[Cluster-devel] conga/luci init.d/luci site/luci/etc/stunnel.c ...
kupcevic at sourceware.org
kupcevic at sourceware.org
Wed Jun 14 20:59:38 UTC 2006
CVSROOT: /cvs/cluster
Module name: conga
Changes by: kupcevic at sourceware.org 2006-06-14 20:59:37
Modified files:
luci/init.d : luci
luci/site/luci/etc: stunnel.conf zope.conf
luci/utils : luci_admin
Log message:
Luci: let luci run as luci user
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/init.d/luci.diff?cvsroot=cluster&r1=1.2&r2=1.3
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/etc/stunnel.conf.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/etc/zope.conf.diff?cvsroot=cluster&r1=1.3&r2=1.4
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.6&r2=1.7
--- conga/luci/init.d/luci 2006/06/06 21:05:43 1.2
+++ conga/luci/init.d/luci 2006/06/14 20:59:37 1.3
@@ -24,8 +24,8 @@
LUCID="/var/lib/luci/bin/runzope"
PIDFILE="/var/lib/luci/var/Z2.pid"
-LUCI_USER="zope"
-LUCI_GROUP="zope"
+LUCI_USER="luci"
+LUCI_GROUP="luci"
HTTPS_PUBKEY="/var/lib/luci/var/certs/https.pem"
HTTPS_PRIVKEY="/var/lib/luci/var/certs/https.key.pem"
@@ -57,11 +57,13 @@
generate_https_certs()
{
+ echo -n "generating https SSL certificates... "
/usr/bin/openssl genrsa -out $HTTPS_PRIVKEY 2048 > /dev/null 2>&1
/usr/bin/openssl req -new -x509 -key $HTTPS_PRIVKEY -out $HTTPS_PUBKEY -days 1095 -config /var/lib/luci/var/certs/cacert.config
/bin/chown $LUCI_USER:$LUCI_GROUP $HTTPS_PRIVKEY $HTTPS_PUBKEY
/bin/chmod 600 $HTTPS_PRIVKEY
/bin/chmod 644 $HTTPS_PUBKEY
+ echo "done"
return $?
}
--- conga/luci/site/luci/etc/stunnel.conf 2006/06/06 21:05:43 1.1
+++ conga/luci/site/luci/etc/stunnel.conf 2006/06/14 20:59:37 1.2
@@ -1,6 +1,6 @@
cert = /var/lib/luci/var/certs/https.pem
key = /var/lib/luci/var/certs/https.key.pem
-setuid = zope
+setuid = luci
chroot = /var/lib/luci/var/stunnel
pid = /pid
--- conga/luci/site/luci/etc/zope.conf 2006/06/06 21:05:43 1.3
+++ conga/luci/site/luci/etc/zope.conf 2006/06/14 20:59:37 1.4
@@ -150,7 +150,7 @@
#
# effective-user chrism
-effective-user zope
+effective-user luci
# Directive: enable-product-installation
#
--- conga/luci/utils/luci_admin 2006/06/13 18:42:58 1.6
+++ conga/luci/utils/luci_admin 2006/06/14 20:59:37 1.7
@@ -1,6 +1,6 @@
#!/usr/bin/python
-import sys, os, random, crypt, select, string
+import sys, os, stat, random, crypt, select, string
sys.path.extend((
'/usr/lib64/zope/lib/python',
@@ -18,8 +18,8 @@
import types
-LUCI_USER='zope'
-LUCI_GROUP='zope'
+LUCI_USER='luci'
+LUCI_GROUP='luci'
SSL_PRIVKEY_PATH='/var/lib/luci/var/certs/privkey.pem'
SSL_PUBKEY_PATH='/var/lib/luci/var/certs/cacert.pem'
@@ -27,6 +27,9 @@
LUCI_BACKUP_PATH='/var/lib/luci/var/luci_backup.xml'
LUCI_DB_PATH='/var/lib/luci/var/Data.fs'
+INITUSER_FILE_PATH = '/var/lib/luci/inituser'
+
+
def luci_restore(argv):
print "TODO: implement me"
@@ -375,9 +378,15 @@
pswd = '{CRYPT}' + crypt.crypt(password, salt)
return pswd
def save_password(user, password):
- inituser = file('/var/lib/luci/inituser', 'w')
+ inituser = file(INITUSER_FILE_PATH, 'w')
+ os.chmod(INITUSER_FILE_PATH, stat.S_IRUSR|stat.S_IWUSR)
inituser.write(user + ':' + password)
inituser.close()
+
+ command = '/bin/chown'
+ args = [command, LUCI_USER, INITUSER_FILE_PATH]
+ _execWithCaptureErrorStatus(command, args)
+
return
More information about the Cluster-devel
mailing list