From 871d1dfad6f16e45d8cb3aaf7347a6040c918c5d Mon Sep 17 00:00:00 2001 From: Badlop Date: Sat, 12 Jul 2008 22:02:16 +0000 Subject: [PATCH] * src/configure.ac: Allow to execute ejabberd with a normal system user (thanks to Viq)(EJAB-402) * src/configure: Likewise * src/ejabberdctl.template: Likewise * src/Makefile.in: Likewise * doc/guide.tex: Likewise * doc/guide.html: Likewise SVN Revision: 1439 --- ChangeLog | 10 ++++++++++ doc/guide.html | 13 ++++++++++--- doc/guide.tex | 11 ++++++++++- src/Makefile.in | 25 +++++++++++++----------- src/configure | 19 +++++++++++++++++- src/configure.ac | 11 +++++++++++ src/ejabberdctl.template | 42 +++++++++++++++++++++++++++------------- 7 files changed, 102 insertions(+), 29 deletions(-) diff --git a/ChangeLog b/ChangeLog index 84b6bda5d..7b4481fd6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2008-07-13 Badlop + + * src/configure.ac: Allow to execute ejabberd with a normal + system user (thanks to Viq)(EJAB-402) + * src/configure: Likewise + * src/ejabberdctl.template: Likewise + * src/Makefile.in: Likewise + * doc/guide.tex: Likewise + * doc/guide.html: Likewise + 2008-07-12 Badlop * src/configure.ac: Improve legibility diff --git a/doc/guide.html b/doc/guide.html index a3963637b..314169e10 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -339,7 +339,12 @@ To get the full list run the command:

Some options that you may be interested in modifying:

--prefix=/
- Specify the path prefix where the files will be copied when running the make install command.

--enable-pam
+ Specify the path prefix where the files will be copied when running the make install command.

--enable-user[=USER]
+ Allow this normal system user to execute the ejabberdctl script + (see section 4.1), + modify the configuration files and read log files. + The account must exist in the machine. It doesn’t need a HOME directory. + If the option is not set, then only root can perform those actions.

--enable-pam
Enable the PAM authentication method (see section 3.1.4).

--enable-odbc or --enable-mssql
Required if you want to use an external database. See section 3.2 for more information.

--enable-full-xml
@@ -360,7 +365,7 @@ to install ejabberd.

The files and directories created are, by de

ejabberdctl.cfg
Configuration file of the administration script
inetrc
Network DNS configuration
-
/sbin/ejabberdctl
Administration script (see section 4.1) +
/bin/ejabberdctl
Administration script (see section 4.1)
/var/lib/ejabberd/
.erlang.cookie
Erlang cookie file (see section 5.3) @@ -380,7 +385,9 @@ to install ejabberd.

The files and directories created are, by de

2.4.5  Start

-

You can use the ejabberdctl command line administration script to start and stop ejabberd.

Usage example: +

You can use the ejabberdctl command line administration script to start and stop ejabberd. +If you provided the configure option --enable-user=USER (see 2.4.3), +you can execute ejabberdctl with either that system account or root.

Usage example: 

ejabberdctl start
 
 ejabberdctl status
diff --git a/doc/guide.tex b/doc/guide.tex
index b5dbc41da..e7b908db1 100644
--- a/doc/guide.tex
+++ b/doc/guide.tex
@@ -324,6 +324,13 @@ Some options that you may be interested in modifying:
 	\titem{--prefix=/} 
 	Specify the path prefix where the files will be copied when running the make install command.
 
+	\titem{--enable-user[=USER]}
+	Allow this normal system user to execute the ejabberdctl script 
+	(see section~\ref{ejabberdctl}),
+	modify the configuration files and read log files.
+	The account must exist in the machine. It doesn't need a HOME directory.
+	If the option is not set, then only root can perform those actions.
+
 	\titem{--enable-pam} 
 	Enable the PAM authentication method (see section \ref{pam}).
 
