LP1900005: Don't require a specific 'opensrf' user
authorJason Boyer <JBoyer@equinoxinitiative.org>
Thu, 15 Oct 2020 17:50:18 +0000 (13:50 -0400)
committerJane Sandberg <sandbergja@gmail.com>
Sun, 27 Mar 2022 20:39:55 +0000 (13:39 -0700)
There's no technical reason to require a specific user beyond our
instructions stating that it's the default. One thing that we should
do is not allow our network services to be run as root.
Additionally, autogen.sh is excluded from running as root because while
that would work, it may then have to *always* be run by root or
require you to change the file owner between runs.

NOTE: We check for the user by id rather than name, as there's no rule
saying user 0 must be called "root" on Linux.

NOTE: This also cleans up and unifies the the coding style and removes
some dead code in autogen.sh.

To test:
Pre-patch:
Use oils_ctl.sh to start SIP or z3950 as opensrf, Success.
Use oils_ctl.sh to start SIP or z3950 as yourself, Failure.
Use oils_ctl.sh to start SIP or z3950 as root, Failure.
Run autogen.sh as opensrf, Success.
Run autogen.sh as yourself, Failure.
Run autogen.sh as root, Failure.

Post patch:
Use oils_ctl.sh to start SIP or z3950 as opensrf, Success.
Use oils_ctl.sh to start SIP or z3950 as your normal user, Success.
Use oils_ctl.sh to start SIP or z3950 as root, Failure.
Run autogen.sh as opensrf, Success.
Run autogen.sh as yourself, potential Success - IF you're able to write to the correct directory / files.
Run autogen.sh as root, Failure.

Signed-off-by: Jason Boyer <JBoyer@equinoxinitiative.org>
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Open-ILS/examples/oils_ctl.sh
Open-ILS/src/extras/autogen.sh

index 01e297b..c6bab4b 100755 (executable)
@@ -17,9 +17,9 @@ else
 fi
 
 # ---------------------------------------------------------------------------
-# Make sure we're running as the correct user
+# Make sure we're not running as the root user
 # ---------------------------------------------------------------------------
-[ $(whoami) != 'opensrf' ] && echo 'Must run as user "opensrf"' && exit;
+[ `id -u` -eq 0 ] && echo 'Not to be run as root' && exit 1;
 
 
 function usage {
index 37c9d90..7cf9502 100755 (executable)
@@ -21,115 +21,148 @@ set -e
 # Throw an error for uninitialized variables
 set -u
 
+JSDIR="LOCALSTATEDIR/web/opac/common/js"
+FMDOJODIR="LOCALSTATEDIR/web/js/dojo/fieldmapper"
+SLIMPACDIR="LOCALSTATEDIR/web/opac/extras/slimpac"
+
 # ---------------------------------------------------------------------------
-# Make sure we're running as the correct user
+# Make sure we're not root and are able to write to the destination directory
 # ---------------------------------------------------------------------------
-[ $(whoami) != 'opensrf' ] && echo 'Must run as user "opensrf"' && exit;
+[ `id -u` -eq 0 ] && echo 'Not to be run as root' && exit 1
 
 function usage {
-       echo "";
-       echo "usage: $0 [-u]";
-       echo "";
-       echo "Updates the Evergreen organization tree and fieldmapper IDL.";
-       echo "Run this every time you change the Evergreen organization tree";
-       echo "or update fm_IDL.xml";
-       echo "";
-       echo "Optional parameters:";
-       echo -e "  -u\t\tupdate proximity of library sites in organization tree";
-       echo -e "    \t\t(this is expensive for a large organization tree)";
-       echo "";
-       echo "Examples:";
-       echo "";
-       echo "  Update organization tree and fieldmapper IDL:";
-       echo "    $0";
-       echo "";
-       echo "  Update organization tree and refresh proximity:";
-       echo "    $0 -u";
-       echo "";
+    echo ""
+    echo "usage: $0 [-u]"
+    echo ""
+    echo "Updates the Evergreen organization tree and fieldmapper IDL."
+    echo "Run this every time you change the Evergreen organization tree"
+    echo "or update fm_IDL.xml"
+    echo ""
+    echo "Optional parameters:"
+    echo -e "  -u\t\tupdate proximity of library sites in organization tree"
+    echo -e "    \t\t(this is expensive for a large organization tree)"
+    echo ""
+    echo "Examples:"
+    echo ""
+    echo "  Update organization tree and fieldmapper IDL:"
+    echo "    $0"
+    echo ""
+    echo "  Update organization tree and refresh proximity:"
+    echo "    $0 -u"
+    echo ""
+}
+
+function check_dir_writable {
+    if [ ! -d "$1" ] || [ ! -w "$1" ]; then
+        echo "Unable to write to ${1}, please check"
+        OHNO=1
+    fi
 }
 
