diff options
Diffstat (limited to 'bin/fripost-panel')
| -rwxr-xr-x | bin/fripost-panel | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/bin/fripost-panel b/bin/fripost-panel index 0046a4d..feb0008 100755 --- a/bin/fripost-panel +++ b/bin/fripost-panel @@ -7,9 +7,11 @@ PANEL_DIR=/opt/fripost-panel SOCKET_DIR=/var/run/fcgi -USER=www-data -PRINCIPAL=AdminWebPanel/fripost.org@FRIPOST.ORG -KEYTAB=/etc/fripost-panel/keytab +USER=fpanel +GROUP=www-data +PRINCIPAL=AdminWebPanel@FRIPOST.ORG +REALM=FRIPOST.ORG +KEYTAB=/var/lib/fripost-panel/keytab CGI=./cgi-bin/index.fcgi if [ $(id -u) -ne 0 ]; then @@ -17,27 +19,32 @@ if [ $(id -u) -ne 0 ]; then exit 1 fi -KSTART="k5start -b -f ${KEYTAB} -S ldap -I $(hostname --fqdn) -u ${PRINCIPAL} -q -K 60" +KSTART="k5start -b -f ${KEYTAB} -S ldap -I $(hostname --fqdn) -r ${REALM} -u ${PRINCIPAL} -q -l 61m -K 59" start () { test -x "${PANEL_DIR}/cgi-bin/index.fcgi" || exit 0 - pgrep -U "${USER}" -G "${USER}" -fx "/usr/bin/perl ${CGI}" >/dev/null && return 0 - pgrep -U "${USER}" -G "${USER}" -fx "${KSTART}" >/dev/null || sudo -u "${USER}" ${KSTART} || exit 1 + pgrep -U "${USER}" -G "${GROUP}" -fx "/usr/bin/perl ${CGI}" >/dev/null && return 0 + pgrep -U "${USER}" -G "${GROUP}" -fx "${KSTART}" >/dev/null || sudo -u "${USER}" ${KSTART} || exit 1 export FCGI_SOCKET_PATH="${SOCKET_DIR}/fripost-panel.socket" export FCGI_LISTEN_QUEUE=128 start-stop-daemon --start --background \ - --chuid "${USER}:${USER}" \ + --chuid "${USER}:${GROUP}" \ -d "${PANEL_DIR}" \ -m -p "${SOCKET_DIR}/fripost-panel.pid" \ + -k 0077 \ --exec ${CGI} + # Dirty, but it's safer than changing the umask to 0007 + sleep 1 + # The web server needs to talk and listen to the panel. + chmod 'ug+rwx,o=' "${FCGI_SOCKET_PATH}" || exit 1 } stop () { - pkill -U "${USER}" -G "${USER}" -fx "${KSTART}" || exit 1 + pkill -U "${USER}" -G "${GROUP}" -fx "${KSTART}" start-stop-daemon --stop -u "${USER}" \ - --chuid "${USER}:${USER}" \ + --chuid "${USER}:${GROUP}" \ -p "${SOCKET_DIR}/fripost-panel.pid" \ --retry=TERM/5/KILL/1 } |