From 0cbf34bda74f9374d273473d7c96e4421e3a2f5d Mon Sep 17 00:00:00 2001 From: Jason Boyer Date: Thu, 15 Oct 2020 13:50:18 -0400 Subject: [PATCH] LP1900005: Don't require a specific 'opensrf' user There's no technical reason to require a specific user beyond our instructions stating that it's the default. One thing that we should do is not allow our network services to be run as root. Additionally, autogen.sh is excluded from running as root because while that would work, it may then have to *always* be run by root or require you to change the file owner between runs. To test: Pre-patch: Use oils_ctl.sh to start SIP or z3950 as opensrf, Success. Use oils_ctl.sh to start SIP or z3950 as yourself, Failure. Use oils_ctl.sh to start SIP or z3950 as root, Failure. Run autogen.sh as opensrf, Success. Run autogen.sh as yourself, Failure. Run autogen.sh as root, Failure. Post patch: Use oils_ctl.sh to start SIP or z3950 as opensrf, Success. Use oils_ctl.sh to start SIP or z3950 as your normal user, Success. Use oils_ctl.sh to start SIP or z3950 as root, Failure. Run autogen.sh as opensrf, Success. Run autogen.sh as yourself, potential Success - IF you're able to write to the correct directory / files. Run autogen.sh as root, Failure. Signed-off-by: Jason Boyer --- Open-ILS/examples/oils_ctl.sh | 4 ++-- Open-ILS/src/extras/autogen.sh | 24 ++++++++++++++---------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/Open-ILS/examples/oils_ctl.sh b/Open-ILS/examples/oils_ctl.sh index dde70cb1fc..92ecd9b5a8 100755 --- a/Open-ILS/examples/oils_ctl.sh +++ b/Open-ILS/examples/oils_ctl.sh @@ -10,9 +10,9 @@ Z3950_LOG="LOCALSTATEDIR/log/oils_z3950.log" SIP_DIR="/opt/SIPServer"; # --------------------------------------------------------------------------- -# Make sure we're running as the correct user +# Make sure we're not running as the root user # --------------------------------------------------------------------------- -[ $(whoami) != 'opensrf' ] && echo 'Must run as user "opensrf"' && exit; +[ $(whoami) = 'root' ] && echo 'Do not run as user "root"' && exit; function usage { diff --git a/Open-ILS/src/extras/autogen.sh b/Open-ILS/src/extras/autogen.sh index 37c9d90d93..0af609a0db 100755 --- a/Open-ILS/src/extras/autogen.sh +++ b/Open-ILS/src/extras/autogen.sh @@ -21,10 +21,22 @@ set -e # Throw an error for uninitialized variables set -u +JSDIR="LOCALSTATEDIR/web/opac/common/js/"; +FMDOJODIR="LOCALSTATEDIR/web/js/dojo/fieldmapper/"; +SLIMPACDIR="LOCALSTATEDIR/web/opac/extras/slimpac/"; +SKINDIR='LOCALSTATEDIR/web/opac/skin'; + +COMPRESSOR="" # TODO: set via ./configure +#COMPRESSOR="java -jar /opt/yuicompressor-2.4.2/build/yuicompressor-2.4.2.jar" + # --------------------------------------------------------------------------- -# Make sure we're running as the correct user +# Make sure we're not root and are able to write to the destination directory # --------------------------------------------------------------------------- -[ $(whoami) != 'opensrf' ] && echo 'Must run as user "opensrf"' && exit; +[ $(whoami) = 'root' ] && echo 'Do not run as user "root"' && exit; +if [ ! -d "$JSDIR" ] || [ ! -w "$JSDIR" ]; then + echo "Not able to write to ${JSDIR}!"; + exit; +fi function usage { echo ""; @@ -66,14 +78,6 @@ while getopts "u h" flag; do done shift $((OPTIND - 1)) -JSDIR="LOCALSTATEDIR/web/opac/common/js/"; -FMDOJODIR="LOCALSTATEDIR/web/js/dojo/fieldmapper/"; -SLIMPACDIR="LOCALSTATEDIR/web/opac/extras/slimpac/"; -SKINDIR='LOCALSTATEDIR/web/opac/skin'; - -COMPRESSOR="" # TODO: set via ./configure -#COMPRESSOR="java -jar /opt/yuicompressor-2.4.2/build/yuicompressor-2.4.2.jar" - echo "Updating Evergreen organization tree and IDL" echo "" -- 2.11.0