2008-07-14 Badlop <badlop@process-one.net>
+ * doc/guide.tex: Update what permissions does enable-user grant
+ * doc/guide.html: Likewise
+
+ * src/configure.ac: Don't explicitely put root privileges when a
+ user is not explicitely enabled
+ * src/configure: Likewise
+ * src/Makefile.in: Likewise
+
* src/Makefile.in: Fix docdir so it recognizes prefix. If sbin dir
does not exist, create it. Fix cookiefile permission
check. (EJAB-696)
</PRE><P>Some options that you may be interested in modifying:
</P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>--prefix=/</TT></B></DT><DD CLASS="dd-description">
- Specify the path prefix where the files will be copied when running the make install command.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description">
+ Specify the path prefix where the files will be copied when running
+ the <TT>make install</TT> command.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description">
Allow this normal system user to execute the ejabberdctl script
(see section <A HREF="#ejabberdctl">4.1</A>),
- modify the configuration files and read log files.
- The account must exist in the machine. It doesn’t need a HOME directory.
- If the option is not set, then only root can perform those actions.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description">
+ read the configuration files,
+ read and write in the spool directory,
+ read and write in the log directory.
+ The account user and group must exist in the machine
+ before running <TT>make install</TT>.
+ This account doesn’t need an explicit HOME directory, because
+ <TT>/var/lib/ejabberd/</TT> will be used by default.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description">
Enable the PAM authentication method (see section <A HREF="#pam">3.1.4</A>).<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-odbc or --enable-mssql</TT></B></DT><DD CLASS="dd-description">
Required if you want to use an external database.
See section <A HREF="#database">3.2</A> for more information.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-full-xml</TT></B></DT><DD CLASS="dd-description">
Some options that you may be interested in modifying:
\begin{description}
\titem{--prefix=/}
- Specify the path prefix where the files will be copied when running the make install command.
+ Specify the path prefix where the files will be copied when running
+ the \term{make install} command.
\titem{--enable-user[=USER]}
Allow this normal system user to execute the ejabberdctl script
(see section~\ref{ejabberdctl}),
- modify the configuration files and read log files.
- The account must exist in the machine. It doesn't need a HOME directory.
- If the option is not set, then only root can perform those actions.
+ read the configuration files,
+ read and write in the spool directory,
+ read and write in the log directory.
+ The account user and group must exist in the machine
+ before running \term{make install}.
+ This account doesn't need an explicit HOME directory, because
+ \term{/var/lib/ejabberd/} will be used by default.
\titem{--enable-pam}
Enable the PAM authentication method (see section \ref{pam}).
ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj
+INSTALLUSER=@INSTALLUSER@
+# if no user was enabled, don't set privileges or ownership
+ifeq ($(INSTALLUSER),)
+ O_USER=
+ G_USER=
+ CHOWN_COMMAND=echo
+ CHOWN_OUTPUT=/dev/null
+else
+ O_USER=-o $(INSTALLUSER)
+ G_USER=-g $(INSTALLUSER)
+ CHOWN_COMMAND=chown
+ CHOWN_OUTPUT=&1
+endif
+
EFLAGS += @ERLANG_SSL39@
EFLAGS += -I ../include
INSTALL_EPAM=
ifeq (@pam@, pam)
- INSTALL_EPAM=install -m 750 -o @INSTALLUSER@ epam $(PBINDIR)
+ INSTALL_EPAM=install -m 750 $(O_USER) epam $(PBINDIR)
endif
prefix = @prefix@
$(DYNAMIC_LIB_CFLAGS)
install: all
+ echo "AA: '$(AA)'"
#
# Configuration files
- install -d -m 750 -g @INSTALLUSER@ $(ETCDIR)
+ install -d -m 750 $(G_USER) $(ETCDIR)
[ -f $(ETCDIR)/ejabberd.cfg ] \
- && install -b -m 640 -g @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new \
- || install -b -m 640 -g @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
+ && install -b -m 640 $(G_USER) ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new \
+ || install -b -m 640 $(G_USER) ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
sed -e "s*@rootdir@*@prefix@*" \
-e "s*@installuser@*@INSTALLUSER@*" \
-e "s*@LIBDIR@*@libdir@*" \
-e "s*@erl@*@ERL@*" ejabberdctl.template \
> ejabberdctl.example
[ -f $(ETCDIR)/ejabberdctl.cfg ] \
- && install -b -m 640 -g @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \
- || install -b -m 640 -g @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
- install -b -m 644 -g @INSTALLUSER@ inetrc $(ETCDIR)/inetrc
+ && install -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new \
+ || install -b -m 640 $(G_USER) ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
+ install -b -m 644 $(G_USER) inetrc $(ETCDIR)/inetrc
#
# Administration script
[ -d $(SBINDIR) ] || install -d 750 $(SBINDIR)
- install -m 550 -g @INSTALLUSER@ ejabberdctl.example $(SBINDIR)/ejabberdctl
+ install -m 550 $(G_USER) ejabberdctl.example $(SBINDIR)/ejabberdctl
#
# Binary Erlang files
install -d $(BEAMDIR)
install -m 644 msgs/*.msg $(MSGSDIR)
#
# Spool directory
- install -d -m 750 -o @INSTALLUSER@ $(SPOOLDIR)
- chown -R @INSTALLUSER@ $(SPOOLDIR)
+ install -d -m 750 $(O_USER) $(SPOOLDIR)
+ $(CHOWN_COMMAND) -R @INSTALLUSER@ $(SPOOLDIR) >$(CHOWN_OUTPUT)
chmod -R 750 $(SPOOLDIR)
- [ ! -f $(COOKIEFILE) ] || { chown @INSTALLUSER@ $(COOKIEFILE) ; chmod 400 $(COOKIEFILE) ; }
+ [ ! -f $(COOKIEFILE) ] || { $(CHOWN_COMMAND) @INSTALLUSER@ $(COOKIEFILE) >$(CHOWN_OUTPUT) ; chmod 400 $(COOKIEFILE) ; }
#
# Log directory
- install -d -m 750 -o @INSTALLUSER@ $(LOGDIR)
- chown -R @INSTALLUSER@ $(LOGDIR)
+ install -d -m 750 $(O_USER) $(LOGDIR)
+ $(CHOWN_COMMAND) -R @INSTALLUSER@ $(LOGDIR) >$(CHOWN_OUTPUT)
chmod -R 750 $(LOGDIR)
#
# Documentation
-ENABLEUSER=root
+ENABLEUSER=""
# Check whether --enable-user was given.
if test "${enable_user+set}" = set; then
enableval=$enable_user; case "${enableval}" in
yes) ENABLEUSER=`whoami` ;;
+ no) ENABLEUSER="" ;;
*) ENABLEUSER=$enableval
esac
- echo "allow this system user to start ejabberd: $ENABLEUSER"
fi
-INSTALLUSER=$ENABLEUSER
+if test "$ENABLEUSER" != ""; then
+ echo "allow this system user to start ejabberd: $ENABLEUSER"
+ INSTALLUSER=$ENABLEUSER
+fi
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
fi
AC_CHECK_HEADER(krb5.h,,)
-ENABLEUSER=root
+ENABLEUSER=""
AC_ARG_ENABLE(user,
[AS_HELP_STRING([--enable-user[[[[=USER]]]]], [allow this system user to start ejabberd (default: no)])],
[case "${enableval}" in
yes) ENABLEUSER=`whoami` ;;
+ no) ENABLEUSER="" ;;
*) ENABLEUSER=$enableval
- esac
- echo "allow this system user to start ejabberd: $ENABLEUSER"],
+ esac],
[])
-AC_SUBST([INSTALLUSER], [$ENABLEUSER])
+if test "$ENABLEUSER" != ""; then
+ echo "allow this system user to start ejabberd: $ENABLEUSER"
+ AC_SUBST([INSTALLUSER], [$ENABLEUSER])
+fi
AC_OUTPUT
projects / ejabberd / commitdiff