|
version 1.1, 2024/07/28 19:40:59
|
version 1.2, 2024/11/27 16:30:09
|
|
Line 66 if (($dist eq 'sles') || ($dist eq 'suse
|
Line 66 if (($dist eq 'sles') || ($dist eq 'suse
|
| |
|
| if ($use_systemctl) { |
if ($use_systemctl) { |
| system('systemctl daemon-reload'); |
system('systemctl daemon-reload'); |
| if (open(PIPE,"systemctl show $service --property=ProtectHome 2>/dev/null |")) { |
if (open(PIPE,"systemctl show $service --property=ProtectHome --property=RestrictSUIDSGID 2>/dev/null |")) { |
| my $protection = <PIPE>; |
my ($protecthome,$suidsgid); |
| |
while (my $line =<PIPE>) { |
| |
chomp($line); |
| |
if ($line =~ /^ProtectHome=(read-only|yes)$/i) { |
| |
$protecthome = 1; |
| |
} elsif ($line =~ /^RestrictSUIDSGID=yes$/i) { |
| |
$suidsgid = 1; |
| |
} |
| |
} |
| close(PIPE); |
close(PIPE); |
| chomp($protection); |
if ($protecthome || $suidsgid) { |
| if ($protection =~ /^ProtectHome=(read-only|yes)$/i) { |
|
| if (!-d '/etc/systemd/system/'.$service.'.d') { |
if (!-d '/etc/systemd/system/'.$service.'.d') { |
| mkdir '/etc/systemd/system/'.$service.'.d', 0755; |
mkdir '/etc/systemd/system/'.$service.'.d', 0755; |
| } |
} |
| if (-d '/etc/systemd/system/'.$service.'.d') { |
if (-d '/etc/systemd/system/'.$service.'.d') { |
| if (-e '/etc/systemd/system/'.$service.'.d/override.conf') { |
if (-e '/etc/systemd/system/'.$service.'.d/override.conf') { |
| if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) { |
if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) { |
| my ($inservice,$addservice,$protectoff,$linenum,$change,@lines); |
my ($category,$addservice,$needs_update,$linenum,%is_no,%lines, |
| |
@move,@nocat,@ordered); |
| |
$linenum = 0; |
| while (my $entry = <$fh>) { |
while (my $entry = <$fh>) { |
| $linenum ++; |
$linenum ++; |
| chomp($entry); |
chomp($entry); |
| if ($entry eq '[Service]') { |
if ($entry =~ /^\s*\[([^\]]+)\]\s*$/) { |
| if (!$protectoff) { |
$category = $1; |
| $inservice = $linenum; |
if ($category =~ /^Service$/i) { |
| push(@lines,$entry); |
unless (grep(/^Service$/,@ordered)) { |
| |
push(@ordered,'Service'); |
| |
} |
| } else { |
} else { |
| $addservice = 1; |
unless (grep(/^\Q$category\E$/,@ordered)) { |
| next; |
push(@ordered,$category); |
| |
} |
| } |
} |
| } |
} elsif ($entry =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*([\w-]+)\s*$/) { |
| if ($entry =~ /^ProtectHome\s*=\s*([\w-]+)\s*$/) { |
my ($key,$value) = ($1,$2); |
| my $value = $1; |
next if ($is_no{$key}); |
| if ($protectoff) { |
if (lc($value) eq 'no') { |
| next; |
if ($category =~ /^Service$/i) { |
| if (lc($value) eq 'no') { |
push(@{$lines{'Service'}},$entry); |
| $protectoff = $linenum; |
|
| push(@lines,$entry); |
|
| } else { |
} else { |
| if ($protectoff) { |
push(@move,$entry); |
| next; |
$needs_update = 1; |
| } else { |
|
| push(@lines,'ProtectHome=no'); |
|
| $protectoff = $linenum; |
|
| $change = $linenum; |
|
| } |
|
| } |
} |
| |
} else { |
| |
my $offstr = $key.'=no'; |
| |
if ($category =~ /^Service$/i) { |
| |
push(@{$lines{'Service'}},$offstr); |
| |
} else { |
| |
push(@move,$offstr); |
| |
} |
| |
$needs_update = 1; |
| |
} |
| |
$is_no{$key} = $linenum; |
| |
} else { |
| |
next if ($entry =~ /^\s*$/); |
| |
if ($category =~ /^Service$/i) { |
| |
push(@{$lines{'Service'}},$entry); |
| |
} elsif ($category ne '') { |
| |
push(@{$lines{$category}},$entry); |
| |
} else { |
| |
push(@nocat,$entry); |
| } |
} |
| } |
} |
| } |
} |
| close($fh); |
close($fh); |
| if ($addservice || $change || !$protectoff) { |
unless (grep(/^Service$/,@ordered)) { |
| |
$addservice = 1; |
| |
unshift(@ordered,'Service'); |
| |
} |
| |
