26
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-30 17:43:57 +01:00

* doc/guide.tex: Update what permissions does enable-user grant

* doc/guide.html: Likewise

* src/configure.ac: Don't explicitely put root privileges when a
user is not explicitely enabled
* src/configure: Likewise
* src/Makefile.in: Likewise

SVN Revision: 1443
This commit is contained in:
Badlop 2008-07-14 10:06:13 +00:00
parent d76ca7c65b
commit 3f87768c8c
6 changed files with 67 additions and 28 deletions

View File

@ -1,5 +1,13 @@
2008-07-14 Badlop <badlop@process-one.net> 2008-07-14 Badlop <badlop@process-one.net>
* doc/guide.tex: Update what permissions does enable-user grant
* doc/guide.html: Likewise
* src/configure.ac: Don't explicitely put root privileges when a
user is not explicitely enabled
* src/configure: Likewise
* src/Makefile.in: Likewise
* src/Makefile.in: Fix docdir so it recognizes prefix. If sbin dir * src/Makefile.in: Fix docdir so it recognizes prefix. If sbin dir
does not exist, create it. Fix cookiefile permission does not exist, create it. Fix cookiefile permission
check. (EJAB-696) check. (EJAB-696)

View File

@ -339,12 +339,17 @@ To get the full list run the command:
</PRE><P>Some options that you may be interested in modifying: </PRE><P>Some options that you may be interested in modifying:
</P><DL CLASS="description"><DT CLASS="dt-description"> </P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>--prefix=/</TT></B></DT><DD CLASS="dd-description"> <B><TT>--prefix=/</TT></B></DT><DD CLASS="dd-description">
Specify the path prefix where the files will be copied when running the make install command.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description"> Specify the path prefix where the files will be copied when running
the <TT>make install</TT> command.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description">
Allow this normal system user to execute the ejabberdctl script Allow this normal system user to execute the ejabberdctl script
(see section&#XA0;<A HREF="#ejabberdctl">4.1</A>), (see section&#XA0;<A HREF="#ejabberdctl">4.1</A>),
modify the configuration files and read log files. read the configuration files,
The account must exist in the machine. It doesn&#X2019;t need a HOME directory. read and write in the spool directory,
If the option is not set, then only root can perform those actions.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description"> read and write in the log directory.
The account user and group must exist in the machine
before running <TT>make install</TT>.
This account doesn&#X2019;t need an explicit HOME directory, because
<TT>/var/lib/ejabberd/</TT> will be used by default.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description">
Enable the PAM authentication method (see section <A HREF="#pam">3.1.4</A>).<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-odbc or --enable-mssql</TT></B></DT><DD CLASS="dd-description"> Enable the PAM authentication method (see section <A HREF="#pam">3.1.4</A>).<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-odbc or --enable-mssql</TT></B></DT><DD CLASS="dd-description">
Required if you want to use an external database. Required if you want to use an external database.
See section&#XA0;<A HREF="#database">3.2</A> for more information.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-full-xml</TT></B></DT><DD CLASS="dd-description"> See section&#XA0;<A HREF="#database">3.2</A> for more information.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-full-xml</TT></B></DT><DD CLASS="dd-description">

View File

@ -322,14 +322,19 @@ To get the full list run the command:
Some options that you may be interested in modifying: Some options that you may be interested in modifying:
\begin{description} \begin{description}
\titem{--prefix=/} \titem{--prefix=/}
Specify the path prefix where the files will be copied when running the make install command. Specify the path prefix where the files will be copied when running
the \term{make install} command.
\titem{--enable-user[=USER]} \titem{--enable-user[=USER]}
Allow this normal system user to execute the ejabberdctl script Allow this normal system user to execute the ejabberdctl script
(see section~\ref{ejabberdctl}), (see section~\ref{ejabberdctl}),
modify the configuration files and read log files. read the configuration files,
The account must exist in the machine. It doesn't need a HOME directory. read and write in the spool directory,
If the option is not set, then only root can perform those actions. read and write in the log directory.
The account user and group must exist in the machine
before running \term{make install}.
This account doesn't need an explicit HOME directory, because
\term{/var/lib/ejabberd/} will be used by default.
\titem{--enable-pam} \titem{--enable-pam}
Enable the PAM authentication method (see section \ref{pam}). Enable the PAM authentication method (see section \ref{pam}).

