[LON-CAPA-cvs] cvs: doc /install/linux install.pl
raeburn
raeburn at source.lon-capa.org
Wed Nov 27 11:24:20 EST 2024
raeburn Wed Nov 27 16:24:20 2024 EDT
Modified files:
/doc/install/linux install.pl
Log:
- "Configure systemd security settings for Apache web server" for Fedora >= 40
Simplify code.
Index: doc/install/linux/install.pl
diff -u doc/install/linux/install.pl:1.97 doc/install/linux/install.pl:1.98
--- doc/install/linux/install.pl:1.97 Tue Nov 26 23:54:22 2024
+++ doc/install/linux/install.pl Wed Nov 27 16:24:20 2024
@@ -78,7 +78,7 @@
&mt('Stopping execution.')."\n";
exit;
} else {
- print LOG '$Id: install.pl,v 1.97 2024/11/26 23:54:22 raeburn Exp $'."\n";
+ print LOG '$Id: install.pl,v 1.98 2024/11/27 16:24:20 raeburn Exp $'."\n";
}
#
@@ -2989,8 +2989,8 @@
if (-d '/etc/systemd/system/'.$service.'.d') {
if (-e '/etc/systemd/system/'.$service.'.d/override.conf') {
if (open(my $fh,'<','/etc/systemd/system/'.$service.'.d/override.conf')) {
- my ($category,$addservice,$protectoff,$changeprot,$suidsgidok,$changesug,
- $linenum,%lines, at move, at nocat, at ordered);
+ my ($category,$addservice,$needs_update,$linenum,%is_no,%lines,
+ @move, at nocat, at ordered);
$linenum = 0;
while (my $entry = <$fh>) {
$linenum ++;
@@ -2998,48 +2998,34 @@
if ($entry =~ /^\s*\[([^\]]+)\]\s*$/) {
$category = $1;
if ($category =~ /^Service$/i) {
- push(@ordered,'Service');
- } else {
- push(@ordered,$category);
- }
- } elsif ($entry =~ /^ProtectHome\s*=\s*([\w-]+)\s*$/) {
- my $value = $1;
- next if ($protectoff);
- if (lc($value) eq 'no') {
- if ($category =~ /^Service$/i) {
- push(@{$lines{'Service'}},$entry);
- } else {
- push(@move,$entry);
- $changeprot = $linenum;
+ unless (grep(/^Service$/, at ordered)) {
+ push(@ordered,'Service');
}
} else {
- if ($category =~ /^Service$/i) {
- push(@{$lines{'Service'}},'ProtectHome=no');
- } else {
- push(@move,'ProtectHome=no');
+ unless (grep(/^\Q$category\E$/, at ordered)) {
+ push(@ordered,$category);
}
- $changeprot = $linenum;
}
- $protectoff = $linenum;
- } elsif ($entry =~ /^RestrictSUIDSGID\s*=\s*([\w-]+)\s*$/) {
- my $value = $1;
- next if ($suidsgidok);
+ } elsif ($entry =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*([\w-]+)\s*$/) {
+ my ($key,$value) = ($1,$2);
+ next if ($is_no{$key});
if (lc($value) eq 'no') {
if ($category =~ /^Service$/i) {
push(@{$lines{'Service'}},$entry);
} else {
push(@move,$entry);
- $changesug = $linenum;
+ $needs_update = 1;
}
} else {
+ my $offstr = $key.'=no';
if ($category =~ /^Service$/i) {
- push(@{$lines{'Service'}},'RestrictSUIDSGID=no');
+ push(@{$lines{'Service'}},$offstr);
} else {
- push(@move,'RestrictSUIDSGID=no');
+ push(@move,$offstr);
}
- $changesug = $linenum;
+ $needs_update = 1;
}
- $suidsgidok = $linenum;
+ $is_no{$key} = $linenum;
} else {
next if ($entry =~ /^\s*$/);
if ($category =~ /^Service$/i) {
@@ -3056,13 +3042,13 @@
$addservice = 1;
unshift(@ordered,'Service');
}
- if (!$protectoff) {
- push(@{$lines{'Service'}},'ProtectHome=no');
- }
- if (!$suidsgidok) {
- push(@{$lines{'Service'}},'RestrictSUIDSGID=no');
+ foreach my $item ('ProtectHome','RestrictSUIDSGID') {
+ unless (exists($is_no{$item})) {
+ push(@{$lines{'Service'}},$item.'=no');
+ $needs_update = 1;
+ }
}
- if ($addservice || $changeprot || !$protectoff || $changesug || !$suidsgidok) {
+ if ($addservice || $needs_update) {
if (open(my $fh,'>','/etc/systemd/system/'.$service.'.d/override.conf')) {
if (@ordered) {
foreach my $category (@ordered) {
@@ -3075,12 +3061,9 @@
if ($category eq 'Service') {
if (@move) {
foreach my $item (@move) {
- if ($item =~ /^ProtectHome\s*=\s*no\s*$/i) {
- unless (grep/^ProtectHome\s*=\s*no\s*$/i,@{$lines{$category}}) {
- print $fh "$item\n";
- }
- } elsif ($item =~ /^RestrictSUIDSGID\s*=\s*no\s*$/i) {
- unless (grep/^RestrictSUIDSGID\s*=\s*no\s*$/i,@{$lines{$category}}) {
+ if ($item =~ /^(ProtectHome|RestrictSUIDSGID)\s*=\s*no\s*$/i) {
+ my $key = $1;
+ unless (grep/^$key\s*=\s*no\s*$/i,@{$lines{$category}}) {
print $fh "$item\n";
}
} else {
@@ -3115,6 +3098,8 @@
close($fh);
print_and_log('Created /etc/systemd/system/'.$service.'.d/override.conf');
system('systemctl daemon-reload');
+ } else {
+ print_and_log('Could not open /etc/systemd/system/'.$service.'.d/override.conf for writing.');
}
}
} else {
More information about the LON-CAPA-cvs
mailing list