Menu
▾
▴
[Firebird-checkins] CVS: interbase/firebird/skywalker/install/misc firebird.xinetd,NONE,1.1 CSchangeRunUser.sh,1.1,1.2 CSrestoreRootRunUser.sh,1.1,1.2 firebird.xinitd,1.1,NONE
|
From: Mark O. <sky...@us...> - 2001-04-14 02:15:36
|
Update of /cvsroot/firebird/interbase/firebird/skywalker/install/misc
In directory usw-pr-cvs1:/tmp/cvs-serv486/misc
Modified Files:
CSchangeRunUser.sh CSrestoreRootRunUser.sh
Added Files:
firebird.xinetd
Removed Files:
firebird.xinitd
Log Message:
Changes to install process for classic firebird.
--- NEW FILE ---
# default: on
# description: Interbase server
service gds_db
{
flags = REUSE
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /opt/interbase/bin/gds_inet_server
disable = no
}
Index: CSchangeRunUser.sh
===================================================================
RCS file: /cvsroot/firebird/interbase/firebird/skywalker/install/misc/CSchangeRunUser.sh,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** CSchangeRunUser.sh 2000/12/22 14:23:06 1.1
--- CSchangeRunUser.sh 2001/04/14 02:15:33 1.2
***************
*** 74,78 ****
}
-
#------------------------------------------------------------------------
# Add new user and group
--- 74,77 ----
***************
*** 80,93 ****
addFirebirdUser() {
! groupadd -g 84 -o -r firebird
! useradd -o -r -m -d /home/firebird -s /bin/bash \
! -c "Firebird Database Administrator" -g firebird -u 84 firebird
! # >/dev/null 2>&1
}
#------------------------------------------------------------------------
# Delete new user and group
--- 79,103 ----
addFirebirdUser() {
+
+ testStr=`grep firebird /etc/group`
! if [ -z "$testStr" ]
! then
! groupadd -g 84 -o -r firebird
! fi
! testStr=`grep firebird /etc/passwd`
! if [ -z "$testDir" ]
! then
! useradd -o -r -m -d $IBRootDir -s /bin/bash \
! -c "Firebird Database Administrator" -g firebird -u 84 firebird
! # >/dev/null 2>&1
! fi
}
+
+
#------------------------------------------------------------------------
# Delete new user and group
***************
*** 132,135 ****
--- 142,308 ----
+ #------------------------------------------------------------------------
+ # changeXinetdServiceUser
+ # Change the run user of the xinetd service
+
+ changeXinetdServiceUser() {
+
+ InitFile=/etc/xinetd.d/firebird
+ if [ -f $InitFile ]
+ then
+ ed -s $InitFile <<EOF
+ / user /s/=.*$/= $RunUser/g
+ w
+ q
+ EOF
+ fi
+ }
+
+ #------------------------------------------------------------------------
+ # Update inetd service entry
+ # This just adds/replaces the service entry line
+
+ updateInetdEntry() {
+
+ FileName=/etc/inetd.conf
+ newLine="gds_db stream tcp nowait.30000 $RunUser $IBBin/gds_inet_server gds_inet_server # InterBase Database Remote Server"
+ oldLine=`grep "^gds_db" $FileName`
+
+ replaceLineInFile "$FileName" "$newLine" "$oldLine"
+ }
+
+ #------------------------------------------------------------------------
+ # Update xinetd service entry
+
+ updateXinetdEntry() {
+
+ cp $IBRootDir/misc/firebird.xinetd /etc/xinetd.d/firebird
+ changeXinetdServiceUser
+ }
+
+
+ #------------------------------------------------------------------------
+ # Update inetd service entry
+ # Check to see if we have xinetd installed or plain inetd. Install differs
+ # for each of them.
+
+ updateInetdServiceEntry() {
+
+ if [ -d /etc/xinetd.d ]
+ then
+ updateXinetdEntry
+ else
+ updateInetdEntry
+ fi
+
+ }
+
+
+ #------------------------------------------------------------------------
+ # fixFilePermissions
+ # Change the permissions to restrict access to server programs to
+ # firebird group only. This is MUCH better from a saftey point of
+ # view than installing as root user, even if it requires a little
+ # more work.
+
+
+ fixFilePermissions() {
+
+ # Turn other access off.
+ chmod -R o= $IBRootDir
+
+
+ # Now fix up the mess.
+
+ # fix up directories
+ for i in `find $IBRootDir -print`
+ do
+ FileName=$i
+ if [ -d $FileName ]
+ then
+ chmod o=rx $FileName
+ fi
+ done
+
+
+ cd $IBBin
+
+
+ # set up the defaults for bin
+ for i in `ls`
+ do
+ chmod ug=rx,o= $i
+ done
+
+ # User can run these programs, they need to talk to server though.
+ # and they cannot actually create a database.
+
+
+ chmod a=rx isql
+ chmod a=rx qli
+
+ # SUID is still needed for group direct access. General users
+ # cannot run though.
+ for i in gds_lock_mgr gds_drop gds_inet_server
+ do
+ chmod ug=rx,o= $i
+ chmod ug+s $i
+ done
+
+
+ cd $IBRootDir
+
+ # Fix lock files
+ for i in isc_init1 isc_lock1 isc_event1
+ do
+ FileName=$i.`hostname`
+ chmod ug=rw,o= $FileName
+ done
+
+
+ chmod ug=rw,o= interbase.log
+
+ chmod a=r interbase.msg
+ chmod ug=rw,o= help/help.gdb
+ chmod ug=rw,o= isc4.gdb
+
+
+ # Set a default of read all files in examples
+
+ cd examples
+
+ for i in `ls`
+ do
+ chmod a=r $i
+ done
+
+ # make examples db's writable by group
+ chmod ug=rw,o= *.gdb
+
+ }
+
+
+ #------------------------------------------------------------------------
+ # resetXinitdServer
+ # Check for both inetd and xinetd, only one will be running but script
+ # will work.