View File

@ -14,6 +14,20 @@ ERLANG_LIBS = @ERLANG_LIBS@
ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj
INSTALLUSER=@INSTALLUSER@
# if no user was enabled, don't set privileges or ownership
ifeq ($(INSTALLUSER),)
O_USER=
G_USER=
CHOWN_COMMAND=echo
CHOWN_OUTPUT=/dev/null
else
O_USER=-o $(INSTALLUSER)
G_USER=-g $(INSTALLUSER)
CHOWN_COMMAND=chown
CHOWN_OUTPUT=&1
endif
EFLAGS += @ERLANG_SSL39@ EFLAGS += @ERLANG_SSL39@
EFLAGS += -I ../include EFLAGS += -I ../include
@ -44,7 +58,7 @@ endif
INSTALL_EPAM= INSTALL_EPAM=
ifeq (@pam@, pam) ifeq (@pam@, pam)
INSTALL_EPAM=install -m 750 -o @INSTALLUSER@ epam $(PBINDIR) INSTALL_EPAM=install -m 750 $(O_USER) epam $(PBINDIR)
endif endif
prefix = @prefix@ prefix = @prefix@
@ -145,12 +159,13 @@ $(ERLSHLIBS): %.so: %.c
$(DYNAMIC_LIB_CFLAGS) $(DYNAMIC_LIB_CFLAGS)
install: all install: all
echo "AA: '$(AA)'"
# #
# Configuration files # Configuration files
install -d -m 750 -g @INSTALLUSER@ $(ETCDIR) install -d -m 750 $(G_USER) $(ETCDIR)
[ -f $(ETCDIR)/ejabberd.cfg ] \ [ -f $(ETCDIR)/ejabberd.cfg ] \
&& install -b -m 640 -g @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new \ && install -b -m 640 $(G_USER) ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new \
|| install -b -m 640 -g @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg || install -b -m 640 $(G_USER) ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
sed -e "s*@rootdir@*@prefix@*" \ sed -e "s*@rootdir@*@prefix@*" \
-e "s*@installuser@*@INSTALLUSER@*" \ -e "s*@installuser@*@INSTALLUSER@*" \
-e "s*@LIBDIR@*@libdir@*" \ -e "s*@LIBDIR@*@libdir@*" \
@ -159,13 +174,13 @@ install: all
-e "s*@erl@*@ERL@*" ejabberdctl.template \ -e "s*@erl@*@ERL@*" ejabberdctl.template \
> ejabberdctl.example > ejabberdctl.example
[ -f $(ETCDIR)/ejabberdctl.cfg ] \ [ -f $(ETCDIR)/ejabberdctl.cfg ] \
&& install -b -m 640 -g @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \ && install -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \
|| install -b -m 640 -g @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg || install -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
install -b -m 644 -g @INSTALLUSER@ inetrc $(ETCDIR)/inetrc install -b -m 644 $(G_USER) inetrc $(ETCDIR)/inetrc
# #
# Administration script # Administration script
[ -d $(SBINDIR) ] || install -d 750 $(SBINDIR) [ -d $(SBINDIR) ] || install -d 750 $(SBINDIR)
install -m 550 -g @INSTALLUSER@ ejabberdctl.example $(SBINDIR)/ejabberdctl install -m 550 $(G_USER) ejabberdctl.example $(SBINDIR)/ejabberdctl
# #
# Binary Erlang files # Binary Erlang files
install -d $(BEAMDIR) install -d $(BEAMDIR)
@ -190,14 +205,14 @@ install: all
install -m 644 msgs/*.msg $(MSGSDIR) install -m 644 msgs/*.msg $(MSGSDIR)
# #
# Spool directory # Spool directory
install -d -m 750 -o @INSTALLUSER@ $(SPOOLDIR) install -d -m 750 $(O_USER) $(SPOOLDIR)
chown -R @INSTALLUSER@ $(SPOOLDIR) $(CHOWN_COMMAND) -R @INSTALLUSER@ $(SPOOLDIR) >$(CHOWN_OUTPUT)
chmod -R 750 $(SPOOLDIR) chmod -R 750 $(SPOOLDIR)
[ ! -f $(COOKIEFILE) ] || { chown @INSTALLUSER@ $(COOKIEFILE) ; chmod 400 $(COOKIEFILE) ; } [ ! -f $(COOKIEFILE) ] || { $(CHOWN_COMMAND) @INSTALLUSER@ $(COOKIEFILE) >$(CHOWN_OUTPUT) ; chmod 400 $(COOKIEFILE) ; }
# #
# Log directory # Log directory
install -d -m 750 -o @INSTALLUSER@ $(LOGDIR) install -d -m 750 $(O_USER) $(LOGDIR)
chown -R @INSTALLUSER@ $(LOGDIR) $(CHOWN_COMMAND) -R @INSTALLUSER@ $(LOGDIR) >$(CHOWN_OUTPUT)
chmod -R 750 $(LOGDIR) chmod -R 750 $(LOGDIR)
# #
# Documentation # Documentation

