diff options
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | doc/guide.html | 13 | ||||
-rw-r--r-- | doc/guide.tex | 11 | ||||
-rw-r--r-- | src/Makefile.in | 25 | ||||
-rwxr-xr-x | src/configure | 19 | ||||
-rw-r--r-- | src/configure.ac | 11 | ||||
-rw-r--r-- | src/ejabberdctl.template | 42 |
7 files changed, 102 insertions, 29 deletions
@@ -1,3 +1,13 @@ +2008-07-13 Badlop <badlop@process-one.net> + + * src/configure.ac: Allow to execute ejabberd with a normal + system user (thanks to Viq)(EJAB-402) + * src/configure: Likewise + * src/ejabberdctl.template: Likewise + * src/Makefile.in: Likewise + * doc/guide.tex: Likewise + * doc/guide.html: Likewise + 2008-07-12 Badlop <badlop@process-one.net> * src/configure.ac: Improve legibility diff --git a/doc/guide.html b/doc/guide.html index a3963637..314169e1 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -339,7 +339,12 @@ To get the full list run the command: </PRE><P>Some options that you may be interested in modifying: </P><DL CLASS="description"><DT CLASS="dt-description"> <B><TT>--prefix=/</TT></B></DT><DD CLASS="dd-description"> - Specify the path prefix where the files will be copied when running the make install command.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description"> + Specify the path prefix where the files will be copied when running the make install command.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-user[=USER]</TT></B></DT><DD CLASS="dd-description"> + Allow this normal system user to execute the ejabberdctl script + (see section <A HREF="#ejabberdctl">4.1</A>), + modify the configuration files and read log files. + The account must exist in the machine. It doesn’t need a HOME directory. + If the option is not set, then only root can perform those actions.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-pam</TT></B></DT><DD CLASS="dd-description"> Enable the PAM authentication method (see section <A HREF="#pam">3.1.4</A>).<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-odbc or --enable-mssql</TT></B></DT><DD CLASS="dd-description"> Required if you want to use an external database. See section <A HREF="#database">3.2</A> for more information.<P> </P></DD><DT CLASS="dt-description"><B><TT>--enable-full-xml</TT></B></DT><DD CLASS="dd-description"> @@ -360,7 +365,7 @@ to install <TT>ejabberd</TT>.</P><P>The files and directories created are, by de </DD><DT CLASS="dt-description"><B><TT>ejabberdctl.cfg</TT></B></DT><DD CLASS="dd-description"> Configuration file of the administration script </DD><DT CLASS="dt-description"><B><TT>inetrc</TT></B></DT><DD CLASS="dd-description"> Network DNS configuration </DD></DL> - </DD><DT CLASS="dt-description"><B><TT>/sbin/ejabberdctl</TT></B></DT><DD CLASS="dd-description"> Administration script (see section <A HREF="#ejabberdctl">4.1</A>) + </DD><DT CLASS="dt-description"><B><TT>/bin/ejabberdctl</TT></B></DT><DD CLASS="dd-description"> Administration script (see section <A HREF="#ejabberdctl">4.1</A>) </DD><DT CLASS="dt-description"><B><TT>/var/lib/ejabberd/</TT></B></DT><DD CLASS="dd-description"> <DL CLASS="description"><DT CLASS="dt-description"> <B><TT>.erlang.cookie</TT></B></DT><DD CLASS="dd-description"> Erlang cookie file (see section <A HREF="#cookie">5.3</A>) @@ -380,7 +385,9 @@ to install <TT>ejabberd</TT>.