<!DOCTYPE piml PUBLIC "-//TUX/DTD piml 1.0 Final//EN"
"http://lpml.sourceforge.net/DTD/piml.dtd">
<!-- systemd_config_check.piml -->
<!-- $Id: systemd_config_check.piml,v 1.2 2024/11/27 16:30:09 raeburn Exp $ -->
<!--
This file is part of the LearningOnline Network with CAPA (LON-CAPA).
LON-CAPA is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
LON-CAPA is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with LON-CAPA; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
/home/httpd/html/adm/gpl.txt
http://www.lon-capa.org/
-->
<piml>
<targetroot>/</targetroot>
<files>
<file>
<target dist="default">/home/httpd/perl</target>
<perlscript mode="fg">
use strict;
my $service = 'apache2.service';
my $use_systemctl;
my ($dist,$version) = ('<DIST />' =~ /^([A-Za-z]+)([\d\.]+)$/);
if (($dist eq 'sles') || ($dist eq 'suse')) {
if ($version >= 12) {
$use_systemctl = 1;
}
} elsif ($dist eq 'fedora') {
if ($version >= 16) {
$use_systemctl = 1;
}
$service = 'httpd.service';
} elsif ($dist =~ /^(centos|rhes|scientific|oracle|rocky|alma)$/) {
if ($version >= 7) {
$use_systemctl = 1;
}
$service = 'httpd.service';
} elsif ($dist eq 'ubuntu') {
if ($version >= 16) {
$use_systemctl = 1;
}
} elsif ($dist eq 'debian') {
if ($version >= 9) {
$use_systemctl = 1;
}
}
if ($use_systemctl) {
system('systemctl daemon-reload');
if (open(PIPE,"systemctl show $service --property=ProtectHome --property=RestrictSUIDSGID 2>/dev/null |")) {
my ($protecthome,$suidsgid);
while (my $line =<PIPE>) {
chomp($line);
if ($line =~ /^ProtectHome=(read-only|yes)$/i) {
$protecthome = 1;
} elsif ($line =~ /^RestrictSUIDSGID=yes$/i) {
$suidsgid = 1;
}
}
close(PIPE);
if ($protecthome || $suidsgid) {
if (!-d '/etc/systemd/system/'.$service.'.d') {
mkdir '/etc/systemd/system/'.$service.'.d', 0755;
}
if (-d '/etc/systemd/system/'.$service.'.d') {
if (-e '/etc/systemd/system/'.$service.'.d/override.conf') {
if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) {
my ($category,$addservice,$needs_update,$linenum,%is_no,%lines,
@move,@nocat,@ordered);
$linenum = 0;
while (my $entry = <$fh>) {
$linenum ++;
chomp($entry);
if ($entry =~ /^\s*\[([^\]]+)\]\s*$/) {
$category = $1;
if ($category =~ /^Service$/i) {
unless (grep(/^Service$/,@ordered)) {
push(@ordered,'Service');
}
} else {
unless (grep(/^\Q$category\E$/,@ordered)) {
push(@ordered,$category);
}
}
} elsif ($entry =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*([\w-]+)\s*$/) {
my ($key,$value) = ($1,$2);
next if ($is_no{$key});
if (lc($value) eq 'no') {
if ($category =~ /^Service$/i) {
push(@{$lines{'Service'}},$entry);
} else {
push(@move,$entry);
$needs_update = 1;
}
} else {
my $offstr = $key.'=no';
if ($category =~ /^Service$/i) {
push(@{$lines{'Service'}},$offstr);
} else {
push(@move,$offstr);
}
$needs_update = 1;
}
$is_no{$key} = $linenum;
} else {
next if ($entry =~ /^\s*$/);
if ($category =~ /^Service$/i) {
push(@{$lines{'Service'}},$entry);
} elsif ($category ne '') {
push(@{$lines{$category}},$entry);
} else {
push(@nocat,$entry);
}
}
}
close($fh);
unless (grep(/^Service$/,@ordered)) {
$addservice = 1;
unshift(@ordered,'Service');
}
foreach my $item ('ProtectHome','RestrictSUIDSGID') {
unless (exists($is_no{$item})) {
push(@{$lines{'Service'}},$item.'=no');
$needs_update = 1;
}
}
if ($addservice || $needs_update) {
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
if (@ordered) {
foreach my $category (@ordered) {
print $fh "[$category]\n";
if (ref($lines{$category}) eq 'ARRAY') {
foreach my $item (@{$lines{$category}}) {
print $fh "$item\n";
}
}
if ($category eq 'Service') {
if (@move) {
foreach my $item (@move) {
if ($item =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*no\s*$/i) {
my $key = $1;
unless (grep/^$key\s*=\s*no\s*$/i,@{$lines{$category}}) {
print $fh "$item\n";
}
} else {
print $fh "$item\n";
}
}
}
}
print $fh "\n";
}
}
if (@nocat) {
foreach my $item (@nocat) {
print $fh "$item\n";
}
}
close($fh);
print 'Updated /etc/systemd/system/'.$service.'.d/override.conf'."\n";
system('systemctl daemon-reload');
} else {
if ($protecthome) {
print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n".
'LON-CAPA web interface will not be usable.'."\n";
}
if ($suidsgid) {
print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write RestrictSUIDSGID=no.'."\n".
'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n";
}
}
}
}
} else {
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
print $fh '[Service]'."\n".'ProtectHome=no'."\n".'RestrictSUIDSGID=no'."\n";
close($fh);
print 'Created /etc/systemd/system/'.$service.'.d/override.conf'."\n";
system('systemctl daemon-reload');
} else {
if ($protecthome) {
print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write ProtectHome=no.'."\n".
'LON-CAPA web interface will not be usable.'."\n";
}
if ($suidsgid) {
print '**** ERROR: Could not open /etc/systemd/system/'.$service.'.d/override.conf to write RestrictSUIDSGID=no.'."\n".
'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n";
}
}
}
} else {
print '**** ERROR: No /etc/systemd/system/'.$service.'.d directory exists and creating one failed.'."\n";
if ($protecthome) {
print 'LON-CAPA web interface will not be usable.'."\n";
}
if ($suidsgid) {
print 'Creation of sub-directories in Authoring Space will not be possible from the web interface.'."\n";
}
}
}
} else {
print '**** WARNING *** Could not determine status of ProtectHome property for systemd '.$service.".\n".
'It was not possible to determine whether LON-CAPA web interface will be usable.'."\n";
}
}
</perlscript>
</file>
</files>
</piml>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to systemd_config_check.piml CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / loncapafiles