![[BACK]](/icons/back.gif){kind=icon}
Return to systemd_config_check.piml CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / loncapafiles|
Return to systemd_config_check.piml CVS log | Up to [LON-CAPA] / doc / loncapafiles |
1.1 raeburn 1: <!DOCTYPE piml PUBLIC "-//TUX/DTD piml 1.0 Final//EN"
2: "http://lpml.sourceforge.net/DTD/piml.dtd">
3: <!-- systemd_config_check.piml -->
4:
1.2 ! raeburn 5: <!-- $Id: systemd_config_check.piml,v 1.1 2024/07/28 19:40:59 raeburn Exp $ -->
1.1 raeburn 6:
7: <!--
8:
9: This file is part of the LearningOnline Network with CAPA (LON-CAPA).
10:
11: LON-CAPA is free software; you can redistribute it and/or modify
12: it under the terms of the GNU General Public License as published by
13: the Free Software Foundation; either version 2 of the License, or
14: (at your option) any later version.
15:
16: LON-CAPA is distributed in the hope that it will be useful,
17: but WITHOUT ANY WARRANTY; without even the implied warranty of
18: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19: GNU General Public License for more details.
20:
21: You should have received a copy of the GNU General Public License
22: along with LON-CAPA; if not, write to the Free Software
23: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24:
25: /home/httpd/html/adm/gpl.txt
26:
27: http://www.lon-capa.org/
28:
29: -->
30:
31: <piml>
32: <targetroot>/</targetroot>
33: <files>
34: <file>
35: <target dist="default">/home/httpd/perl</target>
36: <perlscript mode="fg">
37:
38: use strict;
39:
40: my $service = 'apache2.service';
41: my $use_systemctl;
42: my ($dist,$version) = ('<DIST />' =~ /^([A-Za-z]+)([\d\.]+)$/);
43: if (($dist eq 'sles') || ($dist eq 'suse')) {
44: if ($version >= 12) {
45: $use_systemctl = 1;
46: }
47: } elsif ($dist eq 'fedora') {
48: if ($version >= 16) {
49: $use_systemctl = 1;
50: }
51: $service = 'httpd.service';
52: } elsif ($dist =~ /^(centos|rhes|scientific|oracle|rocky|alma)$/) {
53: if ($version >= 7) {
54: $use_systemctl = 1;
55: }
56: $service = 'httpd.service';
57: } elsif ($dist eq 'ubuntu') {
58: if ($version >= 16) {
59: $use_systemctl = 1;
60: }
61: } elsif ($dist eq 'debian') {
62: if ($version >= 9) {
63: $use_systemctl = 1;
64: }
65: }
66:
67: if ($use_systemctl) {
68: system('systemctl daemon-reload');
1.2 ! raeburn 69: if (open(PIPE,"systemctl show $service --property=ProtectHome --property=RestrictSUIDSGID 2>/dev/null |")) {
! 70: my ($protecthome,$suidsgid);
! 71: while (my $line =<PIPE>) {
! 72: chomp($line);
! 73: if ($line =~ /^ProtectHome=(read-only|yes)$/i) {
! 74: $protecthome = 1;
! 75: } elsif ($line =~ /^RestrictSUIDSGID=yes$/i) {
! 76: $suidsgid = 1;
! 77: }
! 78: }
1.1 raeburn 79: close(PIPE);
1.2 ! raeburn 80: if ($protecthome || $suidsgid) {
1.1 raeburn 81: if (!-d '/etc/systemd/system/'.$service.'.d') {
82: mkdir '/etc/systemd/system/'.$service.'.d', 0755;
83: }
84: if (-d '/etc/systemd/system/'.$service.'.d') {
85: if (-e '/etc/systemd/system/'.$service.'.d/override.conf') {
86: if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) {
1.2 ! raeburn 87: my ($category,$addservice,$needs_update,$linenum,%is_no,%lines,
! 88: @move,@nocat,@ordered);
! 89: $linenum = 0;
1.1 raeburn 90: while (my $entry = <$fh>) {
91: $linenum ++;
92: chomp($entry);
1.2 ! raeburn 93: if ($entry =~ /^\s*\[([^\]]+)\]\s*$/) {
! 94: $category = $1;
! 95: if ($category =~ /^Service$/i) {
! 96: unless (grep(/^Service$/,@ordered)) {
! 97: push(@ordered,'Service');
! 98: }
1.1 raeburn 99: } else {
1.2 ! raeburn 100: unless (grep(/^\Q$category\E$/,@ordered)) {
! 101: push(@ordered,$category);
! 102: }
1.1 raeburn 103: }
1.2 ! raeburn 104: } elsif ($entry =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*([\w-]+)\s*$/) {
! 105: my ($key,$value) = ($1,$2);
! 106: next if ($is_no{$key});
! 107: if (lc($value) eq 'no') {
! 108: if ($category =~ /^Service$/i) {
