[LON-CAPA-cvs] cvs: loncom / request_ssl_key.sh

raeburn raeburn@source.lon-capa.org
Tue, 27 Jan 2009 01:23:26 -0000 

raeburn		Tue Jan 27 01:23:26 2009 EDT

  Modified files:              
    /loncom	request_ssl_key.sh 
  Log:
  - Need to check for the existence (an ownership) of /home/httpd/lonCerts if run as www.
  - If the script is actually run from within /home/httpd/lonCerts, lonKey.pem doesn't need to be copied (and shouldn't be removed). 
  
  
Index: loncom/request_ssl_key.sh
diff -u loncom/request_ssl_key.sh:1.1 loncom/request_ssl_key.sh:1.2
--- loncom/request_ssl_key.sh:1.1	Thu Nov 18 23:25:10 2004
+++ loncom/request_ssl_key.sh	Tue Jan 27 01:23:26 2009
@@ -3,7 +3,28 @@
 MAILADDR=certificate@lon-capa.org	# Email the cert request here.
 DESTDIR=/home/httpd/lonCerts			# Destination for the key file.
 DESTUID=www			# Who will own the private key.
-DESTGROUP=www			# Gropu that owns the private key.
+DESTGROUP=www			# Group that will own the private key.
+
+if [ $(whoami) != "$DESTUID" ] && [ $(whoami) != "root" ]; then
+    echo "This script needs to be run either as $DESTUID or root"
+    exit
+fi
+
+if [ $(whoami) != "root" ] ; then
+    if [ -d "$DESTDIR" ] ; then
+        CURROWNER=`stat -c %U $DESTDIR`
+        if [ -L "$DESTDIR" ] ; then
+            echo "$DESTDIR is a symbolic link. You need to remove the link and (as root) create $DESTDIR as a directory owned by $DESTUID:$DESTGROUP."
+            exit
+        elif [ $CURROWNER != $DESTUID ] ; then
+            echo "$DESTUID is not the owner of $DESTDIR. As root you need to change ownership of this directory to $DESTUID:$DESTGROUP."
+            exit
+        fi
+    else
+        echo "You need to create a directory: $DESTDIR (as root) and then change ownership of this directory so it is owned by $DESTUID:$DESTGROUP."
+        exit
+    fi
+fi
 
 openssl req -newkey rsa:1024 -passout pass:loncapa \
     -keyout lonKey.enc -keyform PEM  \
@@ -11,9 +32,18 @@
 
 openssl rsa -passin pass:loncapa -in lonKey.enc -out lonKey.pem
 
-install -d -m 0750 -o $DESTUID -g $DESTGROUP $DESTDIR
-install -m 0400 -o $DESTUID -g $DESTGROUP lonKey.pem $DESTDIR
-rm lonKey.{enc,pem}
+if [ $(pwd) != "$DESTDIR" ] ; then
+    if [ !-d "$DESTDIR" ] ; then
+        install -d -m 0750 -o $DESTUID -g $DESTGROUP $DESTDIR
+    fi
+    install -m 0400 -o $DESTUID -g $DESTGROUP lonKey.pem $DESTDIR
+    rm lonKey.pem
+else
+    chmod 0400 lonKey.pem
+fi
+
+rm lonKey.enc
+
 
 mail <CertRequest.pem -s "Certificate Request" $MAILADDR
 rm CertRequest.pem