OpenPKG Specs / file revision

openldap/rc.openldap@0ba300bdf30a

openldap/rc.openldap

Mon, 20 Apr 2009 19:22:00 +0200

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Mon, 20 Apr 2009 19:22:00 +0200
changeset 178
0ba300bdf30a
permissions
-rw-r--r--

Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.

     1 #!@l_prefix@/bin/openpkg rc

     2 ##

     3 ##  rc.openldap -- Run-Commands

     4 ##

     5 

     6 %config

     7     openldap_enable="$openpkg_rc_def"

     8     openldap_flags=""

     9     openldap_url="ldap://127.0.0.1:389/"

    10     openldap_log_prolog="true"

    11     openldap_log_epilog="true"

    12     openldap_log_numfiles="10"

    13     openldap_log_minsize="1M"

    14     openldap_log_complevel="9"

    15 

    16 %common

    17     openldap_slapd_cfgfile="@l_prefix@/etc/openldap/slapd.conf"

    18     openldap_slapd_pidfile="@l_prefix@/var/openldap/run/slapd.pid"

    19     openldap_slapd_signal () {

    20         [ -f $openldap_slapd_pidfile ] && kill -$1 `cat $openldap_slapd_pidfile`

    21     }

    22 

    23 %status -u @l_susr@ -o

    24     openldap_usable="unknown"

    25     openldap_active="no"

    26     rcService openldap enable yes && \

    27         openldap_slapd_signal 0 && openldap_active="yes"

    28     echo "openldap_enable=\"$openldap_enable\""

    29     echo "openldap_usable=\"$openldap_usable\""

    30     echo "openldap_active=\"$openldap_active\""

    31 

    32 %start -p 300 -u @l_susr@

    33     rcService openldap enable yes || exit 0

    34     openldap_slapd_signal 0

    35     if [ $? -ne 0 ]; then

    36         flags="$openldap_flags"

    37         echo $flags | grep -- -h >/dev/null

    38         if [ $? -ne 0 -a ".$openldap_url" != . ]; then

    39             flags="$flags -h \"$openldap_url\""

    40         fi

    41         eval @l_prefix@/libexec/openldap/slapd $flags || exit $?

    42     fi

    43 

    44 %stop -p 700 -u @l_susr@

    45     rcService openldap enable yes || exit 0

    46     rcService openldap active no  && exit 0

    47     openldap_slapd_signal INT

    48     sleep 2

    49 

    50 %restart -u @l_susr@

    51     rcService openldap enable yes || exit 0

    52     rcService openldap active no  && exit 0

    53     rc openldap stop start

    54 

    55 %daily -u @l_susr@

    56     rcService openldap enable yes || exit 0

    57     shtool rotate -f \

    58         -n ${openldap_log_numfiles} -s ${openldap_log_minsize} -d \

    59         -z ${openldap_log_complevel} -m 644 -o @l_susr@ -g @l_mgrp@ \

    60         -P "${openldap_log_prolog}" \

    61         -E "${openldap_log_epilog}; rc openldap restart" \

    62         @l_prefix@/var/openldap/openldap.log

    63

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial