diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2006-11-03 19:09:57 +0000 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2006-11-03 19:09:57 +0000 |
| commit | b6c1f13f8ece15bf4a64c8985a5ae6f3bab14f4d (patch) | |
| tree | 8241e1fdb8c5a732a61278d195e79cdc4a6eab7e /ldap/cm/newinst | |
| parent | 4b82475ae55f3d4fae366d37b803211d70fca848 (diff) | |
| download | ds-b6c1f13f8ece15bf4a64c8985a5ae6f3bab14f4d.tar.gz ds-b6c1f13f8ece15bf4a64c8985a5ae6f3bab14f4d.tar.xz ds-b6c1f13f8ece15bf4a64c8985a5ae6f3bab14f4d.zip | |
Bug(s) fixed: 213786
Bug Description: upgrade install of ssl enabled servers changes file/dir permisssions from nobody to root
Reviewed by: nhosoi (Thanks!)
Fix Description: The ssloff and sslon operations change several files, by grep/sed to temp
files, then moving the temp files over the original ones. When done as root,
this changes the file ownership to root from the original nobody. In order to
preserve the file/directory ownership, we first figure out the instance, then
use the ownership of that dse.ldif file to determine the server user:group. We
have to do this before the call to SSLOff because SSLOff needs the user:group
to chown the files. Then, every time we create a new file and replace an
existing one, we do a chown $user:$group to preserve the existing file
ownership.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
Diffstat (limited to 'ldap/cm/newinst')
| -rwxr-xr-x | ldap/cm/newinst/setup | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/ldap/cm/newinst/setup b/ldap/cm/newinst/setup index ac2d39e2..cc38ce88 100755 --- a/ldap/cm/newinst/setup +++ b/ldap/cm/newinst/setup @@ -157,6 +157,10 @@ inffile= tmpinffile= nextisinffile= keepinffile= +# set by user or from existing files during upgrade +user= +# set by user or from existing files during upgrade +group= for arg in "$@" ; do if [ "$arg" = "-s" ]; then silent=1 @@ -227,6 +231,7 @@ adminSSLOff() { echo $conffile=$security >> $tmpfile cat $conffile | sed -e "s/^\($security\) .*/\1 off/g" > $conffile.01 mv $conffile.01 $conffile + chown $user:$group $conffile echo "$conffile: SSL off ..." fi fi @@ -248,6 +253,7 @@ adminXmlSSLOff() { echo $conffile=$confparam >> $tmpfile cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"off\"/g" > $conffile.0 mv $conffile.0 $conffile + chown $user:$group $conffile echo "$conffile: SSL off ..." fi sslparams0=`grep -i "<.*SSLPARAMS " $conffile` @@ -263,6 +269,7 @@ echo adminXmlSSLOff: SSLPARAMS off sslparams=`echo $sslparams1 | sed -e 's/\"/\\\\\"/g'` cat $conffile | sed -e "s/\($sslparams\)/\<\!-- \1 --\>/g" > $conffile.1 mv $conffile.1 $conffile + chown $user:$group $conffile fi fi } @@ -282,6 +289,7 @@ SSLOff() { $dir/stop-slapd cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 off/g" > $dir/config/dse.ldif.0 mv $dir/config/dse.ldif.0 $dir/config/dse.ldif + chown $user:$group $dir/config/dse.ldif echo "$dir/config/dse.ldif: SSL off ..." fi fi @@ -308,6 +316,7 @@ adminSSLOn() { if [ -f $conffile ]; then cat $conffile | sed -e "s/^\($confparam\) .*/\1 on/g" > $conffile.00 mv $conffile.00 $conffile + chown $user:$group $conffile echo "$conffile $confparam: SSL on ..." fi } @@ -317,6 +326,7 @@ adminXmlSSLOn() { if [ -f $conffile ]; then cat $conffile | sed -e "s/\([Ss][Ee][Cc][Uu][Rr][Ii][Tt][Yy]=\)\"[A-Za-z]*\"/\1\"on\"/g" > $conffile.2 mv $conffile.2 $conffile + chown $user:$group $conffile fi grep -i "<.*SSLPARAMS " $conffile > /dev/null 2>&1 rval=$? @@ -324,6 +334,7 @@ adminXmlSSLOn() { then cat $conffile | sed -e "s/<\!-- *$sslparams *-->/$sslparams/g" > $conffile.3 mv $conffile.3 $conffile + chown $user:$group $conffile fi echo "$conffile: SSL on ..." } @@ -336,6 +347,7 @@ SSLOn() { $dir/stop-slapd cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 on/g" > $dir/config/dse.ldif.0 mv $dir/config/dse.ldif.0 $dir/config/dse.ldif + chown $user:$group $dir/config/dse.ldif echo "$dir/config/dse.ldif: SSL on ..." echo "Restarting Directory Server: $dir/start-slapd" $dir/start-slapd @@ -370,9 +382,14 @@ SSLOn() { # check whether it is an in-place installation if [ -f $sroot/admin-serv/config/adm.conf ]; then + dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'` + if [ -f $sroot/$dsinst/config/dse.ldif ]; then + user=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $3}'` + group=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'` + fi + SSLOff - dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'` if [ -f $sroot/$dsinst/config/dse.ldif ]; then # it is an in=place installation ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"` @@ -380,8 +397,6 @@ if [ -f $sroot/admin-serv/config/adm.conf ]; then adminport=`getValFromAdminConf "\<port:" "adm.conf"` adminid=`getValFromAdmpw "admpw"` sysuser=`getValFromAdminConf "nsSuiteSpotUser:" "local.conf"` - suitespotuser=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $3}'` - suitespotgroup=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'` admindomain=`echo $ldaphost | awk -F. '{print $5 ? $2 "." $3 "." $4 "." $5: $4 ? $2 "." $3 "." $4 : $3 ? $2 "." $3 : $2 ? $2 : ""}'` if [ "$admindomain" = "" ]; then admindomain=`domainname` @@ -405,8 +420,8 @@ if [ -f $sroot/admin-serv/config/adm.conf ]; then inffile=$sroot/setup/myinstall.inf echo "[General]" > $inffile echo "FullMachineName= $ldaphost" >> $inffile - echo "SuiteSpotUserID= $suitespotuser" >> $inffile - echo "SuitespotGroup= $suitespotgroup" >> $inffile + echo "SuiteSpotUserID= $user" >> $inffile + echo "SuitespotGroup= $group" >> $inffile echo "ServerRoot= $sroot" >> $inffile echo "ConfigDirectoryLdapURL= ldap://$ldaphost:$ldapport/o=NetscapeRoot" >> $inffile echo "ConfigDirectoryAdminID= $adminid" >> $inffile |