aboutsummaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
Diffstat (limited to 'bin')
-rwxr-xr-xbin/fripost-panel25
-rwxr-xr-xbin/ldap-krb525
2 files changed, 16 insertions, 34 deletions
diff --git a/bin/fripost-panel b/bin/fripost-panel
index 0046a4d..feb0008 100755
--- a/bin/fripost-panel
+++ b/bin/fripost-panel
@@ -7,9 +7,11 @@
PANEL_DIR=/opt/fripost-panel
SOCKET_DIR=/var/run/fcgi
-USER=www-data
-PRINCIPAL=AdminWebPanel/fripost.org@FRIPOST.ORG
-KEYTAB=/etc/fripost-panel/keytab
+USER=fpanel
+GROUP=www-data
+PRINCIPAL=AdminWebPanel@FRIPOST.ORG
+REALM=FRIPOST.ORG
+KEYTAB=/var/lib/fripost-panel/keytab
CGI=./cgi-bin/index.fcgi
if [ $(id -u) -ne 0 ]; then
@@ -17,27 +19,32 @@ if [ $(id -u) -ne 0 ]; then
exit 1
fi
-KSTART="k5start -b -f ${KEYTAB} -S ldap -I $(hostname --fqdn) -u ${PRINCIPAL} -q -K 60"
+KSTART="k5start -b -f ${KEYTAB} -S ldap -I $(hostname --fqdn) -r ${REALM} -u ${PRINCIPAL} -q -l 61m -K 59"
start () {
test -x "${PANEL_DIR}/cgi-bin/index.fcgi" || exit 0
- pgrep -U "${USER}" -G "${USER}" -fx "/usr/bin/perl ${CGI}" >/dev/null && return 0
- pgrep -U "${USER}" -G "${USER}" -fx "${KSTART}" >/dev/null || sudo -u "${USER}" ${KSTART} || exit 1
+ pgrep -U "${USER}" -G "${GROUP}" -fx "/usr/bin/perl ${CGI}" >/dev/null && return 0
+ pgrep -U "${USER}" -G "${GROUP}" -fx "${KSTART}" >/dev/null || sudo -u "${USER}" ${KSTART} || exit 1
export FCGI_SOCKET_PATH="${SOCKET_DIR}/fripost-panel.socket"
export FCGI_LISTEN_QUEUE=128
start-stop-daemon --start --background \
- --chuid "${USER}:${USER}" \
+ --chuid "${USER}:${GROUP}" \
-d "${PANEL_DIR}" \
-m -p "${SOCKET_DIR}/fripost-panel.pid" \
+ -k 0077 \
--exec ${CGI}
+ # Dirty, but it's safer than changing the umask to 0007
+ sleep 1
+ # The web server needs to talk and listen to the panel.
+ chmod 'ug+rwx,o=' "${FCGI_SOCKET_PATH}" || exit 1
}
stop () {
- pkill -U "${USER}" -G "${USER}" -fx "${KSTART}" || exit 1
+ pkill -U "${USER}" -G "${GROUP}" -fx "${KSTART}"
start-stop-daemon --stop -u "${USER}" \
- --chuid "${USER}:${USER}" \
+ --chuid "${USER}:${GROUP}" \
-p "${SOCKET_DIR}/fripost-panel.pid" \
--retry=TERM/5/KILL/1
}
diff --git a/bin/ldap-krb5 b/bin/ldap-krb5
deleted file mode 100755
index 368db8e..0000000
--- a/bin/ldap-krb5
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/sh
-
-# Keep renewing/recreating kerberos tickets for ldap/hostname
-
-if [ $(id -u) -ne 0 ]; then
- echo "Error: You are not root"
- exit 1
-fi
-
-. /etc/default/slapd
-KSTART="k5start -b -f ${KRB5_KTNAME} -u ldap -i $(hostname --fqdn) -q -K 60"
-case "${1}" in
- start)
- pgrep -U "${SLAPD_USER}" -G "${SLAPD_GROUP}" -fx "${KSTART}" >/dev/null \
- || sudo -u "${SLAPD_USER}" ${KSTART} \
- || exit 1
- ;;
- stop)
- pkill -U "${SLAPD_USER}" -G "${SLAPD_GROUP}" -fx "${KSTART}" >/dev/null \
- ;;
- *)
- echo "Usage: $0 {start|stop}" >&2
- exit 1
- ;;
-esac