foreach my $item ('ProtectHome','RestrictSUIDSGID') { |
| |
unless (exists($is_no{$item})) { |
| |
push(@{$lines{'Service'}},$item.'=no'); |
| |
$needs_update = 1; |
| |
} |
| |
} |
| |
if ($addservice || $needs_update) { |
| if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { |
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { |
| if ($addservice) { |
if (@ordered) { |
| print $fh "[Service]\n"; |
foreach my $category (@ordered) { |
| |
print $fh "[$category]\n"; |
| |
if (ref($lines{$category}) eq 'ARRAY') { |
| |
foreach my $item (@{$lines{$category}}) { |
| |
print $fh "$item\n"; |
| |
} |
| |
} |
| |
if ($category eq 'Service') { |
| |
if (@move) { |
| |
foreach my $item (@move) { |
| |
if ($item =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*no\s*$/i) { |
| |
my $key = $1; |
| |
unless (grep/^$key\s*=\s*no\s*$/i,@{$lines{$category}}) { |
| |
print $fh "$item\n"; |
| |
} |
| |
} else { |
| |
print $fh "$item\n"; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
print $fh "\n"; |
| |
} |
| } |
} |
| foreach my $entry (@lines) { |
if (@nocat) { |
| print $fh "$entry\n"; |
foreach my $item (@nocat) { |
| |
print $fh "$item\n"; |
| |
} |
| } |
} |
| close($fh); |
close($fh); |
| print 'Updated /etc/systemd/system/'.$service.'.d/override.conf'."\n"; |
print 'Updated /etc/systemd/system/'.$service.'.d/override.conf'."\n"; |
| system('systemctl daemon-reload'); |
system('systemctl daemon-reload'); |
| } else { |
} else { |
| print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n". |
if ($protecthome) { |
| 'LON-CAPA web interface will not be usable.'."\n"; |
print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n". |
| |
'LON-CAPA web interface will not be usable.'."\n"; |
| |
} |
| |
if ($suidsgid) { |
| |
print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write RestrictSUIDSGID=no.'."\n". |
| |
'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n"; |
| |
} |
| } |
} |
| } |
} |
| } |
} |
| } else { |
} else { |
| if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { |
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) { |
| print $fh '[Service]'."\n".'ProtectHome=no'."\n"; |
print $fh '[Service]'."\n".'ProtectHome=no'."\n".'RestrictSUIDSGID=no'."\n"; |
| close($fh); |
close($fh); |
| print 'Created /etc/systemd/system/'.$service.'.d/override.conf'."\n"; |
print 'Created /etc/systemd/system/'.$service.'.d/override.conf'."\n"; |
| system('systemctl daemon-reload'); |
system('systemctl daemon-reload'); |
| } else { |
} else { |
| print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n". |
if ($protecthome) { |
| 'LON-CAPA web interface will not be usable.'."\n"; |
print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n". |
| |
'LON-CAPA web interface will not be usable.'."\n"; |
| |
} |
| |
if ($suidsgid) { |
| |
print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write RestrictSUIDSGID=no.'."\n". |
| |
'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n"; |
| |
} |
| } |
} |
| } |
} |
| } else { |
} else { |
| print '**** ERROR: No /etc/systemd/system/'.$service.'.d directory exists and creating one failed.'."\n". |
print '**** ERROR: No /etc/systemd/system/'.$service.'.d directory exists and creating one failed.'."\n"; |
| 'LON-CAPA web interface will not be usable.'."\n"; |
if ($protecthome) { |
| |
print 'LON-CAPA web interface will not be usable.'."\n"; |
| |
} |
| |
if ($suidsgid) { |
| |
print 'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n"; |
| |
} |
| } |
} |
| } |
} |
| } else { |
} else { |
![[BACK]](/icons/back.gif){kind=icon}
Return to systemd_config_check.piml CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / loncapafiles