! 109: push(@{$lines{'Service'}},$entry);
! 110: } else {
! 111: push(@move,$entry);
! 112: $needs_update = 1;
! 113: }
! 114: } else {
! 115: my $offstr = $key.'=no';
! 116: if ($category =~ /^Service$/i) {
! 117: push(@{$lines{'Service'}},$offstr);
1.1 raeburn 118: } else {
1.2 ! raeburn 119: push(@move,$offstr);
1.1 raeburn 120: }
1.2 ! raeburn 121: $needs_update = 1;
! 122: }
! 123: $is_no{$key} = $linenum;
! 124: } else {
! 125: next if ($entry =~ /^\s*$/);
! 126: if ($category =~ /^Service$/i) {
! 127: push(@{$lines{'Service'}},$entry);
! 128: } elsif ($category ne '') {
! 129: push(@{$lines{$category}},$entry);
! 130: } else {
! 131: push(@nocat,$entry);
1.1 raeburn 132: }
133: }
134: }
135: close($fh);
1.2 ! raeburn 136: unless (grep(/^Service$/,@ordered)) {
! 137: $addservice = 1;
! 138: unshift(@ordered,'Service');
! 139: }
! 140: foreach my $item ('ProtectHome','RestrictSUIDSGID') {
! 141: unless (exists($is_no{$item})) {
! 142: push(@{$lines{'Service'}},$item.'=no');
! 143: $needs_update = 1;
! 144: }
! 145: }
! 146: if ($addservice || $needs_update) {
1.1 raeburn 147: if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
1.2 ! raeburn 148: if (@ordered) {
! 149: foreach my $category (@ordered) {
! 150: print $fh "[$category]\n";
! 151: if (ref($lines{$category}) eq 'ARRAY') {
! 152: foreach my $item (@{$lines{$category}}) {
! 153: print $fh "$item\n";
! 154: }
! 155: }
! 156: if ($category eq 'Service') {
! 157: if (@move) {
! 158: foreach my $item (@move) {
! 159: if ($item =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*no\s*$/i) {
! 160: my $key = $1;
! 161: unless (grep/^$key\s*=\s*no\s*$/i,@{$lines{$category}}) {
! 162: print $fh "$item\n";
! 163: }
! 164: } else {
! 165: print $fh "$item\n";
! 166: }
! 167: }
! 168: }
! 169: }
! 170: print $fh "\n";
! 171: }
1.1 raeburn 172: }
1.2 ! raeburn 173: if (@nocat) {
! 174: foreach my $item (@nocat) {
! 175: print $fh "$item\n";
! 176: }
1.1 raeburn 177: }
178: close($fh);
179: print 'Updated /etc/systemd/system/'.$service.'.d/override.conf'."\n";
180: system('systemctl daemon-reload');
181: } else {
1.2 ! raeburn 182: if ($protecthome) {
! 183: print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n".
! 184: 'LON-CAPA web interface will not be usable.'."\n";
! 185: }
! 186: if ($suidsgid) {
! 187: print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write RestrictSUIDSGID=no.'."\n".
! 188: 'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n";
! 189: }
1.1 raeburn 190: }
191: }
192: }
193: } else {
194: if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
1.2 ! raeburn 195: print $fh '[Service]'."\n".'ProtectHome=no'."\n".'RestrictSUIDSGID=no'."\n";
1.1 raeburn 196: close($fh);
197: print 'Created /etc/systemd/system/'.$service.'.d/override.conf'."\n";
198: system('systemctl daemon-reload');
199: } else {
1.2 ! raeburn 200: if ($protecthome) {
! 201: print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n".
! 202: 'LON-CAPA web interface will not be usable.'."\n";
! 203: }
! 204: if ($suidsgid) {
! 205: print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write RestrictSUIDSGID=no.'."\n".
! 206: 'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n";
! 207: }
1.1 raeburn 208: }
209: }
210: } else {
1.2 ! raeburn 211: print '**** ERROR: No /etc/systemd/system/'.$service.'.d directory exists and creating one failed.'."\n";
! 212: if ($protecthome) {
! 213: print 'LON-CAPA web interface will not be usable.'."\n";
! 214: }
! 215: if ($suidsgid) {
! 216: print 'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n";
! 217: }
1.1 raeburn 218: }
219: }
220: } else {
221: print '**** WARNING *** Could not determine status of ProtectHome property for systemd '.$service.".\n".
222: 'It was not possible to determine whether LON-CAPA web interface will be usable.'."\n";
223: }
224: }
225:
226: </perlscript>
227: </file>
228: </files>
229: </piml>