--- loncom/Attic/lchtmldir	2004/12/06 12:07:59	1.12
+++ loncom/Attic/lchtmldir	2005/06/21 11:00:21	1.17
@@ -41,7 +41,7 @@
 #    NSCL
 #    Michigan State University8
 #    East Lansing, MI 48824-1321
-
+#
 #   General flow of control:
 #   1. Validate process state (must be run as www).
 #   2. Validate parameters:  Need two parameters:
@@ -61,7 +61,7 @@
 #       - internal - www:www/2775
 #       - local    - www:www/2775
 #
-
+#
 #
 #   Take a few precautions to be sure that we're not vulnerable to trojan
 #   horses and other fine issues:
@@ -144,7 +144,7 @@ my $safeuser = $patt;
 if($DEBUG) {
     print("Save username = $safeuser \n");
 }
-if(($username ne $safeuser) or ($safeuser!~/^[A-za-z]/)) {
+if(($username ne $safeuser) or ($safeuser!~/^[A-z]/)) {
     if($DEBUG) {
 	print("User name $username had illegal characters\n");
     }
@@ -185,8 +185,28 @@ if(!( -e $dirtry1)) {
         exit 6;
     }
 }
+if ($authentication eq "unix:") {
+    # check whether group $safeuser exists.
+    my $usergroups = `id -nG $safeuser`;
+    if (! grep /^$safeuser$/, split(/\s+/,$usergroups)) { 
+        if($DEBUG) {
+            print("Group \"$safeuser\" does not exist or $safeuser is not a member of that group.\n");
+        }
+        exit 7;
+    }
+}
+
+
+
 &EnableRoot;
 
+#  If authentication is internal and the top level directory exists
+#  give it the right permissions (in case this is a modification.
+
+if ($authentication eq "internal:") {
+    chmod(0711, $homedir);	# so www can enter ~/public_html.
+}
+
 &System("/bin/mkdir -p $fulldir")   unless (-e $fulldir);
     unless(-e $fulldir."/index.html") {
 	open OUT,">".$fulldir."/index.html";
@@ -214,14 +234,15 @@ END
     close OUT;
     }
 
-&System("/bin/chmod  02775  $fulldir");
-&System("/bin/chmod  0775  $fulldir"."/index.html");
+&System("/bin/chmod  02770  $fulldir");
+&System("/bin/chmod  0770  $fulldir"."/index.html");
 
 
 # Based on the authentiation mode, set the ownership of the directory.
 
 if($authentication eq "unix:") {	# Unix mode authentication...
-    &System("/bin/chown -R   $safeuser".":".$safeuser." ".$fulldir);
+    print "Unix auth\n";
+    &System("/bin/chown -R   $safeuser:$safeuser"." ".$fulldir);
     &JoinGroup($safeuser);
 } else {
     # Internal, Kerberos, and Local authentication are for users
@@ -300,7 +321,10 @@ sub DisableRoot {
 	print("Disable root: id = ".$>."\n");
     }
 }
-
+#
+#  Join the www user to the user's group.
+#  we must be running with euid as root at this time.
+#
 sub JoinGroup {
     my $usergroup = shift;
 
@@ -319,7 +343,16 @@ sub JoinGroup {
 	}
 	exit 6;
     }
-    
+    if (-e '/var/run/httpd.pid') {
+	open(PID,'/var/run/httpd.pid');
+	my $pid=<PID>;
+	close(PID);
+	my ($safepid) = $pid=~ /(\d+)/;
+	$pid = $safepid;
+	if ($pid) {
+	    my $status = system("kill -USR1 $safepid");
+	}
+    }
 }