9
src/configure vendored
View File

@ -5909,18 +5909,21 @@ fi
ENABLEUSER=root ENABLEUSER=""
# Check whether --enable-user was given. # Check whether --enable-user was given.
if test "${enable_user+set}" = set; then if test "${enable_user+set}" = set; then
enableval=$enable_user; case "${enableval}" in enableval=$enable_user; case "${enableval}" in
yes) ENABLEUSER=`whoami` ;; yes) ENABLEUSER=`whoami` ;;
no) ENABLEUSER="" ;;
*) ENABLEUSER=$enableval *) ENABLEUSER=$enableval
esac esac
echo "allow this system user to start ejabberd: $ENABLEUSER"
fi fi
INSTALLUSER=$ENABLEUSER if test "$ENABLEUSER" != ""; then
echo "allow this system user to start ejabberd: $ENABLEUSER"
INSTALLUSER=$ENABLEUSER
fi
cat >confcache <<\_ACEOF cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure # This file is a shell script that caches the results of configure

View File

@ -122,15 +122,18 @@ else
fi fi
AC_CHECK_HEADER(krb5.h,,) AC_CHECK_HEADER(krb5.h,,)
ENABLEUSER=root ENABLEUSER=""
AC_ARG_ENABLE(user, AC_ARG_ENABLE(user,
[AS_HELP_STRING([--enable-user[[[[=USER]]]]], [allow this system user to start ejabberd (default: no)])], [AS_HELP_STRING([--enable-user[[[[=USER]]]]], [allow this system user to start ejabberd (default: no)])],
[case "${enableval}" in [case "${enableval}" in
yes) ENABLEUSER=`whoami` ;; yes) ENABLEUSER=`whoami` ;;
no) ENABLEUSER="" ;;
*) ENABLEUSER=$enableval *) ENABLEUSER=$enableval
esac esac],
echo "allow this system user to start ejabberd: $ENABLEUSER"],
[]) [])
AC_SUBST([INSTALLUSER], [$ENABLEUSER]) if test "$ENABLEUSER" != ""; then
echo "allow this system user to start ejabberd: $ENABLEUSER"
AC_SUBST([INSTALLUSER], [$ENABLEUSER])
fi
AC_OUTPUT AC_OUTPUT