@@ -359,7 +366,7 @@ The files and directories created are, by default:
 			\titem{ejabberdctl.cfg} Configuration file of the administration script
 			\titem{inetrc} Network DNS configuration
 		\end{description}
-	\titem{/sbin/ejabberdctl} Administration script (see section~\ref{ejabberdctl})
+	\titem{/bin/ejabberdctl} Administration script (see section~\ref{ejabberdctl})
 	\titem{/var/lib/ejabberd/}
 		\begin{description}
 			\titem{.erlang.cookie} Erlang cookie file (see section \ref{cookie})
@@ -384,6 +391,8 @@ The files and directories created are, by default:
 \ind{install!start}
 
 You can use the \term{ejabberdctl} command line administration script to start and stop \ejabberd{}.
+If you provided the configure option \term{--enable-user=USER} (see \ref{compile}),
+you can execute \term{ejabberdctl} with either that system account or root.
 
 Usage example:
 \begin{verbatim}
diff --git a/src/Makefile.in b/src/Makefile.in
index 607af353e..0b5b27a26 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -42,7 +42,7 @@ endif
 
 INSTALL_EPAM=
 ifeq (@pam@, pam)
-  INSTALL_EPAM=install -m 750 epam $(PBINDIR)
+  INSTALL_EPAM=install -m 750 -o @INSTALLUSER@ epam $(PBINDIR)
 endif
 
 prefix = @prefix@
@@ -62,12 +62,13 @@ EJABBERDDIR = $(DESTDIR)@localstatedir@/lib/ejabberd
 BEAMDIR = $(EJABBERDDIR)/ebin
 SPOOLDIR = $(EJABBERDDIR)/db
 PRIVDIR = $(EJABBERDDIR)/priv
+COOKIEFILE = $(EJABBERDDIR)/.erlang.cookie
 SODIR = $(PRIVDIR)/lib
 PBINDIR = $(PRIVDIR)/bin
 MSGSDIR = $(PRIVDIR)/msgs
 LOGDIR = $(DESTDIR)@localstatedir@/log/ejabberd
 ETCDIR = $(DESTDIR)@sysconfdir@/ejabberd
-SBINDIR = $(DESTDIR)@sbindir@
+BINDIR = $(DESTDIR)@bindir@
 
 ifeq ($(shell uname),Darwin)
 DYNAMIC_LIB_CFLAGS = -fPIC -bundle -flat_namespace -undefined suppress
@@ -117,21 +118,23 @@ install: all
 	install -m 644 *.beam $(BEAMDIR)
 	rm -f $(BEAMDIR)/configure.beam
 	install -m 644 *.app $(BEAMDIR)
-	install -d -m 750 $(SPOOLDIR)
+	install -d -m 750 -o @INSTALLUSER@ $(SPOOLDIR)
+	chown -R @INSTALLUSER@ $(SPOOLDIR)/*
+	chmod -R 750 $(SPOOLDIR)/*
 	install -d $(SODIR)
 	install -d $(PBINDIR)
 	install -m 644 *.so $(SODIR)
 	$(INSTALL_EPAM)
 	install -d $(MSGSDIR)
 	install -m 644 msgs/*.msg $(MSGSDIR)
-	install -d -m 750 $(ETCDIR)
-	[ -f $(ETCDIR)/ejabberd.cfg ] && install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new || install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
-	sed -e "s*@rootdir@*@prefix@*" ejabberdctl.template > ejabberdctl.example
-	[ -f $(ETCDIR)/ejabberdctl.cfg ] && install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new || install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
+	install -d -m 750 -o @INSTALLUSER@ $(ETCDIR)
+	[ -f $(ETCDIR)/ejabberd.cfg ] && install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new || install -b -m 644 -o @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg
+	sed -e "s*@rootdir@*@prefix@*" -e "s*@installuser@*@INSTALLUSER@*" -e "s*@erl@*@ERL@*" ejabberdctl.template > ejabberdctl.example
+	[ -f $(ETCDIR)/ejabberdctl.cfg ] && install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new || install -b -m 644 -o @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg
 	install -b -m 644 inetrc $(ETCDIR)/inetrc
-	install -d $(SBINDIR)
-	install -m 755 ejabberdctl.example $(SBINDIR)/ejabberdctl
-	install -d -m 750 $(LOGDIR)
+	install -m 550 -o @INSTALLUSER@ ejabberdctl.example $(BINDIR)/ejabberdctl
+	install -d -m 750 -o @INSTALLUSER@ $(LOGDIR)
+	chown @INSTALLUSER@ $(COOKIEFILE)
 
