* src/configure.ac: Allow to execute ejabberd with a normal

system user (thanks to Viq)(EJAB-402) * src/configure: Likewise * src/ejabberdctl.template: Likewise * src/Makefile.in: Likewise * doc/guide.tex: Likewise * doc/guide.html: Likewise SVN Revision: 1439
2008-07-12 22:02:16 +00:00 · 2008-07-12 22:02:16 +00:00 · 871d1dfad6
parent 983022438e
commit 871d1dfad6
7 changed files with 102 additions and 29 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+2008-07-13  Badlop  <badlop@process-one.net>
+
+	* src/configure.ac: Allow to execute ejabberd with a normal
+	system user (thanks to Viq)(EJAB-402)
+	* src/configure: Likewise
+	* src/ejabberdctl.template: Likewise
+	* src/Makefile.in: Likewise
+	* doc/guide.tex: Likewise
+	* doc/guide.html: Likewise
+
 2008-07-12  Badlop  <badlop@process-one.net>

 	* src/configure.ac: Improve legibility
--- a/doc/guide.html
+++ b/doc/guide.html
@ -339,7 +339,12 @@ To get the full list run the command:
 </PRE><P>Some options that you may be interested in modifying:
 </P><DL CLASS="description"><DT CLASS="dt-description">
 	<B><TT>--prefix=/</TT></B></DT><DD CLASS="dd-description"> 
-	Specify the path prefix where the files will be copied when running the make install command.<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description"> 
+	Specify the path prefix where the files will be copied when running the make install command.<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description">
+	Allow this normal system user to execute the ejabberdctl script 
+	(see section&#XA0;<A HREF="#ejabberdctl">4.1</A>),
+	modify the configuration files and read log files.
+	The account must exist in the machine. It doesn&#X2019;t need a HOME directory.
+	If the option is not set, then only root can perform those actions.<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description"> 
 	Enable the PAM authentication method (see section <A HREF="#pam">3.1.4</A>).<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-odbc or --enable-mssql</TT></B></DT><DD CLASS="dd-description">
 	Required if you want to use an external database.
 	See section&#XA0;<A HREF="#database">3.2</A> for more information.<P>	</P></DD><DT CLASS="dt-description"><B><TT>--enable-full-xml</TT></B></DT><DD CLASS="dd-description"> 
@ -360,7 +365,7 @@ to install <TT>ejabberd</TT>.</P><P>The files and directories created are, by de
 			</DD><DT CLASS="dt-description"><B><TT>ejabberdctl.cfg</TT></B></DT><DD CLASS="dd-description"> Configuration file of the administration script
 			</DD><DT CLASS="dt-description"><B><TT>inetrc</TT></B></DT><DD CLASS="dd-description"> Network DNS configuration
 		</DD></DL>
-	</DD><DT CLASS="dt-description"><B><TT>/sbin/ejabberdctl</TT></B></DT><DD CLASS="dd-description"> Administration script (see section&#XA0;<A HREF="#ejabberdctl">4.1</A>)
+	</DD><DT CLASS="dt-description"><B><TT>/bin/ejabberdctl</TT></B></DT><DD CLASS="dd-description"> Administration script (see section&#XA0;<A HREF="#ejabberdctl">4.1</A>)
 	</DD><DT CLASS="dt-description"><B><TT>/var/lib/ejabberd/</TT></B></DT><DD CLASS="dd-description">
 		<DL CLASS="description"><DT CLASS="dt-description">
 			<B><TT>.erlang.cookie</TT></B></DT><DD CLASS="dd-description"> Erlang cookie file (see section <A HREF="#cookie">5.3</A>)
@ -380,7 +385,9 @@ to install <TT>ejabberd</TT>.</P><P>The files and directories created are, by de
 		</DD></DL>
 </DD></DL><P> <A NAME="start"></A> </P><!--TOC subsection Start-->
 <H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc13">2.4.5</A>&#XA0;&#XA0;<A HREF="#start">Start</A></H3><!--SEC END --><P> <A NAME="start"></A> 
-</P><P>You can use the <TT>ejabberdctl</TT> command line administration script to start and stop <TT>ejabberd</TT>.</P><P>Usage example:
+</P><P>You can use the <TT>ejabberdctl</TT> command line administration script to start and stop <TT>ejabberd</TT>.
+If you provided the configure option <TT>--enable-user=USER</TT> (see <A HREF="#compile">2.4.3</A>),
+you can execute <TT>ejabberdctl</TT> with either that system account or root.</P><P>Usage example:
 </P><PRE CLASS="verbatim">ejabberdctl start

