diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2017-02-05 02:30:15 -0500 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2017-02-05 02:34:26 -0500 |
commit | fc699adadba640164cf28335e1f89ce05b596ee4 (patch) | |
tree | ee3cf654465518470296fd59369f50591ca5102c | |
parent | 2a6a7399f334f84d6c8665056d383b18222b452c (diff) |
Have webuser be a compile-time config rather than run-time.
-rw-r--r-- | Makefile | 6 | ||||
-rw-r--r-- | parabolaweb-changepassword.real.in | 11 | ||||
-rw-r--r-- | parabolaweb-reporead-inotify.in | 5 | ||||
-rw-r--r-- | parabolaweb-reporead-inotify.service.in | 1 | ||||
-rw-r--r-- | parabolaweb-reporead-rsync.in | 6 | ||||
-rw-r--r-- | parabolaweb-reporead-rsync.service.in | 1 | ||||
-rw-r--r-- | parabolaweb.conf | 3 | ||||
-rw-r--r-- | parabolaweb.ini | 2 |
8 files changed, 18 insertions, 17 deletions
@@ -13,6 +13,8 @@ uwsgidir = /etc/uwsgi pkglibexecdir = $(libexecdir)/parabolaweb-utils pkgconffile = $(sysconfdir)/parabolaweb +webuser = parabolaweb + CFLAGS += -std=c99 -Wall -Wextra -Werror -Wno-unused-parameter CPPFLAGS += -DSCRIPT_LOCATION='"$(pkglibexecdir)/parabolaweb-changepassword.real"' @@ -36,8 +38,8 @@ files.sys.all = $(targets) # Pattern rules -%: %.in .var.sbindir .var.pkgconffile - sed -e 's|@sbindir@|$(sbindir)|' -e 's|@pkgconffile@|$(pkgconffile)|' < $< > $@ +%: %.in .var.sbindir .var.pkgconffile .var.webuser + sed $(foreach v,$(patsubst .var.%,%,$(filter .var.%,$^)), -e 's|@$v@|$($v)|' ) < $< > $@ $(DESTDIR)$(sbindir)/%: % install -Dm755 $< $@ diff --git a/parabolaweb-changepassword.real.in b/parabolaweb-changepassword.real.in index 07499e8..78d526f 100644 --- a/parabolaweb-changepassword.real.in +++ b/parabolaweb-changepassword.real.in @@ -1,6 +1,6 @@ #!/bin/bash -e -# Copyright (c) 2014 Luke Shumaker <lukeshu@sbcglobal.net> +# Copyright (c) 2014, 2017 Luke Shumaker <lukeshu@sbcglobal.net> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -19,16 +19,15 @@ export PATH usage() { printf 'Usage: %s [USERNAME]\n' "${0##*/}" - printf 'A username may only be specified if run as root or WEBUSER.\n' + printf 'A username may only be specified if run as root or @webuser@.\n' } main() { . @pkgconffile@ [[ -e "${WEBDIR}/manage.py" ]] - [[ -n "${WEBUSER}" ]] local REAL_USER=$USER - if ! { [[ $SUID_USER == root ]] || [[ $SUID_USER == "$WEBUSER" ]]; }; then + if ! { [[ $SUID_USER == root ]] || [[ $SUID_USER == @webuser@ ]]; }; then unset SUDO_USER SUDO_UID SUDO_GID SUDO_COMMAND fi @@ -44,7 +43,7 @@ main() { local PERM_OF=${SUID_USER:-$REAL_USER} local username - if [[ $PERM_OF == root ]] || [[ $PERM_OF == "$WEBUSER" ]]; then + if [[ $PERM_OF == root ]] || [[ $PERM_OF == @webuser@ ]]; then if [[ $# -gt 1 ]]; then usage >&2 return 1 @@ -58,7 +57,7 @@ main() { username=$NAME_OF fi - sudo -u "${WEBUSER}" python2 "${WEBDIR}/manage.py" changepassword "${username}" + sudo -u @webuser@ python2 "${WEBDIR}/manage.py" changepassword "${username}" } main "$@" diff --git a/parabolaweb-reporead-inotify.in b/parabolaweb-reporead-inotify.in index 66934ea..c179a67 100644 --- a/parabolaweb-reporead-inotify.in +++ b/parabolaweb-reporead-inotify.in @@ -1,6 +1,6 @@ #!