1: <!DOCTYPE piml PUBLIC "-//TUX/DTD piml 1.0 Final//EN"
2: "http://lpml.sourceforge.net/DTD/piml.dtd">
3: <!-- systemd_config_check.piml -->
4:
5: <!-- $Id: systemd_config_check.piml,v 1.2 2024/11/27 16:30:09 raeburn Exp $ -->
6:
7: <!--
8:
9: This file is part of the LearningOnline Network with CAPA (LON-CAPA).
10:
11: LON-CAPA is free software; you can redistribute it and/or modify
12: it under the terms of the GNU General Public License as published by
13: the Free Software Foundation; either version 2 of the License, or
14: (at your option) any later version.
15:
16: LON-CAPA is distributed in the hope that it will be useful,
17: but WITHOUT ANY WARRANTY; without even the implied warranty of
18: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19: GNU General Public License for more details.
20:
21: You should have received a copy of the GNU General Public License
22: along with LON-CAPA; if not, write to the Free Software
23: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24:
25: /home/httpd/html/adm/gpl.txt
26:
27: http://www.lon-capa.org/
28:
29: -->
30:
31: <piml>
32: <targetroot>/</targetroot>
33: <files>
34: <file>
35: <target dist="default">/home/httpd/perl</target>
36: <perlscript mode="fg">
37:
38: use strict;
39:
40: my $service = 'apache2.service';
41: my $use_systemctl;
42: my ($dist,$version) = ('<DIST />' =~ /^([A-Za-z]+)([\d\.]+)$/);
43: if (($dist eq 'sles') || ($dist eq 'suse')) {
44: if ($version >= 12) {
45: $use_systemctl = 1;
46: }
47: } elsif ($dist eq 'fedora') {
48: if ($version >= 16) {
49: $use_systemctl = 1;
50: }
51: $service = 'httpd.service';
52: } elsif ($dist =~ /^(centos|rhes|scientific|oracle|rocky|alma)$/) {
53: if ($version >= 7) {
54: $use_systemctl = 1;
55: }
56: $service = 'httpd.service';
57: } elsif ($dist eq 'ubuntu') {
58: if ($version >= 16) {
59: $use_systemctl = 1;
60: }
61: } elsif ($dist eq 'debian') {
62: if ($version >= 9) {
63: $use_systemctl = 1;
64: }
65: }
66:
67: if ($use_systemctl) {
68: system('systemctl daemon-reload');
69: if (open(PIPE,"systemctl show $service --property=ProtectHome --property=RestrictSUIDSGID 2>/dev/null |")) {
70: my ($protecthome,$suidsgid);
71: while (my $line =<PIPE>) {
72: chomp($line);
73: if ($line =~ /^ProtectHome=(read-only|yes)$/i) {
74: $protecthome = 1;
75: } elsif ($line =~ /^RestrictSUIDSGID=yes$/i) {
76: $suidsgid = 1;
77: }
78: }
79: close(PIPE);
80: if ($protecthome || $suidsgid) {
81: if (!-d '/etc/systemd/system/'.$service.'.d') {
82: mkdir '/etc/systemd/system/'.$service.'.d', 0755;
83: }
84: if (-d '/etc/systemd/system/'.$service.'.d') {
85: if (-e '/etc/systemd/system/'.$service.'.d/override.conf') {
86: if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) {
87: my ($category,$addservice,$needs_update,$linenum,%is_no,%lines,
88: @move,@nocat,@ordered);
89: $linenum = 0;
90: while (my $entry = <$fh>) {
91: $linenum ++;
92: chomp($entry);
93: if ($entry =~ /^\s*\[([^\]]+)\]\s*$/) {
94: $category = $1;
95: if ($category =~ /^Service$/i) {
96: unless (grep(/^Service$/,@ordered)) {
97: push(@ordered,'Service');
98: }
99: } else {
100: unless (grep(/^\Q$category\E$/,@ordered)) {
101: push(@ordered,$category);
102: }
103: }
104: } elsif ($entry =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*([\w-]+)\s*$/) {
105: my ($key,$value) = ($1,$2);
106: next if ($is_no{$key});
107: if (lc($value) eq 'no') {
108: if ($category =~ /^Service$/i) {
109: push(@{$lines{'Service'}},$entry);
110: } else {
111: push(@move,$entry);
112: $needs_update = 1;
113: }
114: } else {