 ejabberdctl status
--- a/doc/guide.tex
+++ b/doc/guide.tex
@ -324,6 +324,13 @@ Some options that you may be interested in modifying:
 	\titem{--prefix=/} 
 	Specify the path prefix where the files will be copied when running the make install command.

+	\titem{--enable-user[=USER]}
+	Allow this normal system user to execute the ejabberdctl script 
+	(see section~\ref{ejabberdctl}),
+	modify the configuration files and read log files.
+	The account must exist in the machine. It doesn't need a HOME directory.
+	If the option is not set, then only root can perform those actions.
+
 	\titem{--enable-pam} 
 	Enable the PAM authentication method (see section \ref{pam}).

@ -359,7 +366,7 @@ The files and directories created are, by default:
 			\titem{ejabberdctl.cfg} Configuration file of the administration script
 			\titem{inetrc} Network DNS configuration
 		\end{description}
-	\titem{/sbin/ejabberdctl} Administration script (see section~\ref{ejabberdctl})
+	\titem{/bin/ejabberdctl} Administration script (see section~\ref{ejabberdctl})
 	\titem{/var/lib/ejabberd/}
 		\begin{description}
 			\titem{.erlang.cookie} Erlang cookie file (see section \ref{cookie})
@ -384,6 +391,8 @@ The files and directories created are, by default:
 \ind{install!start}

 You can use the \term{ejabberdctl} command line administration script to start and stop \ejabberd{}.
+If you provided the configure option \term{--enable-user=USER} (see \ref{compile}),
+you can execute \term{ejabberdctl} with either that system account or root.

 Usage example:
 \begin{verbatim}
--- a/src/Makefile.in
+++ b/src/Makefile.in
@ -42,7 +42,7 @@ endif

 INSTALL_EPAM=
 ifeq (@pam@, pam)
-  INSTALL_EPAM=install -m 750 epam $(PBINDIR)
+  INSTALL_EPAM=install -m 750 -o @INSTALLUSER@ epam $(PBINDIR)
 endif

 prefix = @prefix@
@ -62,12 +62,13 @@ EJABBERDDIR = $(DESTDIR)@localstatedir@/lib/ejabberd
 BEAMDIR = $(EJABBERDDIR)/ebin
 SPOOLDIR = $(EJABBERDDIR)/db
 PRIVDIR = $(EJABBERDDIR)/priv
+COOKIEFILE = $(EJABBERDDIR)/.erlang.cookie
 SODIR = $(PRIVDIR)/lib
 PBINDIR = $(PRIVDIR)/bin
 MSGSDIR = $(PRIVDIR)/msgs
 LOGDIR = $(DESTDIR)@localstatedir@/log/ejabberd
 ETCDIR = $(DESTDIR)@sysconfdir@/ejabberd
-SBINDIR = $(DESTDIR)@sbindir@
+BINDIR = $(DESTDIR)@bindir@

