[Fedora-directory-commits] ldapserver/ldap/cm/newinst setup, 1.15, 1.16

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Fri Nov 3 19:09:59 UTC 2006


Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/cm/newinst
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3965

Modified Files:
	setup 
Log Message:
Bug(s) fixed: 213786
Bug Description: upgrade install of ssl enabled servers changes file/dir permisssions from nobody to root
Reviewed by: nhosoi (Thanks!)
Fix Description: The ssloff and sslon operations change several files, by grep/sed to temp
files, then moving the temp files over the original ones.  When done as root,
this changes the file ownership to root from the original nobody.  In order to
preserve the file/directory ownership, we first figure out the instance, then
use the ownership of that dse.ldif file to determine the server user:group.  We
have to do this before the call to SSLOff because SSLOff needs the user:group
to chown the files.  Then, every time we create a new file and replace an
existing one, we do a chown $user:$group to preserve the existing file
ownership.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no 



Index: setup
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- setup	23 Feb 2006 19:30:41 -0000	1.15
+++ setup	3 Nov 2006 19:09:57 -0000	1.16
@@ -157,6 +157,10 @@
 tmpinffile=
 nextisinffile=
 keepinffile=
+# set by user or from existing files during upgrade
+user=
+# set by user or from existing files during upgrade
+group=
 for arg in "$@" ; do
 	if [ "$arg" = "-s" ]; then
 		silent=1
@@ -227,6 +231,7 @@
 			echo $conffile=$security >> $tmpfile
 			cat $conffile | sed -e "s/^\($security\) .*/\1 off/g" > $conffile.01
 			mv $conffile.01 $conffile
+			chown $user:$group $conffile
 			echo "$conffile: SSL off ..."
 		fi
 	fi
@@ -248,6 +253,7 @@
 			echo $conffile=$confparam >> $tmpfile
 			cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"off\"/g" > $conffile.0
 			mv $conffile.0 $conffile
+			chown $user:$group $conffile
 			echo "$conffile: SSL off ..."
 		fi
 		sslparams0=`grep -i "<.*SSLPARAMS " $conffile`
@@ -263,6 +269,7 @@
 			sslparams=`echo $sslparams1 | sed -e 's/\"/\\\\\"/g'`
 			cat $conffile | sed -e "s/\($sslparams\)/\<\!-- \1 --\>/g" > $conffile.1
 			mv $conffile.1 $conffile
+			chown $user:$group $conffile
 		fi
 	fi
 }
@@ -282,6 +289,7 @@
 				$dir/stop-slapd
 				cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 off/g" > $dir/config/dse.ldif.0
 				mv $dir/config/dse.ldif.0 $dir/config/dse.ldif
+				chown $user:$group $dir/config/dse.ldif
 				echo "$dir/config/dse.ldif: SSL off ..."
 			fi
 		fi
@@ -308,6 +316,7 @@
 	if [ -f $conffile ]; then
 		cat $conffile | sed -e "s/^\($confparam\) .*/\1 on/g" > $conffile.00
 		mv $conffile.00 $conffile
+		chown $user:$group $conffile
 		echo "$conffile $confparam: SSL on ..."
 	fi
 }
@@ -317,6 +326,7 @@
 	if [ -f $conffile ]; then
 		cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"on\"/g" > $conffile.2
 		mv $conffile.2 $conffile
+		chown $user:$group $conffile
 	fi
 	grep -i "<.*SSLPARAMS " $conffile > /dev/null 2>&1
 	rval=$?
@@ -324,6 +334,7 @@
 	then
 		cat $conffile | sed -e "s/<\!-- *$sslparams *-->/$sslparams/g" > $conffile.3
 		mv $conffile.3 $conffile
+		chown $user:$group $conffile
 	fi
 	echo "$conffile: SSL on ..."
 }
@@ -336,6 +347,7 @@
 				$dir/stop-slapd
 				cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 on/g" > $dir/config/dse.ldif.0
 				mv $dir/config/dse.ldif.0 $dir/config/dse.ldif
+				chown $user:$group $dir/config/dse.ldif
 				echo "$dir/config/dse.ldif: SSL on ..."
 				echo "Restarting Directory Server: $dir/start-slapd"
 				$dir/start-slapd
@@ -370,9 +382,14 @@
 
 # check whether it is an in-place installation
 if [ -f $sroot/admin-serv/config/adm.conf ]; then
+	dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'`
+	if [ -f $sroot/$dsinst/config/dse.ldif ]; then
+		user=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $3}'`
+		group=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'`
+    fi
+
 	SSLOff
 
-	dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'`
 	if [ -f $sroot/$dsinst/config/dse.ldif ]; then
 		# it is an in=place installation
 		ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"`
@@ -380,8 +397,6 @@
 		adminport=`getValFromAdminConf "\<port:" "adm.conf"`
 		adminid=`getValFromAdmpw "admpw"`
 		sysuser=`getValFromAdminConf "nsSuiteSpotUser:" "local.conf"`
-		suitespotuser=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $3}'`
-		suitespotgroup=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'`
 		admindomain=`echo $ldaphost | awk -F. '{print $5 ? $2 "." $3 "." $4 "." $5: $4 ? $2 "." $3 "." $4 : $3 ? $2 "." $3 : $2 ? $2 : ""}'`
 		if [ "$admindomain" = "" ]; then
 			admindomain=`domainname`
@@ -405,8 +420,8 @@
 		inffile=$sroot/setup/myinstall.inf
 		echo "[General]" > $inffile
 		echo "FullMachineName=   $ldaphost" >> $inffile
-		echo "SuiteSpotUserID=   $suitespotuser" >> $inffile
-		echo "SuitespotGroup=   $suitespotgroup" >> $inffile
+		echo "SuiteSpotUserID=   $user" >> $inffile
+		echo "SuitespotGroup=   $group" >> $inffile
 		echo "ServerRoot=   $sroot" >> $inffile
 		echo "ConfigDirectoryLdapURL=   ldap://$ldaphost:$ldapport/o=NetscapeRoot" >> $inffile
 		echo "ConfigDirectoryAdminID=   $adminid" >> $inffile




More information about the Fedora-directory-commits mailing list