+function check_files_writable {
+    # Since we already know the directories are writable there's only
+    # a problem if the file(s) already exist *and* for some reason isn't writable.
+
+    # This may be passed a single filename or a glob for simplicity.
+    for F in `ls $1 2>/dev/null`
+    do
+          if [ -f "$F" ] && [ ! -w "$F" ]; then
+              echo "Unable to write to ${F}, please check"
+              OHNO=1
+          fi
+    done
+}
+
+OHNO=0
+
+# Verify we're able to write everywhere we need
+for DIR in "$JSDIR" "$FMDOJODIR" "$SLIMPACDIR"
+do
+    check_dir_writable "$DIR"
+done
+
+for FILE in "$JSDIR/fmall.js" "$JSDIR/fmcore.js" "$JSDIR/*/OrgTree.js" "$SLIMPACDIR/*/lib_list.inc" "$SLIMPACDIR/locales.inc" "LOCALSTATEDIR/web/eg_cache_hash"
+do
+    check_files_writable "$FILE"
+done
+
+# Bail on badness
+[ $OHNO -eq 0 ] || exit 1
+
 (
 
 cd "BINDIR"
 
 # Initialize our variables
-PROXIMITY="";
+PROXIMITY=""
 
 # ---------------------------------------------------------------------------
 # Load the command line options and set the global vars
 # ---------------------------------------------------------------------------
 while getopts  "u h" flag; do
-       case $flag in   
-               "u")            PROXIMITY="REFRESH";;
-               "h")            usage && exit;;
-       esac;
+    case $flag in    
+        "u")        PROXIMITY="REFRESH";;
+        "h")        usage && exit;;
+    esac
 done
 shift $((OPTIND - 1))
 
-JSDIR="LOCALSTATEDIR/web/opac/common/js/";
-FMDOJODIR="LOCALSTATEDIR/web/js/dojo/fieldmapper/";
-SLIMPACDIR="LOCALSTATEDIR/web/opac/extras/slimpac/";
-SKINDIR='LOCALSTATEDIR/web/opac/skin';
-
-COMPRESSOR="" # TODO: set via ./configure
-#COMPRESSOR="java -jar /opt/yuicompressor-2.4.2/build/yuicompressor-2.4.2.jar"
-
 echo "Updating Evergreen organization tree and IDL"
 echo ""
 
 OUTFILE="$JSDIR/fmall.js"
-echo "Updating fieldmapper";
+echo "Updating fieldmapper"
 perl -MOpenILS::Utils::Configure -e 'print OpenILS::Utils::Configure::fieldmapper();' > "$OUTFILE"
 cp "$OUTFILE" "$FMDOJODIR/"
 echo " -> $OUTFILE"
 OUTFILES="$OUTFILE"
 
 OUTFILE="$JSDIR/fmcore.js"
-echo "Updating web_fieldmapper";
+echo "Updating web_fieldmapper"
 perl -MOpenILS::Utils::Configure -e 'print OpenILS::Utils::Configure::fieldmapper("web_core");' > "$OUTFILE"
 echo " -> $OUTFILE"
 OUTFILES="$OUTFILES $OUTFILE"
 
 OUTFILE="$JSDIR/*/OrgTree.js"
-echo "Updating OrgTree";
+echo "Updating OrgTree"
 perl -MOpenILS::Utils::Configure -e "OpenILS::Utils::Configure::org_tree_js('$JSDIR', 'OrgTree.js');"
 cp "$JSDIR/en-US/OrgTree.js" "$FMDOJODIR/"
 echo " -> $OUTFILE"
 OUTFILES="$OUTFILES $OUTFILE"
 
 OUTFILE="$SLIMPACDIR/*/lib_list.inc"
-echo "Updating OrgTree HTML";
+echo "Updating OrgTree HTML"
 perl -MOpenILS::Utils::Configure -e "OpenILS::Utils::Configure::org_tree_html_options('$SLIMPACDIR', 'lib_list.inc');"
 echo " -> $OUTFILE"
 OUTFILES="$OUTFILES $OUTFILE"
 
 OUTFILE="$SLIMPACDIR/locales.inc"
-echo "Updating locales selection HTML";
+echo "Updating locales selection HTML"
 perl -MOpenILS::Utils::Configure -e "print OpenILS::Utils::Configure::locale_html_options();" > "$OUTFILE"
 echo " -> $OUTFILE"
 OUTFILES="$OUTFILES $OUTFILE"
 
 if [ ! -z "$PROXIMITY" ]
 then
-       echo "Refreshing proximity of org units";
-       perl -MOpenILS::Utils::Configure -e "OpenILS::Utils::Configure::org_tree_proximity();"
+    echo "Refreshing proximity of org units"
+    perl -MOpenILS::Utils::Configure -e "OpenILS::Utils::Configure::org_tree_proximity();"
 fi
 
 # Generate a hash of the generated files
 (
-       date +%Y%m%d
-       for file in `ls -1 $OUTFILES`; do
-               if [[ -n $file && -f $file ]]
-               then
-                       md5sum $file
-               fi
-       done
+    date +%Y%m%d
+    for file in `ls -1 $OUTFILES`; do
+        if [[ -n $file && -f $file ]]
+        then
+            md5sum $file
+        fi
+    done
 ) | md5sum | cut -f1 -d' ' | cut -b 27-32 > LOCALSTATEDIR/web/eg_cache_hash
 
 echo
 echo -n "Current Evergreen cache key: "
 cat LOCALSTATEDIR/web/eg_cache_hash
 
-echo "Done";
+echo "Done"
 
 )