 ifeq ($(shell uname),Darwin)
 DYNAMIC_LIB_CFLAGS = -fPIC -bundle -flat_namespace -undefined suppress
@ -117,21 +118,23 @@ install: all
 	install -m 644 *.beam $(BEAMDIR)
 	rm -f $(BEAMDIR)/configure.beam
 	install -m 644 *.app $(BEAMDIR)
-	install -d -m 750 $(SPOOLDIR)
+	install -d -m 750 -o @INSTALLUSER@ $(SPOOLDIR)
+	chown -R @INSTALLUSER@ $(SPOOLDIR)/*
+	chmod -R 750 $(SPOOLDIR)/*
 	install -d $(SODIR)
 	install -d $(PBINDIR)
 	install -m 644 *.so $(SODIR)
 	$(INSTALL_EPAM)
 	install -d $(MSGSDIR)
 	install -m 644 msgs/*.msg $(MSGSDIR)
-	install -d -m 750 $(ETCDIR)
-	[ -f $(ETCDIR)/ejabberd.cfg ] && install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new || install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
-	sed -e "s*@rootdir@*@prefix@*" ejabberdctl.template > ejabberdctl.example
-	[ -f $(ETCDIR)/ejabberdctl.cfg ] && install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new || install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
+	install -d -m 750 -o @INSTALLUSER@ $(ETCDIR)
+	[ -f $(ETCDIR)/ejabberd.cfg ] && install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new || install -b -m 644 -o @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
+	sed -e "s*@rootdir@*@prefix@*" -e "s*@installuser@*@INSTALLUSER@*" -e "s*@erl@*@ERL@*" ejabberdctl.template > ejabberdctl.example
+	[ -f $(ETCDIR)/ejabberdctl.cfg ] && install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new || install -b -m 644 -o @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
 	install -b -m 644 inetrc $(ETCDIR)/inetrc
-	install -d $(SBINDIR)
-	install -m 755 ejabberdctl.example $(SBINDIR)/ejabberdctl
-	install -d -m 750 $(LOGDIR)
+	install -m 550 -o @INSTALLUSER@ ejabberdctl.example $(BINDIR)/ejabberdctl
+	install -d -m 750 -o @INSTALLUSER@ $(LOGDIR)
+	chown @INSTALLUSER@ $(COOKIEFILE)

 uninstall: uninstall-binary

@ -140,7 +143,7 @@ uninstall-binary:
 	rm -rf $(SODIR)
 	rm -rf $(MSGSDIR)
 	rm -rf $(PRIVDIR)
-	rm -rf $(SBINDIR)/ejabberdctl
+	rm -rf $(BINDIR)/ejabberdctl

 uninstall-all: uninstall-binary
 	rm -rf $(ETCDIR)
--- a/src/configure
+++ b/src/configure
@ -702,6 +702,7 @@ transient_supervisors
 full_xml
 SSL_LIBS
 SSL_CFLAGS
+INSTALLUSER
 LTLIBOBJS'
 ac_subst_files=''
      ac_precious_vars='build_alias
@ -1303,6 +1304,8 @@ Optional Features:
                          (default: yes)
  --enable-full-xml       use XML features in XMPP stream (ex: CDATA)
                          (default: no, requires XML compliant clients)
+  --enable-user[=USER]    allow this system user to start ejabberd (default:
+                          no)

 Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@ -5864,6 +5867,19 @@ fi



+ENABLEUSER=root
+# Check whether --enable-user was given.
+if test "${enable_user+set}" = set; then
+  enableval=$enable_user; case "${enableval}" in
+     yes) ENABLEUSER=`whoami` ;;
+     *) ENABLEUSER=$enableval
+   esac
+   echo "allow this system user to start ejabberd: $ENABLEUSER"
+fi
+
+INSTALLUSER=$ENABLEUSER
+
+
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
 # tests run on this system so they can be shared between configure
@ -6591,10 +6607,11 @@ transient_supervisors!$transient_supervisors$ac_delim
 full_xml!$full_xml$ac_delim
 SSL_LIBS!$SSL_LIBS$ac_delim
 SSL_CFLAGS!$SSL_CFLAGS$ac_delim
+INSTALLUSER!$INSTALLUSER$ac_delim
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF

-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 89; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 90; then
    break
  elif $ac_last_try; then
    { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
--- a/src/configure.ac
+++ b/src/configure.ac
@ -122,4 +122,15 @@ else
 fi
 AC_CHECK_HEADER(krb5.h,,)