/bin/bash -e -# Copyright (c) 2012-2013 Luke Shumaker <lukeshu@sbcglobal.net> +# Copyright (c) 2012-2013, 2017 Luke Shumaker <lukeshu@sbcglobal.net> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -20,5 +20,4 @@ [[ -e "${WEBDIR}/manage.py" ]] [[ $# -eq 0 ]] -sudo -u "${WEBUSER:-$USER}" python2 "${WEBDIR}/manage.py" reporead_inotify \ - "${INOTIFYARGS[@]}" +python2 "${WEBDIR}/manage.py" reporead_inotify "${INOTIFYARGS[@]}" diff --git a/parabolaweb-reporead-inotify.service.in b/parabolaweb-reporead-inotify.service.in index 099db8d..c43ba78 100644 --- a/parabolaweb-reporead-inotify.service.in +++ b/parabolaweb-reporead-inotify.service.in @@ -5,6 +5,7 @@ Description=ParabolaWeb reporead_inotify daemon [Service] Type=simple +User=@webuser@ ExecStart=@sbindir@/parabolaweb-reporead-inotify [Install] diff --git a/parabolaweb-reporead-rsync.in b/parabolaweb-reporead-rsync.in index f18a412..d71cb2a 100644 --- a/parabolaweb-reporead-rsync.in +++ b/parabolaweb-reporead-rsync.in @@ -20,15 +20,15 @@ [[ -e "${WEBDIR}/manage.py" ]] [[ $# -eq 0 ]] -sudo -u "${WEBUSER:-$USER}" rsync -v --no-motd -mrtlH --no-p \ +rsync -v --no-motd -mrtlH --no-p \ --include='*/' --include='*'.files.tar.gz --exclude='*' \ --delete-after "$RSYNCSRV" "$RSYNCDIR/" r=0 -sudo -u "${WEBUSER:-$USER}" find "$RSYNCDIR" -name '*.files.tar.gz' -not -name '.*' | +find "$RSYNCDIR" -name '*.files.tar.gz' -not -name '.*' | sed -r 's|.*/([^/]+)/[^/]+$|\1 &|' | while read -r arch filename; do echo reporead "$arch" "$filename" - sudo -u "${WEBUSER:-$USER}" python2 "${WEBDIR}/manage.py" reporead "$arch" "$filename" || r=$? + python2 "${WEBDIR}/manage.py" reporead "$arch" "$filename" || r=$? done exit $r diff --git a/parabolaweb-reporead-rsync.service.in b/parabolaweb-reporead-rsync.service.in index dde3287..4b9919a 100644 --- a/parabolaweb-reporead-rsync.service.in +++ b/parabolaweb-reporead-rsync.service.in @@ -5,4 +5,5 @@ Description=ParabolaWeb rsync reporead batch job [Service] Type=oneshot +User=@webuser@ ExecStart=@sbindir@/parabolaweb-reporead-rsync diff --git a/parabolaweb.conf b/parabolaweb.conf index db88bef..2e67f72 100644 --- a/parabolaweb.conf +++ b/parabolaweb.conf @@ -1,6 +1,5 @@ -# If you change `WEBUSER` or `WEBDIR`, you should also change +# If you change `WEBDIR`, you should also change # `/etc/uwsgi/parabolaweb.ini`. -WEBUSER=parabolaweb WEBDIR=/srv/http/www.parabola.nu/web GITURL='git://git.parabola.nu/server/parabolaweb.git#branch=master' diff --git a/parabolaweb.ini b/parabolaweb.ini index d170279..40a80c8 100644 --- a/parabolaweb.ini +++ b/parabolaweb.ini @@ -2,7 +2,7 @@ master = true processes = 4 -# If you change `uid` or `wsgi-file`, you should also change +# If you change `wsgi-file`, you should also change # `/etc/conf.d/parabolaweb`. uid = %n |