[Fedora-directory-commits] ldapserver/ldap/cm/newinst setup, 1.15, 1.16
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Fri Nov 3 19:09:59 UTC 2006
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/cm/newinst
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3965
Modified Files:
setup
Log Message:
Bug(s) fixed: 213786
Bug Description: upgrade install of ssl enabled servers changes file/dir permisssions from nobody to root
Reviewed by: nhosoi (Thanks!)
Fix Description: The ssloff and sslon operations change several files, by grep/sed to temp
files, then moving the temp files over the original ones. When done as root,
this changes the file ownership to root from the original nobody. In order to
preserve the file/directory ownership, we first figure out the instance, then
use the ownership of that dse.ldif file to determine the server user:group. We
have to do this before the call to SSLOff because SSLOff needs the user:group
to chown the files. Then, every time we create a new file and replace an
existing one, we do a chown $user:$group to preserve the existing file
ownership.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
Index: setup
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- setup 23 Feb 2006 19:30:41 -0000 1.15
+++ setup 3 Nov 2006 19:09:57 -0000 1.16
@@ -157,6 +157,10 @@
tmpinffile=
nextisinffile=
keepinffile=
+# set by user or from existing files during upgrade
+user=
+# set by user or from existing files during upgrade
+group=
for arg in "$@" ; do
if [ "$arg" = "-s" ]; then
silent=1
@@ -227,6 +231,7 @@
echo $conffile=$security >> $tmpfile
cat $conffile | sed -e "s/^\($security\) .*/\1 off/g" > $conffile.01
mv $conffile.01 $conffile
+ chown $user:$group $conffile
echo "$conffile: SSL off ..."
fi
fi
@@ -248,6 +253,7 @@
echo $conffile=$confparam >> $tmpfile
cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"off\"/g" > $conffile.0
mv $conffile.0 $conffile
+ chown $user:$group $conffile
echo "$conffile: SSL off ..."
fi
sslparams0=`grep -i "<.*SSLPARAMS " $conffile`
@@ -263,6 +269,7 @@
sslparams=`echo $sslparams1 | sed -e 's/\"/\\\\\"/g'`
cat $conffile | sed -e "s/\($sslparams\)/\<\!-- \1 --\>/g" > $conffile.1
mv $conffile.1 $conffile
+ chown $user:$group $conffile
fi
fi
}
@@ -282,6 +289,7 @@
$dir/stop-slapd
cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 off/g" > $dir/config/dse.ldif.0
mv $dir/config/dse.ldif.0 $dir/config/dse.ldif
+ chown $user:$group $dir/config/dse.ldif
echo "$dir/config/dse.ldif: SSL off ..."
fi
fi
@@ -308,6 +316,7 @@
if [ -f $conffile ]; then
cat $conffile | sed -e "s/^\($confparam\) .*/\1 on/g" > $conffile.00
mv $conffile.00 $conffile
+ chown $user:$group $conffile
echo "$conffile $confparam: SSL on ..."
fi
}
@@ -317,6 +326,7 @@
if [ -f $conffile ]; then
cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"on\"/g" > $conffile.2
mv $conffile.2 $conffile
+ chown $user:$group $conffile
fi
grep -i "<.*SSLPARAMS " $conffile > /dev/null 2>&1
rval=$?
@@ -324,6 +334,7 @@
then
cat $conffile | sed -e "s/<\!-- *$sslparams *-->/$sslparams/g" > $conffile.3
mv $conffile.3 $conffile
+ chown $user:$group $conffile
fi
echo "$conffile: SSL on ..."
}
@@ -336,6 +347,7 @@
$dir/stop-slapd
cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 on/g" > $dir/config/dse.ldif.0
mv $dir/config/dse.ldif.0 $dir/config/dse.ldif
+ chown $user:$group $dir/config/dse.ldif
echo "$dir/config/dse.ldif: SSL on ..."
echo "Restarting Directory Server: $dir/start-slapd"
$dir/start-slapd
@@ -370,9 +382,14 @@
# check whether it is an in-place installation
if [ -f $sroot/admin-serv/config/adm.conf ]; then
+ dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'`
+ if [ -f $sroot/$dsinst/config/dse.ldif ]; then
+ user=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $3}'`
+ group=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'`
+ fi
+
SSLOff
- dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'`
if [ -f $sroot/$dsinst/config/dse.ldif ]; then
# it is an in=place installation
ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"`
@@ -380,8 +397,6 @@
adminport=`getValFromAdminConf "\<port:" "adm.conf"`
adminid=`getValFromAdmpw "admpw"`
sysuser=`getValFromAdminConf "nsSuiteSpotUser:" "local.conf"`
- suitespotuser=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $3}'`
- suitespotgroup=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'`
admindomain=`echo $ldaphost | awk -F. '{print $5 ? $2 "." $3 "." $4 "." $5: $4 ? $2 "." $3 "." $4 : $3 ? $2 "." $3 : $2 ? $2 : ""}'`
if [ "$admindomain" = "" ]; then
admindomain=`domainname`
@@ -405,8 +420,8 @@
inffile=$sroot/setup/myinstall.inf
echo "[General]" > $inffile
echo "FullMachineName= $ldaphost" >> $inffile
- echo "SuiteSpotUserID= $suitespotuser" >> $inffile
- echo "SuitespotGroup= $suitespotgroup" >> $inffile
+ echo "SuiteSpotUserID= $user" >> $inffile
+ echo "SuitespotGroup= $group" >> $inffile
echo "ServerRoot= $sroot" >> $inffile
echo "ConfigDirectoryLdapURL= ldap://$ldaphost:$ldapport/o=NetscapeRoot" >> $inffile
echo "ConfigDirectoryAdminID= $adminid" >> $inffile
More information about the Fedora-directory-commits
mailing list