+ENABLEUSER=root
+AC_ARG_ENABLE(user,
+  [AS_HELP_STRING([--enable-user[[[[=USER]]]]], [allow this system user to start ejabberd (default: no)])],
+  [case "${enableval}" in
+     yes) ENABLEUSER=`whoami` ;;
+     *) ENABLEUSER=$enableval
+   esac
+   echo "allow this system user to start ejabberd: $ENABLEUSER"],
+  [])
+AC_SUBST([INSTALLUSER], [$ENABLEUSER])
+
 AC_OUTPUT
--- a/src/ejabberdctl.template
+++ b/src/ejabberdctl.template
@ -11,6 +11,8 @@ ERL_MAX_ETS_TABLES=1400
 NODE=ejabberd
 HOST=localhost
 ERLANG_NODE=$NODE@$HOST
+ERL=@erl@
+INSTALLUSER=@installuser@
 ROOTDIR=@rootdir@
 EJABBERD_CONFIG_PATH=$ROOTDIR/etc/ejabberd/ejabberd.cfg
 LOGS_DIR=$ROOTDIR/var/log/ejabberd/
@ -36,6 +38,21 @@ while [ $# -ne 0 ] ; do
    esac
 done

+# check the proper system user is used
+ID=`id -g`
+EJID=`id -g $INSTALLUSER`
+EXEC_CMD="false"
+if [ $ID -eq 0 ] ; then
+	EXEC_CMD="su ${INSTALLUSER} -c"
+fi
+if [ "$ID" -eq "$EJID" ] ; then
+	EXEC_CMD="sh -c"
+fi
+if [ "$EXEC_CMD" = "false" ] ; then
+	echo "This command can only be run by root or the user $INSTALLUSER" >&2
+	exit 1
+fi
+
 NAME=-name
 [ "$ERLANG_NODE" = "${ERLANG_NODE%.*}" ] && NAME=-sname

@ -70,9 +87,8 @@ export ERL_INETRC
 export ERL_MAX_PORTS
 export ERL_MAX_ETS_TABLES
 export HOME
+export EXEC_CMD

-[ -d $EJABBERD_DB ] || mkdir -p $EJABBERD_DB
-[ -d $LOGS_DIR ] || mkdir -p $LOGS_DIR

 # Compatibility in ZSH
 #setopt shwordsplit 2>/dev/null
@ -80,14 +96,14 @@ export HOME
 # start server
 start ()
 {
-    erl \
+    $EXEC_CMD "$ERL \
      $NAME $ERLANG_NODE \
      -noinput -detached \
      -pa $EJABBERD_EBIN \
-      -mnesia dir "\"$EJABBERD_DB\"" \
+      -mnesia dir \"\\\"$EJABBERD_DB\\\"\" \
      -s ejabberd \
-      -sasl sasl_error_logger \{file,\"$SASL_LOG_PATH\"\} \
-      $ERLANG_OPTS $ARGS "$@"
+      -sasl sasl_error_logger \\{file,\\\"$SASL_LOG_PATH\\\"\\} \
+      $ERLANG_OPTS $ARGS \"$@\""
 }

 # attach to server
@ -109,10 +125,10 @@ debug ()
    echo "Press any key to continue"
    read foo
    echo ""
-    erl \
+    $EXEC_CMD "$ERL \
      $NAME ${NODE}debug \
      -remsh $ERLANG_NODE \
-      $ERLANG_OPTS $ARGS "$@"
+      $ERLANG_OPTS $ARGS \"$@\""
 }

 # start interactive server
@ -133,22 +149,22 @@ live ()
    echo "Press any key to continue"
    read foo
    echo ""
-    erl \
+    $EXEC_CMD "$ERL \
      $NAME $ERLANG_NODE \
      -pa $EJABBERD_EBIN \
-      -mnesia dir "\"$EJABBERD_DB\"" \
+      -mnesia dir \"\\\"$EJABBERD_DB\\\"\" \
      -s ejabberd \
-      $ERLANG_OPTS $ARGS "$@"
+      $ERLANG_OPTS $ARGS \"$@\""
 }

 # common control function
 ctl ()
 {
-    erl \
+    $EXEC_CMD "$ERL \
      $NAME ejabberdctl \
      -noinput \
      -pa $EJABBERD_EBIN \
-      -s ejabberd_ctl -extra $ERLANG_NODE $@
+      -s ejabberd_ctl -extra $ERLANG_NODE $@"
    result=$?
    case $result in
    0) :;;