Date: Mon, 5 Sep 2005 19:12:48 GMT From: Pawel Wieleba <P.Wieleba@iem.pw.edu.pl> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/85760: [PATCH] www/jakarta-tomcat55; enable possibility to specify tomcat deamon user/group; make it possible to add user/group even if UID/GID number is reserved Message-ID: <200509051912.j85JCmdL091821@www.freebsd.org> Resent-Message-ID: <200509051921.j85JLSnL041624@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 85760
>Category: ports
>Synopsis: [PATCH] www/jakarta-tomcat55; enable possibility to specify tomcat deamon user/group; make it possible to add user/group even if UID/GID number is reserved
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 05 19:20:18 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Pawel Wieleba
>Release: FreeBSD 5.4-stable
>Organization:
>Environment:
FreeBSD srv 5.4-STABLE FreeBSD 5.4-STABLE #0: Sun Aug 28 23:43:13 CEST 2005 root@srv:/usr/obj/usr/src/sys/SRV i386
>Description:
Now it is _impossible_ to specify what user is used to install and run tomcat with.
I use user www with apache2 and want to run tomcat with a different user because of security reasons.
I have written a patch to the jakarta-tomcat55 port to make it possible to install and run jakarta-tomcat55 server with an alternate user.
>How-To-Repeat:
>Fix:
The patch consists of free files:
Makefile.diff
pkg-install.diff
pkg-deinstall.diff
The patch:
srv# cat *.diff
--- Makefile-ORG Mon Sep 5 20:50:10 2005
+++ Makefile Mon Sep 5 21:07:11 2005
@@ -66,6 +66,19 @@
STDOUT_LOG=${STDOUT_LOG} \
STDERR_LOG=${STDERR_LOG}
+REPLACE_FILES+= ${PKGDIR}/pkg-install \
+ ${PKGDIR}/pkg-deinstall
+PKGINSTALL= ${WRKDIR}/pkg-install
+PKGDEINSTALL= ${WRKDIR}/pkg-deinstall
+
+.if defined(TOMCAT_USER)
+USER=${TOMCAT_USER}
+.endif
+
+.if defined(TOMCAT_GROUP)
+GROUP=${TOMCAT_GROUP}
+.endif
+
.include <bsd.port.pre.mk>
.if ${JAVA_PORT_VERSION:C/^([0-9])\.([0-9])(.*)$/\1.\2/} == "1.4"
@@ -91,7 +104,6 @@
@${ECHO_MSG} " Logfile stderr: ${STDERR_LOG}"
@${ECHO_MSG} " Starting after install: ${AUTO_START}"
@${ECHO_MSG} " Stop time-out: ${STOP_TIMEOUT} sec."
- @PKG_PREFIX=${PREFIX} ${SH} pkg-install ${PKGNAME} PRE-INSTALL
post-patch:
@${ECHO_MSG} -n ">> Removing unneeded files..."
@@ -129,6 +141,9 @@
$f > ${WRKDIR}/`basename $f`
@${ECHO_MSG} " [ DONE ]"
.endfor
+
+pre-install:
+ @PKG_PREFIX=${PREFIX} ${SH} pkg-install ${PKGNAME} PRE-INSTALL
do-install:
@${ECHO_MSG} -n ">> Creating destination directory..."
--- pkg-deinstall-ORG Mon Sep 5 20:52:29 2005
+++ pkg-deinstall Mon Sep 5 20:42:24 2005
@@ -5,7 +5,7 @@
# * Checks if the PID file exists. If it does, it kills the
# process and removes the PID file.
#
-# * Checks if the 'www' user exists. If it does, then it displays
+# * Checks if the '%%USER%%' user exists. If it does, then it displays
# a message.
#
# $FreeBSD: ports/www/jakarta-tomcat55/pkg-deinstall,v 1.2 2004/01/02 12:31:11 znerd Exp $
@@ -37,8 +37,8 @@
if [ "$2" = "POST-DEINSTALL" ]; then
# If the user exists, then display a message
- if pw usershow "www" 2>/dev/null 1>&2; then
- echo "To delete the www user permanently, use 'pw userdel www'"
+ if pw usershow "%%USER%%" 2>/dev/null 1>&2; then
+ echo "To delete the %%USER%% user permanently, use 'pw userdel %%USER%%'"
fi
fi
--- pkg-install-ORG Mon Sep 5 20:52:16 2005
+++ pkg-install Mon Sep 5 20:42:20 2005
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# Checks if the 'www' user and group exist. If they don't, then
+# Checks if the '%%USER%%' user and %%GROUP%% group exist. If they don't, then
# an attempt is made to create both.
#
# $FreeBSD: ports/www/jakarta-tomcat55/pkg-install,v 1.2 2005/06/13 14:08:34 hq Exp $
@@ -12,34 +12,39 @@
fi
# Set some constants
-USER=www
-GROUP=${USER}
UID=80
GID=${UID}
# See if the group already exists
-if ! pw groupshow "${GROUP}" 2>/dev/null 1>&2; then
+if ! pw groupshow "%%GROUP%%" 2>/dev/null 1>&2; then
# If not, try to create it
- if pw groupadd ${GROUP} -g ${GID}; then
- echo "Added group \"${GROUP}\"."
+ if pw groupadd "%%GROUP%%" -g ${GID}; then
+ echo "Added group \"%%GROUP%%\"."
+ elif pw groupadd "%%GROUP%%"; then
+ echo "Added group \"%%GROUP%%\"."
else
- echo "Adding group \"${GROUP}\" failed..."
+ echo "Adding group \"%%GROUP%%\" failed..."
exit 1
fi
fi
# See if the user already exists
-if ! pw usershow "${USER}" 2>/dev/null 1>&2; then
+if ! pw usershow "%%USER%%" 2>/dev/null 1>&2; then
# If not, try to create it
- if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \
- -s "/sbin/nologin" -d "/nonexistent" \
- -c "World Wide Web Owner"; \
+ if pw useradd "%%USER%%" -u ${UID} -g "%%GROUP%%" -h - \
+ -s "/sbin/nologin" -d "/nonexistent" \
+ -c "World Wide Web Owner";
then
- echo "Added user \"${USER}\"."
+ echo "Added user \"%%USER%%\"."
+ elif pw useradd "%%USER%%" -g "%%GROUP%%" -h - \
+ -s "/sbin/nologin" -d "/nonexistent" \
+ -c "World Wide Web Owner";
+ then
+ echo "Added user \"%%USER%%\"."
else
- echo "Adding user \"${USER}\" failed..."
+ echo "Adding user \"%%USER%%\" failed..."
exit 1
fi
fi
I hope this patch or similar will be added to this port soon.
Best 4 you
Pawel Wieleba
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509051912.j85JCmdL091821>