mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-30 17:43:57 +01:00
* doc/guide.tex: Update what permissions does enable-user grant
* doc/guide.html: Likewise * src/configure.ac: Don't explicitely put root privileges when a user is not explicitely enabled * src/configure: Likewise * src/Makefile.in: Likewise SVN Revision: 1443
This commit is contained in:
parent
d76ca7c65b
commit
3f87768c8c
@ -1,5 +1,13 @@
|
|||||||
2008-07-14 Badlop <badlop@process-one.net>
|
2008-07-14 Badlop <badlop@process-one.net>
|
||||||
|
|
||||||
|
* doc/guide.tex: Update what permissions does enable-user grant
|
||||||
|
* doc/guide.html: Likewise
|
||||||
|
|
||||||
|
* src/configure.ac: Don't explicitely put root privileges when a
|
||||||
|
user is not explicitely enabled
|
||||||
|
* src/configure: Likewise
|
||||||
|
* src/Makefile.in: Likewise
|
||||||
|
|
||||||
* src/Makefile.in: Fix docdir so it recognizes prefix. If sbin dir
|
* src/Makefile.in: Fix docdir so it recognizes prefix. If sbin dir
|
||||||
does not exist, create it. Fix cookiefile permission
|
does not exist, create it. Fix cookiefile permission
|
||||||
check. (EJAB-696)
|
check. (EJAB-696)
|
||||||
|
@ -339,12 +339,17 @@ To get the full list run the command:
|
|||||||
</PRE><P>Some options that you may be interested in modifying:
|
</PRE><P>Some options that you may be interested in modifying:
|
||||||
</P><DL CLASS="description"><DT CLASS="dt-description">
|
</P><DL CLASS="description"><DT CLASS="dt-description">
|
||||||
<B><TT>--prefix=/</TT></B></DT><DD CLASS="dd-description">
|
<B><TT>--prefix=/</TT></B></DT><DD CLASS="dd-description">
|
||||||
Specify the path prefix where the files will be copied when running the make install command.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description">
|
Specify the path prefix where the files will be copied when running
|
||||||
|
the <TT>make install</TT> command.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description">
|
||||||
Allow this normal system user to execute the ejabberdctl script
|
Allow this normal system user to execute the ejabberdctl script
|
||||||
(see section <A HREF="#ejabberdctl">4.1</A>),
|
(see section <A HREF="#ejabberdctl">4.1</A>),
|
||||||
modify the configuration files and read log files.
|
read the configuration files,
|
||||||
The account must exist in the machine. It doesn’t need a HOME directory.
|
read and write in the spool directory,
|
||||||
If the option is not set, then only root can perform those actions.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description">
|
read and write in the log directory.
|
||||||
|
The account user and group must exist in the machine
|
||||||
|
before running <TT>make install</TT>.
|
||||||
|
This account doesn’t need an explicit HOME directory, because
|
||||||
|
<TT>/var/lib/ejabberd/</TT> will be used by default.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description">
|
||||||
Enable the PAM authentication method (see section <A HREF="#pam">3.1.4</A>).<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-odbc or --enable-mssql</TT></B></DT><DD CLASS="dd-description">
|
Enable the PAM authentication method (see section <A HREF="#pam">3.1.4</A>).<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-odbc or --enable-mssql</TT></B></DT><DD CLASS="dd-description">
|
||||||
Required if you want to use an external database.
|
Required if you want to use an external database.
|
||||||
See section <A HREF="#database">3.2</A> for more information.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-full-xml</TT></B></DT><DD CLASS="dd-description">
|
See section <A HREF="#database">3.2</A> for more information.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-full-xml</TT></B></DT><DD CLASS="dd-description">
|
||||||
|
@ -322,14 +322,19 @@ To get the full list run the command:
|
|||||||
Some options that you may be interested in modifying:
|
Some options that you may be interested in modifying:
|
||||||
\begin{description}
|
\begin{description}
|
||||||
\titem{--prefix=/}
|
\titem{--prefix=/}
|
||||||
Specify the path prefix where the files will be copied when running the make install command.
|
Specify the path prefix where the files will be copied when running
|
||||||
|
the \term{make install} command.
|
||||||
|
|
||||||
\titem{--enable-user[=USER]}
|
\titem{--enable-user[=USER]}
|
||||||
Allow this normal system user to execute the ejabberdctl script
|
Allow this normal system user to execute the ejabberdctl script
|
||||||
(see section~\ref{ejabberdctl}),
|
(see section~\ref{ejabberdctl}),
|
||||||
modify the configuration files and read log files.
|
read the configuration files,
|
||||||
The account must exist in the machine. It doesn't need a HOME directory.
|
read and write in the spool directory,
|
||||||
If the option is not set, then only root can perform those actions.
|
read and write in the log directory.
|
||||||
|
The account user and group must exist in the machine
|
||||||
|
before running \term{make install}.
