );
224
225 # delete unwanted user accounts
226 foreach my $user (qw(halt shutdown sync))

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed