+2008-07-13 Badlop <badlop@process-one.net>
+
+ * src/configure.ac: Allow to execute ejabberd with a normal
+ system user (thanks to Viq)(EJAB-402)
+ * src/configure: Likewise
+ * src/ejabberdctl.template: Likewise
+ * src/Makefile.in: Likewise
+ * doc/guide.tex: Likewise
+ * doc/guide.html: Likewise
+
2008-07-12 Badlop <badlop@process-one.net>
* src/configure.ac: Improve legibility
</PRE><P>Some options that you may be interested in modifying:
</P><DL CLASS="description"><DT CLASS="dt-description">
<B><TT>--prefix=/</TT></B></DT><DD CLASS="dd-description">
- Specify the path prefix where the files will be copied when running the make install command.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description">
+ Specify the path prefix where the files will be copied when running the make install command.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description">
+ Allow this normal system user to execute the ejabberdctl script
+ (see section <A HREF="#ejabberdctl">4.1</A>),
+ modify the configuration files and read log files.
+ The account must exist in the machine. It doesn’t need a HOME directory.
+ If the option is not set, then only root can perform those actions.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description">
Enable the PAM authentication method (see section <A HREF="#pam">3.1.4</A>).<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-odbc or --enable-mssql</TT></B></DT><DD CLASS="dd-description">
Required if you want to use an external database.
See section <A HREF="#database">3.2</A> for more information.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-full-xml</TT></B></DT><DD CLASS="dd-description">
</DD><DT CLASS="dt-description"><B><TT>ejabberdctl.cfg</TT></B></DT><DD CLASS="dd-description"> Configuration file of the administration script
</DD><DT CLASS="dt-description"><B><TT>inetrc</TT></B></DT><DD CLASS="dd-description"> Network DNS configuration
</DD></DL>
- </DD><DT CLASS="dt-description"><B><TT>/
sbin/ejabberdctl</TT></B></DT><DD CLASS="dd-description"> Administration script (see section <A HREF="#ejabberdctl">4.1</A>)
+ </DD><DT CLASS="dt-description"><B><TT>/bin/ejabberdctl</TT></B></DT><DD CLASS="dd-description"> Administration script (see section <A HREF="#ejabberdctl">4.1</A>)
</DD><DT CLASS="dt-description"><B><TT>/var/lib/ejabberd/</TT></B></DT><DD CLASS="dd-description">
<DL CLASS="description"><DT CLASS="dt-description">
<B><TT>.erlang.cookie</TT></B></DT><DD CLASS="dd-description"> Erlang cookie file (see section <A HREF="#cookie">5.3</A>)
</DD></DL>
</DD></DL><P> <A NAME="start"></A> </P><!--TOC subsection Start-->
<H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc13">2.4.5</A>  <A HREF="#start">Start</A></H3><!--SEC END --><P> <A NAME="start"></A>
-</P><P>You can use the <TT>ejabberdctl</TT> command line administration script to start and stop <TT>ejabberd</TT>.</P><P>Usage example:
+</P><P>You can use the <TT>ejabberdctl</TT> command line administration script to start and stop <TT>ejabberd</TT>.
+If you provided the configure option <TT>--enable-user=USER</TT> (see <A HREF="#compile">2.4.3</A>),
+you can execute <TT>ejabberdctl</TT> with either that system account or root.</P><P>Usage example:
</P><PRE CLASS="verbatim">ejabberdctl start
ejabberdctl status
\titem{--prefix=/}
Specify the path prefix where the files will be copied when running the make install command.
+ \titem{--enable-user[=USER]}
+ Allow this normal system user to execute the ejabberdctl script
+ (see section~\ref{ejabberdctl}),
+ modify the configuration files and read log files.
+ The account must exist in the machine. It doesn't need a HOME directory.
+ If the option is not set, then only root can perform those actions.
+
\titem{--enable-pam}
Enable the PAM authentication method (see section \ref{pam}).
\titem{ejabberdctl.cfg} Configuration file of the administration script
\titem{inetrc} Network DNS configuration
\end{description}
- \titem{/sbin/ejabberdctl} Administration script (see section~\ref{ejabberdctl})
+ \titem{/bin/ejabberdctl} Administration script (see section~\ref{ejabberdctl})
\titem{/var/lib/ejabberd/}
\begin{description}
\titem{.erlang.cookie} Erlang cookie file (see section \ref{cookie})
\ind{install!start}
You can use the \term{ejabberdctl} command line administration script to start and stop \ejabberd{}.
+If you provided the configure option \term{--enable-user=USER} (see \ref{compile}),
+you can execute \term{ejabberdctl} with either that system account or root.
Usage example:
\begin{verbatim}
INSTALL_EPAM=
ifeq (@pam@, pam)
- INSTALL_EPAM=install -m 750 epam $(PBINDIR)
+ INSTALL_EPAM=install -m 750 -o @INSTALLUSER@ epam $(PBINDIR)
endif
prefix = @prefix@
BEAMDIR = $(EJABBERDDIR)/ebin
SPOOLDIR = $(EJABBERDDIR)/db
PRIVDIR = $(EJABBERDDIR)/priv
+COOKIEFILE = $(EJABBERDDIR)/.erlang.cookie
SODIR = $(PRIVDIR)/lib
PBINDIR = $(PRIVDIR)/bin
MSGSDIR = $(PRIVDIR)/msgs
LOGDIR = $(DESTDIR)@localstatedir@/log/ejabberd
ETCDIR = $(DESTDIR)@sysconfdir@/ejabberd
-SBINDIR = $(DESTDIR)@sbindir@
+BINDIR = $(DESTDIR)@bindir@
ifeq ($(shell uname),Darwin)
DYNAMIC_LIB_CFLAGS = -fPIC -bundle -flat_namespace -undefined suppress
install -m 644 *.beam $(BEAMDIR)
rm -f $(BEAMDIR)/configure.beam
install -m 644 *.app $(BEAMDIR)
- install -d -m 750 $(SPOOLDIR)
+ install -d -m 750 -o @INSTALLUSER@ $(SPOOLDIR)
+ chown -R @INSTALLUSER@ $(SPOOLDIR)/*
+ chmod -R 750 $(SPOOLDIR)/*
install -d $(SODIR)
install -d $(PBINDIR)
install -m 644 *.so $(SODIR)
$(INSTALL_EPAM)
install -d $(MSGSDIR)
install -m 644 msgs/*.msg $(MSGSDIR)
- install -d -m 750 $(ETCDIR)
- [ -f $(ETCDIR)/ejabberd.cfg ] && install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new || install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
- sed -e "s*@rootdir@*@prefix@*" ejabberdctl.template > ejabberdctl.example
- [ -f $(ETCDIR)/ejabberdctl.cfg ] && install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new || install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
+ install -d -m 750 -o @INSTALLUSER@ $(ETCDIR)
+ [ -f $(ETCDIR)/ejabberd.cfg ] && install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new || install -b -m 644 -o @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
+ sed -e "s*@rootdir@*@prefix@*" -e "s*@installuser@*@INSTALLUSER@*" -e "s*@erl@*@ERL@*" ejabberdctl.template > ejabberdctl.example
+ [ -f $(ETCDIR)/ejabberdctl.cfg ] && install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new || install -b -m 644 -o @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
install -b -m 644 inetrc $(ETCDIR)/inetrc
- install -d $(SBINDIR)
- install -m 755 ejabberdctl.example $(SBINDIR)/ejabberdctl
- install -d -m 750 $(LOGDIR)
+ install -m 550 -o @INSTALLUSER@ ejabberdctl.example $(BINDIR)/ejabberdctl
+ install -d -m 750 -o @INSTALLUSER@ $(LOGDIR)
+ chown @INSTALLUSER@ $(COOKIEFILE)
uninstall: uninstall-binary
rm -rf $(SODIR)
rm -rf $(MSGSDIR)
rm -rf $(PRIVDIR)
- rm -rf $(SBINDIR)/ejabberdctl
+ rm -rf $(BINDIR)/ejabberdctl
uninstall-all: uninstall-binary
rm -rf $(ETCDIR)
full_xml
SSL_LIBS
SSL_CFLAGS
+INSTALLUSER
LTLIBOBJS'
ac_subst_files=''
ac_precious_vars='build_alias
(default: yes)
--enable-full-xml use XML features in XMPP stream (ex: CDATA)
(default: no, requires XML compliant clients)
+ --enable-user[=USER] allow this system user to start ejabberd (default:
+ no)
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ENABLEUSER=root
+# Check whether --enable-user was given.
+if test "${enable_user+set}" = set; then
+ enableval=$enable_user; case "${enableval}" in
+ yes) ENABLEUSER=`whoami` ;;
+ *) ENABLEUSER=$enableval
+ esac
+ echo "allow this system user to start ejabberd: $ENABLEUSER"
+fi
+
+INSTALLUSER=$ENABLEUSER
+
+
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
# tests run on this system so they can be shared between configure
full_xml!$full_xml$ac_delim
SSL_LIBS!$SSL_LIBS$ac_delim
SSL_CFLAGS!$SSL_CFLAGS$ac_delim
+INSTALLUSER!$INSTALLUSER$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 89; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 90; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
fi
AC_CHECK_HEADER(krb5.h,,)
+ENABLEUSER=root
+AC_ARG_ENABLE(user,
+ [AS_HELP_STRING([--enable-user[[[[=USER]]]]], [allow this system user to start ejabberd (default: no)])],
+ [case "${enableval}" in
+ yes) ENABLEUSER=`whoami` ;;
+ *) ENABLEUSER=$enableval
+ esac
+ echo "allow this system user to start ejabberd: $ENABLEUSER"],
+ [])
+AC_SUBST([INSTALLUSER], [$ENABLEUSER])
+
AC_OUTPUT
NODE=ejabberd
HOST=localhost
ERLANG_NODE=$NODE@$HOST
+ERL=@erl@
+INSTALLUSER=@installuser@
ROOTDIR=@rootdir@
EJABBERD_CONFIG_PATH=$ROOTDIR/etc/ejabberd/ejabberd.cfg
LOGS_DIR=$ROOTDIR/var/log/ejabberd/
esac
done
+# check the proper system user is used
+ID=`id -g`
+EJID=`id -g $INSTALLUSER`
+EXEC_CMD="false"
+if [ $ID -eq 0 ] ; then
+ EXEC_CMD="su ${INSTALLUSER} -c"
+fi
+if [ "$ID" -eq "$EJID" ] ; then
+ EXEC_CMD="sh -c"
+fi
+if [ "$EXEC_CMD" = "false" ] ; then
+ echo "This command can only be run by root or the user $INSTALLUSER" >&2
+ exit 1
+fi
+
NAME=-name
[ "$ERLANG_NODE" = "${ERLANG_NODE%.*}" ] && NAME=-sname
export ERL_MAX_PORTS
export ERL_MAX_ETS_TABLES
export HOME
+export EXEC_CMD
-[ -d $EJABBERD_DB ] || mkdir -p $EJABBERD_DB
-[ -d $LOGS_DIR ] || mkdir -p $LOGS_DIR
# Compatibility in ZSH
#setopt shwordsplit 2>/dev/null
# start server
start ()
{
- erl \
+ $EXEC_CMD "$ERL \
$NAME $ERLANG_NODE \
-noinput -detached \
-pa $EJABBERD_EBIN \
- -mnesia dir "\"$EJABBERD_DB\"" \
+ -mnesia dir \"\\\"$EJABBERD_DB\\\"\" \
-s ejabberd \
- -sasl sasl_error_logger \{file,\"$SASL_LOG_PATH\"\} \
- $ERLANG_OPTS $ARGS "$@"
+ -sasl sasl_error_logger \\{file,\\\"$SASL_LOG_PATH\\\"\\} \
+ $ERLANG_OPTS $ARGS \"$@\""
}
# attach to server
echo "Press any key to continue"
read foo
echo ""
- erl \
+ $EXEC_CMD "$ERL \
$NAME ${NODE}debug \
-remsh $ERLANG_NODE \
- $ERLANG_OPTS $ARGS "$@"
+ $ERLANG_OPTS $ARGS \"$@\""
}
# start interactive server
echo "Press any key to continue"
read foo
echo ""
- erl \
+ $EXEC_CMD "$ERL \
$NAME $ERLANG_NODE \
-pa $EJABBERD_EBIN \
- -mnesia dir "\"$EJABBERD_DB\"" \
+ -mnesia dir \"\\\"$EJABBERD_DB\\\"\" \
-s ejabberd \
- $ERLANG_OPTS $ARGS "$@"
+ $ERLANG_OPTS $ARGS \"$@\""
}
# common control function
ctl ()
{
- erl \
+ $EXEC_CMD "$ERL \
$NAME ejabberdctl \
-noinput \
-pa $EJABBERD_EBIN \
- -s ejabberd_ctl -extra $ERLANG_NODE $@
+ -s ejabberd_ctl -extra $ERLANG_NODE $@"
result=$?
case $result in
0) :;;
projects / ejabberd / commitdiff