|
||||||
|
This account doesn't need an explicit HOME directory, because
|
||||||
|
\term{/var/lib/ejabberd/} will be used by default.
|
||||||
|
|
||||||
\titem{--enable-pam}
|
\titem{--enable-pam}
|
||||||
Enable the PAM authentication method (see section \ref{pam}).
|
Enable the PAM authentication method (see section \ref{pam}).
|
||||||
|
@ -14,6 +14,20 @@ ERLANG_LIBS = @ERLANG_LIBS@
|
|||||||
|
|
||||||
ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj
|
ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj
|
||||||
|
|
||||||
|
INSTALLUSER=@INSTALLUSER@
|
||||||
|
# if no user was enabled, don't set privileges or ownership
|
||||||
|
ifeq ($(INSTALLUSER),)
|
||||||
|
O_USER=
|
||||||
|
G_USER=
|
||||||
|
CHOWN_COMMAND=echo
|
||||||
|
CHOWN_OUTPUT=/dev/null
|
||||||
|
else
|
||||||
|
O_USER=-o $(INSTALLUSER)
|
||||||
|
G_USER=-g $(INSTALLUSER)
|
||||||
|
CHOWN_COMMAND=chown
|
||||||
|
CHOWN_OUTPUT=&1
|
||||||
|
endif
|
||||||
|
|
||||||
EFLAGS += @ERLANG_SSL39@
|
EFLAGS += @ERLANG_SSL39@
|
||||||
EFLAGS += -I ../include
|
EFLAGS += -I ../include
|
||||||
|
|
||||||
@ -44,7 +58,7 @@ endif
|
|||||||
|
|
||||||
INSTALL_EPAM=
|
INSTALL_EPAM=
|
||||||
ifeq (@pam@, pam)
|
ifeq (@pam@, pam)
|
||||||
INSTALL_EPAM=install -m 750 -o @INSTALLUSER@ epam $(PBINDIR)
|
INSTALL_EPAM=install -m 750 $(O_USER) epam $(PBINDIR)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
prefix = @prefix@
|
prefix = @prefix@
|
||||||
@ -145,12 +159,13 @@ $(ERLSHLIBS): %.so: %.c
|
|||||||
$(DYNAMIC_LIB_CFLAGS)
|
$(DYNAMIC_LIB_CFLAGS)
|
||||||
|
|
||||||
install: all
|
install: all
|
||||||
|
echo "AA: '$(AA)'"
|
||||||
#
|
#
|
||||||
# Configuration files
|
# Configuration files
|
||||||
install -d -m 750 -g @INSTALLUSER@ $(ETCDIR)
|
install -d -m 750 $(G_USER) $(ETCDIR)
|
||||||
[ -f $(ETCDIR)/ejabberd.cfg ] \
|
[ -f $(ETCDIR)/ejabberd.cfg ] \
|
||||||
&& install -b -m 640 -g @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new \
|
&& install -b -m 640 $(G_USER) ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new \
|
||||||
|| install -b -m 640 -g @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
|
|| install -b -m 640 $(G_USER) ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
|
||||||
sed -e "s*@rootdir@*@prefix@*" \
|
sed -e "s*@rootdir@*@prefix@*" \
|
||||||
-e "s*@installuser@*@INSTALLUSER@*" \
|
-e "s*@installuser@*@INSTALLUSER@*" \
|
||||||
-e "s*@LIBDIR@*@libdir@*" \
|
-e "s*@LIBDIR@*@libdir@*" \
|
||||||
@ -159,13 +174,13 @@ install: all
|
|||||||
-e "s*@erl@*@ERL@*" ejabberdctl.template \
|
-e "s*@erl@*@ERL@*" ejabberdctl.template \
|
||||||
> ejabberdctl.example
|
> ejabberdctl.example
|
||||||
[ -f $(ETCDIR)/ejabberdctl.cfg ] \
|
[ -f $(ETCDIR)/ejabberdctl.cfg ] \
|
||||||
&& install -b -m 640 -g @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \
|
&& install -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \
|
||||||
|| install -b -m 640 -g @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
|
|| install -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
|
||||||
install -b -m 644 -g @INSTALLUSER@ inetrc $(ETCDIR)/inetrc
|
install -b -m 644 $(G_USER) inetrc $(ETCDIR)/inetrc
|
||||||
#
|
#
|
||||||
# Administration script
|
# Administration script
|
||||||
[ -d $(SBINDIR) ] || install -d 750 $(SBINDIR)
|
[ -d $(SBINDIR) ] || install -d 750 $(SBINDIR)
|
||||||
install -m 550 -g @INSTALLUSER@ ejabberdctl.example $(SBINDIR)/ejabberdctl
|
install -m 550 $(G_USER) ejabberdctl.example $(SBINDIR)/ejabberdctl