+
+ resetInetdServer() {
+
+ if [ -f /var/run/inetd.pid ]
+ then
+ kill -HUP `cat /var/run/inetd.pid`
+ fi
+
+ if [ -f /var/run/xinetd.pid ]
+ then
+ kill -HUP `cat /var/run/xinetd.pid`
+ fi
+ }
+
+
+
+ #= Main Program ============================================================
+
IBRootDir=/opt/interbase
IBBin=$IBRootDir/bin
***************
*** 171,186 ****
! # Update the /etc/inetd.conf
echo "Updating /etc/services file"
- FileName=/etc/inetd.conf
- newLine="gds_db stream tcp nowait.30000 $RunUser $IBBin/gds_inet_server gds_inet_server # InterBase Database Remote Server"
- oldLine=`grep "^gds_db" $FileName`
-
- replaceLineInFile "$FileName" "$newLine" "$oldLine"
-
-
-
# Update ownership and SUID bits for programs.
echo "Updating $IBRootDir"
--- 344,352 ----
! # Update the /etc/inetd.conf or xinetd entry
echo "Updating /etc/services file"
+ updateInetdServiceEntry
# Update ownership and SUID bits for programs.
echo "Updating $IBRootDir"
***************
*** 188,232 ****
chown -R $RunUser.$RunGroup $IBRootDir
-
- # Turn everybody option off.
- chmod -R o= $IBRootDir
-
- # Now fix up the mess.
! # fix up directories
! for i in `find $IBRootDir -print`
! do
! FileName=$i
! if [ -d $FileName ]
! then
! chmod o=rx $FileName
! fi
! done
-
-
- cd $IBBin
-
-
- # User can run these programs, they need to talk to server though.
- # and they cannot actually create a database.
-
- chmod o=rx isql
- chmod o=rx qli
-
- # SUID is still needed for group direct access. General users
- # cannot run though.
- for i in gds_lock_mgr gds_drop gds_inet_server
- do
- chmod ug+s $i
- done
-
-
# Get inetd to reread new init files.
!
! if [ -f /var/run/inetd.pid ]
! then
! kill -HUP `cat /var/run/inetd.pid`
! fi
--- 354,362 ----
chown -R $RunUser.$RunGroup $IBRootDir
! fixFilePermissions
# Get inetd to reread new init files.
! resetInetdServer
Index: CSrestoreRootRunUser.sh
===================================================================
RCS file: /cvsroot/firebird/interbase/firebird/skywalker/install/misc/CSrestoreRootRunUser.sh,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** CSrestoreRootRunUser.sh 2000/12/22 14:23:06 1.1
--- CSrestoreRootRunUser.sh 2001/04/14 02:15:33 1.2
***************
*** 132,135 ****
--- 132,215 ----
+ #------------------------------------------------------------------------
+ # changeXinetdServiceUser
+ # Change the run user of the xinetd service
+
+ changeXinetdServiceUser() {
+
+ InitFile=/etc/xinetd.d/firebird
+ if [ -f $InitFile ]
+ then
+ ed -s $InitFile <<EOF
+ / user /s/=.*$/= $RunUser/g
+ w
+ q
+ EOF
+ fi
+ }
+
+ #------------------------------------------------------------------------
+ # Update inetd service entry
+ # This just adds/replaces the service entry line
+
+ updateInetdEntry() {
+
+ FileName=/etc/inetd.conf
+ newLine="gds_db stream tcp nowait.30000 $RunUser $IBBin/gds_inet_server gds_inet_server # InterBase Database Remote Server"
+ oldLine=`grep "^gds_db" $FileName`
+
+ replaceLineInFile "$FileName" "$newLine" "$oldLine"
+ }
+
+ #------------------------------------------------------------------------
+ # Update xinetd service entry
+ # we assume the xinetd script file already exists since we are changing user
+ # not installing from scratch.
+
+ updateXinetdEntry() {
+
+ # cp $IBRootDir/misc/firebird.xinetd /etc/xinetd.d/firebird
+ changeXinetdServiceUser
+ }
+
+ #------------------------------------------------------------------------
+ # Update inetd service entry
+ # Check to see if we have xinetd installed or plain inetd. Install differs
+ # for each of them.
+
+ updateInetdServiceEntry() {
+
+ if [ -d /etc/xinetd.d ]
+ then
+ updateXinetdEntry
+ else
+ updateInetdEntry
+ fi
+
+ }
+
+
+ #------------------------------------------------------------------------
+ # resetXinitdServer
+ # Check for both inetd and xinetd, only one will actually be running.
+ # depending upon your system.
+
+ resetInetdServer() {
+
+ if [ -f /var/run/inetd.pid ]
+ then
+ kill -HUP `cat /var/run/inetd.pid`
+ fi
+
+ if [ -f /var/run/xinetd.pid ]
+ then
+ kill -HUP `cat /var/run/xinetd.pid`
+ fi
+ }
+
+
+ #== Main Start ==============================================================
+
+
IBRootDir=/opt/interbase
IBBin=$IBRootDir/bin
***************
*** 237,246 ****
- # Get inetd to reread new init files.
! if [ -f /var/run/inetd.pid ]
! then
! kill -HUP `cat /var/run/inetd.pid`
! fi
--- 317,327 ----
! # Update the /etc/inetd.conf or xinetd entry
! updateInetdServiceEntry
!
!
! # Get inetd to reread new init files.
! resetInetdServer
--- firebird.xinitd DELETED ---
|
