From mboxrd@z Thu Jan 1 00:00:00 1970 From: kupcevic@sourceware.org Date: 14 Jun 2006 20:59:38 -0000 Subject: [Cluster-devel] conga/luci init.d/luci site/luci/etc/stunnel.c ... Message-ID: <20060614205938.1254.qmail@sourceware.org> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit CVSROOT: /cvs/cluster Module name: conga Changes by: kupcevic at sourceware.org 2006-06-14 20:59:37 Modified files: luci/init.d : luci luci/site/luci/etc: stunnel.conf zope.conf luci/utils : luci_admin Log message: Luci: let luci run as luci user Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/init.d/luci.diff?cvsroot=cluster&r1=1.2&r2=1.3 http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/etc/stunnel.conf.diff?cvsroot=cluster&r1=1.1&r2=1.2 http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/etc/zope.conf.diff?cvsroot=cluster&r1=1.3&r2=1.4 http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.6&r2=1.7 --- conga/luci/init.d/luci 2006/06/06 21:05:43 1.2 +++ conga/luci/init.d/luci 2006/06/14 20:59:37 1.3 @@ -24,8 +24,8 @@ LUCID="/var/lib/luci/bin/runzope" PIDFILE="/var/lib/luci/var/Z2.pid" -LUCI_USER="zope" -LUCI_GROUP="zope" +LUCI_USER="luci" +LUCI_GROUP="luci" HTTPS_PUBKEY="/var/lib/luci/var/certs/https.pem" HTTPS_PRIVKEY="/var/lib/luci/var/certs/https.key.pem" @@ -57,11 +57,13 @@ generate_https_certs() { + echo -n "generating https SSL certificates... " /usr/bin/openssl genrsa -out $HTTPS_PRIVKEY 2048 > /dev/null 2>&1 /usr/bin/openssl req -new -x509 -key $HTTPS_PRIVKEY -out $HTTPS_PUBKEY -days 1095 -config /var/lib/luci/var/certs/cacert.config /bin/chown $LUCI_USER:$LUCI_GROUP $HTTPS_PRIVKEY $HTTPS_PUBKEY /bin/chmod 600 $HTTPS_PRIVKEY /bin/chmod 644 $HTTPS_PUBKEY + echo "done" return $? } --- conga/luci/site/luci/etc/stunnel.conf 2006/06/06 21:05:43 1.1 +++ conga/luci/site/luci/etc/stunnel.conf 2006/06/14 20:59:37 1.2 @@ -1,6 +1,6 @@ cert = /var/lib/luci/var/certs/https.pem key = /var/lib/luci/var/certs/https.key.pem -setuid = zope +setuid = luci chroot = /var/lib/luci/var/stunnel pid = /pid --- conga/luci/site/luci/etc/zope.conf 2006/06/06 21:05:43 1.3 +++ conga/luci/site/luci/etc/zope.conf 2006/06/14 20:59:37 1.4 @@ -150,7 +150,7 @@ # # effective-user chrism -effective-user zope +effective-user luci # Directive: enable-product-installation # --- conga/luci/utils/luci_admin 2006/06/13 18:42:58 1.6 +++ conga/luci/utils/luci_admin 2006/06/14 20:59:37 1.7 @@ -1,6 +1,6 @@ #!/usr/bin/python -import sys, os, random, crypt, select, string +import sys, os, stat, random, crypt, select, string sys.path.extend(( '/usr/lib64/zope/lib/python', @@ -18,8 +18,8 @@ import types -LUCI_USER='zope' -LUCI_GROUP='zope' +LUCI_USER='luci' +LUCI_GROUP='luci' SSL_PRIVKEY_PATH='/var/lib/luci/var/certs/privkey.pem' SSL_PUBKEY_PATH='/var/lib/luci/var/certs/cacert.pem' @@ -27,6 +27,9 @@ LUCI_BACKUP_PATH='/var/lib/luci/var/luci_backup.xml' LUCI_DB_PATH='/var/lib/luci/var/Data.fs' +INITUSER_FILE_PATH = '/var/lib/luci/inituser' + + def luci_restore(argv): print "TODO: implement me" @@ -375,9 +378,15 @@ pswd = '{CRYPT}' + crypt.crypt(password, salt) return pswd def save_password(user, password): - inituser = file('/var/lib/luci/inituser', 'w') + inituser = file(INITUSER_FILE_PATH, 'w') + os.chmod(INITUSER_FILE_PATH, stat.S_IRUSR|stat.S_IWUSR) inituser.write(user + ':' + password) inituser.close() + + command = '/bin/chown' + args = [command, LUCI_USER, INITUSER_FILE_PATH] + _execWithCaptureErrorStatus(command, args) + return