 uninstall: uninstall-binary
 
@@ -140,7 +143,7 @@ uninstall-binary:
 	rm -rf $(SODIR)
 	rm -rf $(MSGSDIR)
 	rm -rf $(PRIVDIR)
-	rm -rf $(SBINDIR)/ejabberdctl
+	rm -rf $(BINDIR)/ejabberdctl
 
 uninstall-all: uninstall-binary
 	rm -rf $(ETCDIR)
diff --git a/src/configure b/src/configure
index e484e110c..5b0fda4e9 100755
--- a/src/configure
+++ b/src/configure
@@ -702,6 +702,7 @@ transient_supervisors
 full_xml
 SSL_LIBS
 SSL_CFLAGS
+INSTALLUSER
 LTLIBOBJS'
 ac_subst_files=''
       ac_precious_vars='build_alias
@@ -1303,6 +1304,8 @@ Optional Features:
                           (default: yes)
   --enable-full-xml       use XML features in XMPP stream (ex: CDATA)
                           (default: no, requires XML compliant clients)
+  --enable-user[=USER]    allow this system user to start ejabberd (default:
+                          no)
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -5864,6 +5867,19 @@ fi
 
 
 
+ENABLEUSER=root
+# Check whether --enable-user was given.
+if test "${enable_user+set}" = set; then
+  enableval=$enable_user; case "${enableval}" in
+     yes) ENABLEUSER=`whoami` ;;
+     *) ENABLEUSER=$enableval
+   esac
+   echo "allow this system user to start ejabberd: $ENABLEUSER"
+fi
+
+INSTALLUSER=$ENABLEUSER
+
+
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
 # tests run on this system so they can be shared between configure
@@ -6591,10 +6607,11 @@ transient_supervisors!$transient_supervisors$ac_delim
 full_xml!$full_xml$ac_delim
 SSL_LIBS!$SSL_LIBS$ac_delim
 SSL_CFLAGS!$SSL_CFLAGS$ac_delim
+INSTALLUSER!$INSTALLUSER$ac_delim
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
 
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 89; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 90; then
     break
   elif $ac_last_try; then
     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
diff --git a/src/configure.ac b/src/configure.ac
index 15d099dc2..f474bfdb2 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -122,4 +122,15 @@ else
 fi
 AC_CHECK_HEADER(krb5.h,,)
 
+ENABLEUSER=root
+AC_ARG_ENABLE(user,
+  [AS_HELP_STRING([--enable-user[[[[=USER]]]]], [allow this system user to start ejabberd (default: no)])],
+  [case "${enableval}" in
+     yes) ENABLEUSER=`whoami` ;;
+     *) ENABLEUSER=$enableval
+   esac
+   echo "allow this system user to start ejabberd: $ENABLEUSER"],
+  [])
+AC_SUBST([INSTALLUSER], [$ENABLEUSER])
+
 AC_OUTPUT
diff --git a/src/ejabberdctl.template b/src/ejabberdctl.template
index fc768fe3d..4b8e505fe 100644
--- a/src/ejabberdctl.template
+++ b/src/ejabberdctl.template
@@ -11,6 +11,8 @@ ERL_MAX_ETS_TABLES=1400
 NODE=ejabberd
 HOST=localhost
 ERLANG_NODE=$NODE@$HOST
+ERL=@erl@
+INSTALLUSER=@installuser@
 ROOTDIR=@rootdir@
 EJABBERD_CONFIG_PATH=$ROOTDIR/etc/ejabberd/ejabberd.cfg
 LOGS_DIR=$ROOTDIR/var/log/ejabberd/
@@ -36,6 +38,21 @@ while [ $# -ne 0 ] ; do
     esac
 done
 
