* doc/guide.tex: Update what permissions does enable-user grant

* doc/guide.html: Likewise

* src/configure.ac: Don't explicitely put root privileges when a
user is not explicitely enabled
* src/configure: Likewise
* src/Makefile.in: Likewise

SVN Revision: 1443

ChangeLog

@@ -1,5 +1,13 @@
 2008-07-14  Badlop  <badlop@process-one.net>
 
+	* doc/guide.tex: Update what permissions does enable-user grant
+	* doc/guide.html: Likewise
+
+	* src/configure.ac: Don't explicitely put root privileges when a
+	user is not explicitely enabled
+	* src/configure: Likewise
+	* src/Makefile.in: Likewise
+
 	* src/Makefile.in: Fix docdir so it recognizes prefix. If sbin dir
 	does not exist, create it. Fix cookiefile permission
 	check. (EJAB-696)

doc/guide.html

@@ -339,12 +339,17 @@ To get the full list run the command:
 </PRE><P>Some options that you may be interested in modifying:
 </P><DL CLASS="description"><DT CLASS="dt-description">
 	<B><TT>--prefix=/</TT></B></DT><DD CLASS="dd-description"> 
-	Specify the path prefix where the files will be copied when running the make install command.<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description">
+	Specify the path prefix where the files will be copied when running
+	the <TT>make install</TT> command.<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description">
 	Allow this normal system user to execute the ejabberdctl script 
 	(see section&#XA0;<A HREF="#ejabberdctl">4.1</A>),
-	modify the configuration files and read log files.
-	The account must exist in the machine. It doesn&#X2019;t need a HOME directory.
-	If the option is not set, then only root can perform those actions.<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description"> 
+	read the configuration files,
+	read and write in the spool directory,
+	read and write in the log directory.
+	The account user and group must exist in the machine
+	before running <TT>make install</TT>.
+	This account doesn&#X2019;t need an explicit HOME directory, because
+	<TT>/var/lib/ejabberd/</TT> will be used by default.<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description"> 
 	Enable the PAM authentication method (see section <A HREF="#pam">3.1.4</A>).<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-odbc or --enable-mssql</TT></B></DT><DD CLASS="dd-description">
 	Required if you want to use an external database.
 	See section&#XA0;<A HREF="#database">3.2</A> for more information.<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-full-xml</TT></B></DT><DD CLASS="dd-description"> 

doc/guide.tex

@@ -322,14 +322,19 @@ To get the full list run the command:
 Some options that you may be interested in modifying:
 \begin{description}
 	\titem{--prefix=/} 
-	Specify the path prefix where the files will be copied when running the make install command.
+	Specify the path prefix where the files will be copied when running
+	the \term{make install} command.
 
 	\titem{--enable-user[=USER]}
 	Allow this normal system user to execute the ejabberdctl script 
 	(see section~\ref{ejabberdctl}),
-	modify the configuration files and read log files.
-	The account must exist in the machine. It doesn't need a HOME directory.
-	If the option is not set, then only root can perform those actions.
+	read the configuration files,
+	read and write in the spool directory,
+	read and write in the log directory.
+	The account user and group must exist in the machine
+	before running \term{make install}.
+	This account doesn't need an explicit HOME directory, because
+	\term{/var/lib/ejabberd/} will be used by default.
 
 	\titem{--enable-pam} 
 	Enable the PAM authentication method (see section \ref{pam}).

src/Makefile.in

@@ -14,6 +14,20 @@ ERLANG_LIBS = @ERLANG_LIBS@
 
 ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj
 
+INSTALLUSER=@INSTALLUSER@
+# if no user was enabled, don't set privileges or ownership
+ifeq ($(INSTALLUSER),)
+  O_USER=
+  G_USER=
+  CHOWN_COMMAND=echo
+  CHOWN_OUTPUT=/dev/null
+else
+  O_USER=-o $(INSTALLUSER)
+  G_USER=-g $(INSTALLUSER)
+  CHOWN_COMMAND=chown
+  CHOWN_OUTPUT=&1
+endif
+
 EFLAGS += @ERLANG_SSL39@
 EFLAGS += -I ../include
 
