dovecot/rc.dovecot@0ba300bdf30a (annotated)
dovecot/rc.dovecot
Mon, 20 Apr 2009 19:22:00 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 20 Apr 2009 19:22:00 +0200
- changeset 178
- 0ba300bdf30a
- child 237
- 76b4896bea63
- permissions
- -rw-r--r--
Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.
| michael@148 | 1 | #!@l_prefix@/bin/openpkg rc |
| michael@148 | 2 | ## |
| michael@148 | 3 | ## rc.dovecot -- Run-Commands |
| michael@148 | 4 | ## |
| michael@148 | 5 | |
| michael@148 | 6 | %config |
| michael@148 | 7 | dovecot_enable="$openpkg_rc_def" |
| michael@148 | 8 | dovecot_log_prolog="true" |
| michael@148 | 9 | dovecot_log_epilog="true" |
| michael@148 | 10 | dovecot_log_numfiles="10" |
| michael@148 | 11 | dovecot_log_minsize="1M" |
| michael@148 | 12 | dovecot_log_complevel="9" |
| michael@148 | 13 | dovecot_deliver_log_prolog="true" |
| michael@148 | 14 | dovecot_deliver_log_epilog="true" |
| michael@148 | 15 | dovecot_deliver_log_numfiles="10" |
| michael@148 | 16 | dovecot_deliver_log_minsize="1M" |
| michael@148 | 17 | dovecot_deliver_log_complevel="9" |
| michael@148 | 18 | <with_pop3d> |
| michael@148 | 19 | POP_type="dovecot" |
| michael@148 | 20 | POP_logfile="@l_prefix@/var/dovecot/log/dovecot.log" |
| michael@148 | 21 | </with_pop3d> |
| michael@148 | 22 | |
| michael@148 | 23 | %common |
| michael@148 | 24 | dovecot_pidfile="@l_prefix@/var/dovecot/run/master.pid" |
| michael@148 | 25 | dovecot_signal () { |
| michael@148 | 26 | [ -f $dovecot_pidfile ] && kill -$1 `cat $dovecot_pidfile` |
| michael@148 | 27 | } |
| michael@148 | 28 | |
| michael@148 | 29 | %status -u @l_susr@ -o |
| michael@148 | 30 | dovecot_usable="unknown" |
| michael@148 | 31 | dovecot_active="no" |
| michael@148 | 32 | rcService dovecot enable yes && \ |
| michael@148 | 33 | dovecot_signal 0 && dovecot_active="yes" |
| michael@148 | 34 | echo "dovecot_enable=\"$dovecot_enable\"" |
| michael@148 | 35 | echo "dovecot_usable=\"$dovecot_usable\"" |
| michael@148 | 36 | echo "dovecot_active=\"$dovecot_active\"" |
| michael@148 | 37 | |
| michael@148 | 38 | %start -u @l_susr@ |
| michael@148 | 39 | rcService dovecot enable yes || exit 0 |
| michael@148 | 40 | rcService dovecot active yes && exit 0 |
| michael@148 | 41 | @l_prefix@/sbin/dovecot |
| michael@148 | 42 | |
| michael@148 | 43 | %stop -u @l_susr@ |
| michael@148 | 44 | rcService dovecot enable yes || exit 0 |
| michael@148 | 45 | rcService dovecot active no && exit 0 |
| michael@148 | 46 | dovecot_signal TERM |
| michael@148 | 47 | sleep 2 |
| michael@148 | 48 | rm -f $dovecot_pidfile >/dev/null 2>&1 || true |
| michael@148 | 49 | |
| michael@148 | 50 | %restart -u @l_susr@ |
| michael@148 | 51 | rcService dovecot enable yes || exit 0 |
| michael@148 | 52 | rcService dovecot active no && exit 0 |
| michael@148 | 53 | rc dovecot stop start |
| michael@148 | 54 | |
| michael@148 | 55 | %reload -u @l_susr@ |
| michael@148 | 56 | rcService dovecot enable yes || exit 0 |
| michael@148 | 57 | rcService dovecot active no && exit 0 |
| michael@148 | 58 | dovecot_signal HUP |
| michael@148 | 59 | |
| michael@148 | 60 | %daily -u @l_susr@ |
| michael@148 | 61 | rcService dovecot enable yes || exit 0 |
| michael@148 | 62 | rcTmp -i |
| michael@148 | 63 | hintfile=`rcTmp -f -n hint` |
| michael@148 | 64 | shtool rotate -f \ |
| michael@148 | 65 | -n ${dovecot_log_numfiles} -s ${dovecot_log_minsize} -d \ |
| michael@148 | 66 | -z ${dovecot_log_complevel} -m 600 -o @l_susr@ -g @l_sgrp@ \ |
| michael@148 | 67 | -P "${dovecot_log_prolog}" \ |
| michael@148 | 68 | -E "${dovecot_log_epilog}; echo 1 >$hintfile" \ |
| michael@148 | 69 | @l_prefix@/var/dovecot/log/dovecot.log |
| michael@148 | 70 | if [ -s $hintfile ]; then |
| michael@148 | 71 | dovecot_signal USR1 |
| michael@148 | 72 | fi |
| michael@148 | 73 | rcTmp -k |
| michael@148 | 74 | shtool rotate -f \ |
| michael@148 | 75 | -n ${dovecot_deliver_log_numfiles} -s ${dovecot_deliver_log_minsize} -d \ |
| michael@148 | 76 | -z ${dovecot_deliver_log_complevel} -m 600 -o @l_rusr@ -g @l_rgrp@ \ |
| michael@148 | 77 | -P "${dovecot_deliver_log_prolog}" \ |
| michael@148 | 78 | -E "${dovecot_deliver_log_epilog}" \ |
| michael@148 | 79 | @l_prefix@/var/dovecot/log/deliver.log |
| michael@148 | 80 |