+# check the proper system user is used
+ID=`id -g`
+EJID=`id -g $INSTALLUSER`
+EXEC_CMD="false"
+if [ $ID -eq 0 ] ; then
+	EXEC_CMD="su ${INSTALLUSER} -c"
+fi
+if [ "$ID" -eq "$EJID" ] ; then
+	EXEC_CMD="sh -c"
+fi
+if [ "$EXEC_CMD" = "false" ] ; then
+	echo "This command can only be run by root or the user $INSTALLUSER" >&2
+	exit 1
+fi
+
 NAME=-name
 [ "$ERLANG_NODE" = "${ERLANG_NODE%.*}" ] && NAME=-sname
 
@@ -70,9 +87,8 @@ export ERL_INETRC
 export ERL_MAX_PORTS
 export ERL_MAX_ETS_TABLES
 export HOME
+export EXEC_CMD
 
-[ -d $EJABBERD_DB ] || mkdir -p $EJABBERD_DB
-[ -d $LOGS_DIR ] || mkdir -p $LOGS_DIR
 
 # Compatibility in ZSH
 #setopt shwordsplit 2>/dev/null
@@ -80,14 +96,14 @@ export HOME
 # start server
 start ()
 {
-    erl \
+    $EXEC_CMD "$ERL \
       $NAME $ERLANG_NODE \
       -noinput -detached \
       -pa $EJABBERD_EBIN \
-      -mnesia dir "\"$EJABBERD_DB\"" \
+      -mnesia dir \"\\\"$EJABBERD_DB\\\"\" \
       -s ejabberd \
-      -sasl sasl_error_logger \{file,\"$SASL_LOG_PATH\"\} \
-      $ERLANG_OPTS $ARGS "$@"
+      -sasl sasl_error_logger \\{file,\\\"$SASL_LOG_PATH\\\"\\} \
+      $ERLANG_OPTS $ARGS \"$@\""
 }
 
 # attach to server
@@ -109,10 +125,10 @@ debug ()
     echo "Press any key to continue"
     read foo
     echo ""
-    erl \
+    $EXEC_CMD "$ERL \
       $NAME ${NODE}debug \
       -remsh $ERLANG_NODE \
-      $ERLANG_OPTS $ARGS "$@"
+      $ERLANG_OPTS $ARGS \"$@\""
 }
 
 # start interactive server
@@ -133,22 +149,22 @@ live ()
     echo "Press any key to continue"
     read foo
     echo ""
-    erl \
+    $EXEC_CMD "$ERL \
       $NAME $ERLANG_NODE \
       -pa $EJABBERD_EBIN \
-      -mnesia dir "\"$EJABBERD_DB\"" \
+      -mnesia dir \"\\\"$EJABBERD_DB\\\"\" \
       -s ejabberd \
-      $ERLANG_OPTS $ARGS "$@"
+      $ERLANG_OPTS $ARGS \"$@\""
 }
 
 # common control function
 ctl ()
 {
-    erl \
+    $EXEC_CMD "$ERL \
       $NAME ejabberdctl \
       -noinput \
       -pa $EJABBERD_EBIN \
-      -s ejabberd_ctl -extra $ERLANG_NODE $@
+      -s ejabberd_ctl -extra $ERLANG_NODE $@"
     result=$?
     case $result in
     0) :;;
-- 
2.40.0