[Cluster-devel] conga/luci init.d/luci site/luci/etc/stunnel.c ...

Wed Jun 14 20:59:38 UTC 2006

CVSROOT:	/cvs/cluster
Module name:	conga
Changes by:	kupcevic at sourceware.org	2006-06-14 20:59:37

Modified files:
	luci/init.d    : luci 
	luci/site/luci/etc: stunnel.conf zope.conf 
	luci/utils     : luci_admin 

Log message:
	Luci: let luci run as luci user

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/init.d/luci.diff?cvsroot=cluster&r1=1.2&r2=1.3
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/etc/stunnel.conf.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/etc/zope.conf.diff?cvsroot=cluster&r1=1.3&r2=1.4
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.6&r2=1.7

--- conga/luci/init.d/luci	2006/06/06 21:05:43	1.2
+++ conga/luci/init.d/luci	2006/06/14 20:59:37	1.3
@@ -24,8 +24,8 @@
 LUCID="/var/lib/luci/bin/runzope"
 PIDFILE="/var/lib/luci/var/Z2.pid"
 
-LUCI_USER="zope"
-LUCI_GROUP="zope"
+LUCI_USER="luci"
+LUCI_GROUP="luci"
 
 HTTPS_PUBKEY="/var/lib/luci/var/certs/https.pem"
 HTTPS_PRIVKEY="/var/lib/luci/var/certs/https.key.pem"
@@ -57,11 +57,13 @@
 
 generate_https_certs()
 {
+    echo -n "generating https SSL certificates...  "
     /usr/bin/openssl genrsa -out $HTTPS_PRIVKEY 2048 > /dev/null 2>&1
     /usr/bin/openssl req -new -x509 -key $HTTPS_PRIVKEY -out $HTTPS_PUBKEY -days 1095 -config /var/lib/luci/var/certs/cacert.config
     /bin/chown $LUCI_USER:$LUCI_GROUP $HTTPS_PRIVKEY $HTTPS_PUBKEY
     /bin/chmod 600 $HTTPS_PRIVKEY
     /bin/chmod 644 $HTTPS_PUBKEY
+    echo "done"
     return $?
 }
 
--- conga/luci/site/luci/etc/stunnel.conf	2006/06/06 21:05:43	1.1
+++ conga/luci/site/luci/etc/stunnel.conf	2006/06/14 20:59:37	1.2
@@ -1,6 +1,6 @@
 cert         = /var/lib/luci/var/certs/https.pem
 key          = /var/lib/luci/var/certs/https.key.pem
-setuid       = zope
+setuid       = luci
 chroot       = /var/lib/luci/var/stunnel
 pid          = /pid
 
--- conga/luci/site/luci/etc/zope.conf	2006/06/06 21:05:43	1.3
+++ conga/luci/site/luci/etc/zope.conf	2006/06/14 20:59:37	1.4
@@ -150,7 +150,7 @@
 #
 #    effective-user chrism
 
-effective-user zope
+effective-user luci
 
 # Directive: enable-product-installation
 #
--- conga/luci/utils/luci_admin	2006/06/13 18:42:58	1.6
+++ conga/luci/utils/luci_admin	2006/06/14 20:59:37	1.7
@@ -1,6 +1,6 @@
 #!/usr/bin/python
 
-import sys, os, random, crypt, select, string
+import sys, os, stat, random, crypt, select, string
 
 sys.path.extend((
 	'/usr/lib64/zope/lib/python',
@@ -18,8 +18,8 @@
 import types
 
 
-LUCI_USER='zope'
-LUCI_GROUP='zope'
+LUCI_USER='luci'
+LUCI_GROUP='luci'
 
 SSL_PRIVKEY_PATH='/var/lib/luci/var/certs/privkey.pem'
 SSL_PUBKEY_PATH='/var/lib/luci/var/certs/cacert.pem'
@@ -27,6 +27,9 @@
 LUCI_BACKUP_PATH='/var/lib/luci/var/luci_backup.xml'
 LUCI_DB_PATH='/var/lib/luci/var/Data.fs'
 
+INITUSER_FILE_PATH = '/var/lib/luci/inituser'
+
+
 
 def luci_restore(argv):
 	print "TODO: implement me"
@@ -375,9 +378,15 @@
     pswd = '{CRYPT}' + crypt.crypt(password, salt)
     return pswd
 def save_password(user, password):
-    inituser = file('/var/lib/luci/inituser', 'w')
+    inituser = file(INITUSER_FILE_PATH, 'w')
+    os.chmod(INITUSER_FILE_PATH, stat.S_IRUSR|stat.S_IWUSR)
     inituser.write(user + ':' + password)
     inituser.close()
+    
+    command = '/bin/chown'
+    args = [command, LUCI_USER, INITUSER_FILE_PATH]
+    _execWithCaptureErrorStatus(command, args)
+    
     return
 
 