</P><P>The files and directories created are, by de </DD></DL> </DD></DL><P> <A NAME="start"></A> </P><!--TOC subsection Start--> <H3 CLASS="subsection"><!--SEC ANCHOR --><A NAME="htoc13">2.4.5</A>  <A HREF="#start">Start</A></H3><!--SEC END --><P> <A NAME="start"></A> -</P><P>You can use the <TT>ejabberdctl</TT> command line administration script to start and stop <TT>ejabberd</TT>.</P><P>Usage example: +</P><P>You can use the <TT>ejabberdctl</TT> command line administration script to start and stop <TT>ejabberd</TT>. +If you provided the configure option <TT>--enable-user=USER</TT> (see <A HREF="#compile">2.4.3</A>), +you can execute <TT>ejabberdctl</TT> with either that system account or root.</P><P>Usage example: </P><PRE CLASS="verbatim">ejabberdctl start ejabberdctl status diff --git a/doc/guide.tex b/doc/guide.tex index b5dbc41d..e7b908db 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -324,6 +324,13 @@ Some options that you may be interested in modifying: \titem{--prefix=/} Specify the path prefix where the files will be copied when running the make install command. + \titem{--enable-user[=USER]} + Allow this normal system user to execute the ejabberdctl script + (see section~\ref{ejabberdctl}), + modify the configuration files and read log files. + The account must exist in the machine. It doesn't need a HOME directory. + If the option is not set, then only root can perform those actions. + \titem{--enable-pam} Enable the PAM authentication method (see section \ref{pam}). @@ -359,7 +366,7 @@ The files and directories created are, by default: \titem{ejabberdctl.cfg} Configuration file of the administration script \titem{inetrc} Network DNS configuration \end{description} - \titem{/sbin/ejabberdctl} Administration script (see section~\ref{ejabberdctl}) + \titem{/bin/ejabberdctl} Administration script (see section~\ref{ejabberdctl}) \titem{/var/lib/ejabberd/} \begin{description} \titem{.erlang.cookie} Erlang cookie file (see section \ref{cookie}) @@ -384,6 +391,8 @@ The files and directories created are, by default: \ind{install!start} You can use the \term{ejabberdctl} command line administration script to start and stop \ejabberd{}. +If you provided the configure option \term{--enable-user=USER} (see \ref{compile}), +you can execute \term{ejabberdctl} with either that system account or root. Usage example: \begin{verbatim} diff --git a/src/Makefile.in b/src/Makefile.in index 607af353..0b5b27a2 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -42,7 +42,7 @@ endif INSTALL_EPAM= ifeq (@pam@, pam) - INSTALL_EPAM=install -m 750 epam $(PBINDIR) + INSTALL_EPAM=install -m 750 -o @INSTALLUSER@ epam $(PBINDIR) endif prefix = @prefix@ @@ -62,12 +62,13 @@ EJABBERDDIR = $(DESTDIR)@localstatedir@/lib/ejabberd BEAMDIR = $(EJABBERDDIR)/ebin SPOOLDIR = $(EJABBERDDIR)/db PRIVDIR = $(EJABBERDDIR)/priv +COOKIEFILE = $(EJABBERDDIR)/.erlang.cookie SODIR = $(PRIVDIR)/lib PBINDIR = $(PRIVDIR)/bin MSGSDIR = $(PRIVDIR)/msgs LOGDIR = $(DESTDIR)@localstatedir@/log/ejabberd ETCDIR = $(DESTDIR)@sysconfdir@/ejabberd -SBINDIR = $(DESTDIR)@sbindir@ +BINDIR = $(DESTDIR)@bindir@ ifeq ($(shell uname),Darwin) DYNAMIC_LIB_CFLAGS = -fPIC -bundle -flat_namespace -undefined suppress @@ -117,21 +118,23 @@ install: all install -m 644 *.beam $(BEAMDIR) rm -f $(BEAMDIR)/configure.beam install -m 644 *.app $(BEAMDIR) - install -d -m 750 $(SPOOLDIR) + install -d -m 750 -o @INSTALLUSER@ $(SPOOLDIR) + chown -R @INSTALLUSER@ $(SPOOLDIR)/* + chmod -R 750 $(SPOOLDIR)/* install -d $(SODIR) install -d $(PBINDIR) install -m 644 *.so $(SODIR) $(INSTALL_EPAM) install -d $(MSGSDIR) install -m 644 msgs/*.msg $(MSGSDIR) - install -d -m 750 $(ETCDIR) - [ -f $(ETCDIR)/ejabberd.cfg ] && install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new || install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg - sed -e "s*@rootdir@*@prefix@*" ejabberdctl.template > ejabberdctl.example - [ -f $(ETCDIR)/ejabberdctl.cfg ] && install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new || install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg + install -d -m 750 -o @INSTALLUSER@ $(ETCDIR) + [ -f $(ETCDIR)/ejabberd.cfg ] && install -b -m 644 ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg-new || install -b -m 644 -o @INSTALLUSER@ ejabberd.cfg.example $(ETCDIR)/ejabberd.cfg + sed -e "s*@rootdir@*@prefix@*" -e "s*@installuser@*@INSTALLUSER@*" -e "s*@erl@*@ERL@*" ejabberdctl.template > ejabberdctl.example + [ -f $(ETCDIR)/ejabberdctl.cfg ] && install -b -m 644 ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg-new || install -b -m 644 -o @INSTALLUSER@ ejabberdctl.cfg.example $(ETCDIR)/ejabberdctl.cfg install -b -m 644 inetrc $(ETCDIR)/inetrc - install -d $(SBINDIR) - install -m 755 ejabberdctl.example $(SBINDIR)/ejabberdctl - install -d -m 750 $(LOGDIR) + install -m 550 -o @INSTALLUSER@ ejabberdctl.example $(BINDIR)/ejabberdctl + install -d -m 750 -o @INSTALLUSER@ $(LOGDIR) + chown @INSTALLUSER@ $(COOKIEFILE) uninstall: uninstall-binary @@ -140,7 +143,7 @@ uninstall-binary: rm -rf $(SODIR) rm -rf $(MSGSDIR) rm -rf $(PRIVDIR) - rm -rf $(SBINDIR)/ejabberdctl + rm -rf $(BINDIR)/ejabberdctl uninstall-all: uninstall-binary rm -rf $(ETCDIR) diff --git a/src/configure b/src/configure index e484e110..5b0fda4e 100755 --- a/src/configure +++ b/src/configure @@ -702,6 +702,7 @@ transient_supervisors full_xml SSL_LIBS SSL_CFLAGS +INSTALLUSER LTLIBOBJS' ac_subst_files='' ac_precious_vars='build_alias @@ -1303,6 +1304,8 @@ Optional Features: (default: yes) --enable-full-xml use XML features in XMPP stream (ex: CDATA) (default: no, requires XML compliant clients) + --enable-user[=USER] allow this system user to start ejabberd (default: + no) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -5864,6 +5867,19 @@ fi +ENABLEUSER=root +# Check whether --enable-user was given. +if test "${enable_user+set}" = set; then + enableval=$enable_user; case "${enableval}" in + yes) ENABLEUSER=`whoami` ;; + *) ENABLEUSER=$enableval + esac + echo "allow this system user to start ejabberd: $ENABLEUSER" +fi + +INSTALLUSER=$ENABLEUSER + + cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure @@ -6591,10 +6607,11 @@ transient_supervisors!