|
||||||
#
|
#
|
||||||
# Binary Erlang files
|
# Binary Erlang files
|
||||||
install -d $(BEAMDIR)
|
install -d $(BEAMDIR)
|
||||||
@ -190,14 +205,14 @@ install: all
|
|||||||
install -m 644 msgs/*.msg $(MSGSDIR)
|
install -m 644 msgs/*.msg $(MSGSDIR)
|
||||||
#
|
#
|
||||||
# Spool directory
|
# Spool directory
|
||||||
install -d -m 750 -o @INSTALLUSER@ $(SPOOLDIR)
|
install -d -m 750 $(O_USER) $(SPOOLDIR)
|
||||||
chown -R @INSTALLUSER@ $(SPOOLDIR)
|
$(CHOWN_COMMAND) -R @INSTALLUSER@ $(SPOOLDIR) >$(CHOWN_OUTPUT)
|
||||||
chmod -R 750 $(SPOOLDIR)
|
chmod -R 750 $(SPOOLDIR)
|
||||||
[ ! -f $(COOKIEFILE) ] || { chown @INSTALLUSER@ $(COOKIEFILE) ; chmod 400 $(COOKIEFILE) ; }
|
[ ! -f $(COOKIEFILE) ] || { $(CHOWN_COMMAND) @INSTALLUSER@ $(COOKIEFILE) >$(CHOWN_OUTPUT) ; chmod 400 $(COOKIEFILE) ; }
|
||||||
#
|
#
|
||||||
# Log directory
|
# Log directory
|
||||||
install -d -m 750 -o @INSTALLUSER@ $(LOGDIR)
|
install -d -m 750 $(O_USER) $(LOGDIR)
|
||||||
chown -R @INSTALLUSER@ $(LOGDIR)
|
$(CHOWN_COMMAND) -R @INSTALLUSER@ $(LOGDIR) >$(CHOWN_OUTPUT)
|
||||||
chmod -R 750 $(LOGDIR)
|
chmod -R 750 $(LOGDIR)
|
||||||
#
|
#
|
||||||
# Documentation
|
# Documentation
|
||||||
|
9
src/configure
vendored
9
src/configure
vendored
@ -5909,18 +5909,21 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
ENABLEUSER=root
|
ENABLEUSER=""
|
||||||
# Check whether --enable-user was given.
|
# Check whether --enable-user was given.
|
||||||
if test "${enable_user+set}" = set; then
|
if test "${enable_user+set}" = set; then
|
||||||
enableval=$enable_user; case "${enableval}" in
|
enableval=$enable_user; case "${enableval}" in
|
||||||
yes) ENABLEUSER=`whoami` ;;
|
yes) ENABLEUSER=`whoami` ;;
|
||||||
|
no) ENABLEUSER="" ;;
|
||||||
*) ENABLEUSER=$enableval
|
*) ENABLEUSER=$enableval
|
||||||
esac
|
esac
|
||||||
echo "allow this system user to start ejabberd: $ENABLEUSER"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
INSTALLUSER=$ENABLEUSER
|
if test "$ENABLEUSER" != ""; then
|
||||||
|
echo "allow this system user to start ejabberd: $ENABLEUSER"
|
||||||
|
INSTALLUSER=$ENABLEUSER
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
cat >confcache <<\_ACEOF
|
cat >confcache <<\_ACEOF
|
||||||
# This file is a shell script that caches the results of configure
|
# This file is a shell script that caches the results of configure
|
||||||
|
@ -122,15 +122,18 @@ else
|
|||||||
fi
|
fi
|
||||||
AC_CHECK_HEADER(krb5.h,,)
|
AC_CHECK_HEADER(krb5.h,,)
|
||||||
|
|
||||||
ENABLEUSER=root
|
ENABLEUSER=""
|
||||||
AC_ARG_ENABLE(user,
|
AC_ARG_ENABLE(user,
|
||||||
[AS_HELP_STRING([--enable-user[[[[=USER]]]]], [allow this system user to start ejabberd (default: no)])],
|
[AS_HELP_STRING([--enable-user[[[[=USER]]]]], [allow this system user to start ejabberd (default: no)])],
|
||||||
[case "${enableval}" in
|
[case "${enableval}" in
|
||||||
yes) ENABLEUSER=`whoami` ;;
|
yes) ENABLEUSER=`whoami` ;;
|
||||||
|
no) ENABLEUSER="" ;;
|
||||||
*) ENABLEUSER=$enableval
|
*) ENABLEUSER=$enableval
|
||||||
esac
|
esac],
|
||||||
echo "allow this system user to start ejabberd: $ENABLEUSER"],
|
|
||||||
[])
|
[])
|
||||||
AC_SUBST([INSTALLUSER], [$ENABLEUSER])
|
if test "$ENABLEUSER" != ""; then
|
||||||
|
echo "allow this system user to start ejabberd: $ENABLEUSER"
|
||||||
|
AC_SUBST([INSTALLUSER], [$ENABLEUSER])
|
||||||
|
fi
|
||||||
|
|
||||||
AC_OUTPUT
|
AC_OUTPUT
|
||||||
|
Loading…
Reference in New Issue
Block a user