115: my $offstr = $key.'=no';
116: if ($category =~ /^Service$/i) {
117: push(@{$lines{'Service'}},$offstr);
118: } else {
119: push(@move,$offstr);
120: }
121: $needs_update = 1;
122: }
123: $is_no{$key} = $linenum;
124: } else {
125: next if ($entry =~ /^\s*$/);
126: if ($category =~ /^Service$/i) {
127: push(@{$lines{'Service'}},$entry);
128: } elsif ($category ne '') {
129: push(@{$lines{$category}},$entry);
130: } else {
131: push(@nocat,$entry);
132: }
133: }
134: }
135: close($fh);
136: unless (grep(/^Service$/,@ordered)) {
137: $addservice = 1;
138: unshift(@ordered,'Service');
139: }
140: foreach my $item ('ProtectHome','RestrictSUIDSGID') {
141: unless (exists($is_no{$item})) {
142: push(@{$lines{'Service'}},$item.'=no');
143: $needs_update = 1;
144: }
145: }
146: if ($addservice || $needs_update) {
147: if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
148: if (@ordered) {
149: foreach my $category (@ordered) {
150: print $fh "[$category]\n";
151: if (ref($lines{$category}) eq 'ARRAY') {
152: foreach my $item (@{$lines{$category}}) {
153: print $fh "$item\n";
154: }
155: }
156: if ($category eq 'Service') {
157: if (@move) {
158: foreach my $item (@move) {
159: if ($item =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*no\s*$/i) {
160: my $key = $1;
161: unless (grep/^$key\s*=\s*no\s*$/i,@{$lines{$category}}) {
162: print $fh "$item\n";
163: }
164: } else {
165: print $fh "$item\n";
166: }
167: }
168: }
169: }
170: print $fh "\n";
171: }
172: }
173: if (@nocat) {
174: foreach my $item (@nocat) {
175: print $fh "$item\n";
176: }
177: }
178: close($fh);
179: print 'Updated /etc/systemd/system/'.$service.'.d/override.conf'."\n";
180: system('systemctl daemon-reload');
181: } else {
182: if ($protecthome) {
183: print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n".
184: 'LON-CAPA web interface will not be usable.'."\n";
185: }
186: if ($suidsgid) {
187: print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write RestrictSUIDSGID=no.'."\n".
188: 'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n";
189: }
190: }
191: }
192: }
193: } else {
194: if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
195: print $fh '[Service]'."\n".'ProtectHome=no'."\n".'RestrictSUIDSGID=no'."\n";
196: close($fh);
197: print 'Created /etc/systemd/system/'.$service.'.d/override.conf'."\n";
198: system('systemctl daemon-reload');
199: } else {
200: if ($protecthome) {
201: print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n".
202: 'LON-CAPA web interface will not be usable.'."\n";
203: }
204: if ($suidsgid) {
205: print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write RestrictSUIDSGID=no.'."\n".
206: 'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n";
207: }
208: }
209: }
210: } else {
211: print '**** ERROR: No /etc/systemd/system/'.$service.'.d directory exists and creating one failed.'."\n";
212: if ($protecthome) {
213: print 'LON-CAPA web interface will not be usable.'."\n";
214: }
215: if ($suidsgid) {
216: print 'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n";
217: }
218: }
219: }
220: } else {
221: print '**** WARNING *** Could not determine status of ProtectHome property for systemd '.$service.".\n".
222: 'It was not possible to determine whether LON-CAPA web interface will be usable.'."\n";
223: }
224: }
225:
226: </perlscript>
227: </file>
228: </files>
229: </piml>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to systemd_config_check.piml CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / loncapafiles