$transient_supervisors$ac_delim full_xml!$full_xml$ac_delim SSL_LIBS!$SSL_LIBS$ac_delim SSL_CFLAGS!$SSL_CFLAGS$ac_delim +INSTALLUSER!$INSTALLUSER$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 89; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 90; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff --git a/src/configure.ac b/src/configure.ac index 15d099dc..f474bfdb 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -122,4 +122,15 @@ else fi AC_CHECK_HEADER(krb5.h,,) +ENABLEUSER=root +AC_ARG_ENABLE(user, + [AS_HELP_STRING([--enable-user[[[[=USER]]]]], [allow this system user to start ejabberd (default: no)])], + [case "${enableval}" in + yes) ENABLEUSER=`whoami` ;; + *) ENABLEUSER=$enableval + esac + echo "allow this system user to start ejabberd: $ENABLEUSER"], + []) +AC_SUBST([INSTALLUSER], [$ENABLEUSER]) + AC_OUTPUT diff --git a/src/ejabberdctl.template b/src/ejabberdctl.template index fc768fe3..4b8e505f 100644 --- a/src/ejabberdctl.template +++ b/src/ejabberdctl.template @@ -11,6 +11,8 @@ ERL_MAX_ETS_TABLES=1400 NODE=ejabberd HOST=localhost ERLANG_NODE=$NODE@$HOST +ERL=@erl@ +INSTALLUSER=@installuser@ ROOTDIR=@rootdir@ EJABBERD_CONFIG_PATH=$ROOTDIR/etc/ejabberd/ejabberd.cfg LOGS_DIR=$ROOTDIR/var/log/ejabberd/ @@ -36,6 +38,21 @@ while [ $# -ne 0 ] ; do esac done +# check the proper system user is used +ID=`id -g` +EJID=`id -g $INSTALLUSER` +EXEC_CMD="false" +if [ $ID -eq 0 ] ; then + EXEC_CMD="su ${INSTALLUSER} -c" +fi +if [ "$ID" -eq "$EJID" ] ; then + EXEC_CMD="sh -c" +fi +if [ "$EXEC_CMD" = "false" ] ; then + echo "This command can only be run by root or the user $INSTALLUSER" >&2 + exit 1 +fi + NAME=-name [ "$ERLANG_NODE" = "${ERLANG_NODE%.*}" ] && NAME=-sname @@ -70,9 +87,8 @@ export ERL_INETRC export ERL_MAX_PORTS export ERL_MAX_ETS_TABLES export HOME +export EXEC_CMD -[ -d $EJABBERD_DB ] || mkdir -p $EJABBERD_DB -[ -d $LOGS_DIR ] || mkdir -p $LOGS_DIR # Compatibility in ZSH #setopt shwordsplit 2>/dev/null @@ -80,14 +96,14 @@ export HOME # start server start () { - erl \ + $EXEC_CMD "$ERL \ $NAME $ERLANG_NODE \ -noinput -detached \ -pa $EJABBERD_EBIN \ - -mnesia dir "\"$EJABBERD_DB\"" \ + -mnesia dir \"\\\"$EJABBERD_DB\\\"\" \ -s ejabberd \ - -sasl sasl_error_logger \{file,\"$SASL_LOG_PATH\"\} \ - $ERLANG_OPTS $ARGS "$@" + -sasl sasl_error_logger \\{file,\\\"$SASL_LOG_PATH\\\"\\} \ + $ERLANG_OPTS $ARGS \"$@\"" } # attach to server @@ -109,10 +125,10 @@ debug () echo "Press any key to continue" read foo echo "" - erl \ + $EXEC_CMD "$ERL \ $NAME ${NODE}debug \ -remsh $ERLANG_NODE \ - $ERLANG_OPTS $ARGS "$@" + $ERLANG_OPTS $ARGS \"$@\"" } # start interactive server @@ -133,22 +149,22 @@ live () echo "Press any key to continue" read foo echo "" - erl \ + $EXEC_CMD "$ERL \ $NAME $ERLANG_NODE \ -pa $EJABBERD_EBIN \ - -mnesia dir "\"$EJABBERD_DB\"" \ + -mnesia dir \"\\\"$EJABBERD_DB\\\"\" \ -s ejabberd \ - $ERLANG_OPTS $ARGS "$@" + $ERLANG_OPTS $ARGS \"$@\"" } # common control function ctl () { - erl \ + $EXEC_CMD "$ERL \ $NAME ejabberdctl \ -noinput \ -pa $EJABBERD_EBIN \ - -s ejabberd_ctl -extra $ERLANG_NODE $@ + -s ejabberd_ctl -extra $ERLANG_NODE $@" result=$? case $result in 0) :;; |