@@ -44,7 +58,7 @@ endif
 
 INSTALL_EPAM=
 ifeq (@pam@, pam)
-  INSTALL_EPAM=install -m 750 -o @INSTALLUSER@ epam $(PBINDIR)
+  INSTALL_EPAM=install -m 750 $(O_USER) epam $(PBINDIR)
 endif
 
 prefix = @prefix@
@@ -145,12 +159,13 @@ $(ERLSHLIBS):	%.so:	%.c
 		$(DYNAMIC_LIB_CFLAGS)
 
 install: all
+	echo "AA: '$(AA)'"
 	#
 	# Configuration files
-	install -d -m 750 -g @INSTALLUSER@ $(ETCDIR)
+	install -d -m 750 $(G_USER) $(ETCDIR)
 	[ -f $(ETCDIR)/ejabberd.cfg ] \
-		&& install -b -m 640 -g @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new \
-		|| install -b -m 640 -g @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
+		&& install -b -m 640 $(G_USER) ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new \
+		|| install -b -m 640 $(G_USER) ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
 	sed -e "s*@rootdir@*@prefix@*" \
 		-e "s*@installuser@*@INSTALLUSER@*" \
 		-e "s*@LIBDIR@*@libdir@*" \
@@ -159,13 +174,13 @@ install: all
 		-e "s*@erl@*@ERL@*" ejabberdctl.template \
 		> ejabberdctl.example
 	[ -f $(ETCDIR)/ejabberdctl.cfg ] \
-		&& install -b -m 640 -g @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \
-		|| install -b -m 640 -g @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
-	install -b -m 644 -g @INSTALLUSER@ inetrc $(ETCDIR)/inetrc
+		&& install -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \
+		|| install -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
+	install -b -m 644 $(G_USER) inetrc $(ETCDIR)/inetrc
 	#
 	# Administration script
 	[ -d $(SBINDIR) ] || install -d 750 $(SBINDIR)
-	install -m 550 -g @INSTALLUSER@ ejabberdctl.example $(SBINDIR)/ejabberdctl
+	install -m 550 $(G_USER) ejabberdctl.example $(SBINDIR)/ejabberdctl
 	#
 	# Binary Erlang files
 	install -d $(BEAMDIR)
@@ -190,14 +205,14 @@ install: all
 	install -m 644 msgs/*.msg $(MSGSDIR)
 	#
 	# Spool directory
-	install -d -m 750 -o @INSTALLUSER@ $(SPOOLDIR)
-	chown -R @INSTALLUSER@ $(SPOOLDIR)
+	install -d -m 750 $(O_USER) $(SPOOLDIR)
+	$(CHOWN_COMMAND) -R @INSTALLUSER@ $(SPOOLDIR) >$(CHOWN_OUTPUT)
 	chmod -R 750 $(SPOOLDIR)
-	[ ! -f $(COOKIEFILE) ] || { chown @INSTALLUSER@ $(COOKIEFILE) ; chmod 400 $(COOKIEFILE) ; }
+	[ ! -f $(COOKIEFILE) ] || { $(CHOWN_COMMAND) @INSTALLUSER@ $(COOKIEFILE) >$(CHOWN_OUTPUT) ; chmod 400 $(COOKIEFILE) ; }
 	#
 	# Log directory
-	install -d -m 750 -o @INSTALLUSER@ $(LOGDIR)
-	chown -R @INSTALLUSER@ $(LOGDIR)
+	install -d -m 750 $(O_USER) $(LOGDIR)
+	$(CHOWN_COMMAND) -R @INSTALLUSER@ $(LOGDIR) >$(CHOWN_OUTPUT)
 	chmod -R 750 $(LOGDIR)
 	#
 	# Documentation

src/configure

@@ -5909,18 +5909,21 @@ fi
 
 
 
-ENABLEUSER=root
+ENABLEUSER=""
 # Check whether --enable-user was given.
 if test "${enable_user+set}" = set; then
   enableval=$enable_user; case "${enableval}" in
      yes) ENABLEUSER=`whoami` ;;
+     no) ENABLEUSER="" ;;
      *) ENABLEUSER=$enableval
    esac
-   echo "allow this system user to start ejabberd: $ENABLEUSER"
 fi
 
-INSTALLUSER=$ENABLEUSER
+if test "$ENABLEUSER" != ""; then
+  echo "allow this system user to start ejabberd: $ENABLEUSER"
+  INSTALLUSER=$ENABLEUSER
 
+fi
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure

src/configure.ac

@@ -122,15 +122,18 @@ else
 fi
 AC_CHECK_HEADER(krb5.h,,)
 
-ENABLEUSER=root
+ENABLEUSER=""
 AC_ARG_ENABLE(user,
   [AS_HELP_STRING([--enable-user[[[[=USER]]]]], [allow this system user to start ejabberd (default: no)])],
   [case "${enableval}" in
      yes) ENABLEUSER=`whoami` ;;
+     no) ENABLEUSER="" ;;
      *) ENABLEUSER=$enableval
-   esac
-   echo "allow this system user to start ejabberd: $ENABLEUSER"],
+   esac],
   [])
-AC_SUBST([INSTALLUSER], [$ENABLEUSER])
+if test "$ENABLEUSER" != ""; then
+  echo "allow this system user to start ejabberd: $ENABLEUSER"
+  AC_SUBST([INSTALLUSER], [$ENABLEUSER])
+fi
 
 AC_OUTPUT