--- loncom/Attic/lchtmldir 2002/05/03 03:43:54 1.3
+++ loncom/Attic/lchtmldir 2004/08/05 20:33:50 1.6
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w
# The Learning Online Network with CAPA
#
@@ -117,7 +117,7 @@ if($DEBUG) {
if( $authentication ne "unix:" &&
$authentication ne "internal:" &&
- $authentication ne "krb4:" &&
+ $authentication !~ /^krb(4|5):(.*)/ &&
$authentication ne "localauth:") {
if($DEBUG) {
print("Invalid authentication parameter: ".$authentication."\n");
@@ -175,7 +175,9 @@ if(!( -e $dirtry1)) {
if($DEBUG) {
print("User's home directory $dirtry1 does not exist\n");
}
- exit 6;
+ if ($authentication eq "unix:") {
+ exit 6;
+ }
}
&EnableRoot;
@@ -187,19 +189,19 @@ if(!( -e $dirtry1)) {
$safeuser
-
- $safeuser
+
+ $safeuser Construction Space
+
+ The LearningOnline Network with Computer-Assisted Personalized Approach
+
- Learning Online Network
+This is your construction space within LON-CAPA, where you would construct resources which are meant to be
+used across courses and institutions.
- This area provides for:
+Material within this area can only be seen and edited by $safeuser and designated co-authors. To make
+it available to students and other instructors, the material needs to be published.
-
- - resource construction
- - resource publication
- - record-keeping
-
END
@@ -212,31 +214,13 @@ END
# Based on the authentiation mode, set the ownership of the directory.
if($authentication eq "unix:") { # Unix mode authentication...
-
-
- &System("/bin/chown -R $username".":".$username." ".$fulldir);
- &JoinGroup($username);
-
-
-}
-elsif ($authentication eq "internal:") { # Internal authentication.
-
- &System("/bin/chown -R www:www $fulldir");
-}
-elsif ($authentication eq "krb4:") { # Kerberos version 4 authentication
- &System("/bin/chown -R $username".':'.$username." ".$fulldir);
- &JoinGroup($username);
-}
-elsif ($authentication eq "localauth:") { # Local authentiation
- &System("/bin/chown -R $username".':'.$username." $fulldir");
-}
-else {
- if($DEBUG) {
- print("Authentication not legal".$authentication);
- }
- &DisableRoot;
- exit 5;
-
+ &System("/bin/chown -R $safeuser".":".$safeuser." ".$fulldir);
+ &JoinGroup($safeuser);
+} else {
+ # Internal, Kerberos, and Local authentication are for users
+ # who do not have unix accounts on the system. Therefore we
+ # will give ownership of their public_html directories to www:www
+ &System("/bin/chown -R www:www ".$fulldir);
}
&DisableRoot;
@@ -254,6 +238,7 @@ exit 0;
sub EnableRoot {
if ($wwwid==$>) {
+ print ("EnableRoot $< $>\n");
($<,$>)=($>,$<);
($(,$))=($),$();
}
@@ -261,7 +246,7 @@ sub EnableRoot {
# root capability is already enabled
}
if($DEBUG) {
- print("Enable Root - id = $> \n");
+ print("Enable Root - id = $> $<\n");
}
return $>;
}
@@ -283,6 +268,9 @@ sub JoinGroup {
my $usergroup = shift;
my $groups = `/usr/bin/groups www`;
+ # untaint
+ my ($safegroups)=($groups=~/([\s\w]+)/);
+ $groups=$safegroups;
chomp $groups; $groups=~s/^\S+\s+\:\s+//;
my @grouplist=split(/\s+/,$groups);
my @ugrouplist=grep {!/www|$usergroup/} @grouplist;
@@ -300,11 +288,11 @@ sub JoinGroup {
sub System {
- my $command = shift;
+ my ($command,@args) = @_;
if($DEBUG) {
- print("system: $command \n");
+ print("system: $command with args ".join(' ',@args)."\n");
}
- system($command);
+ system($command,@args);
}