documentation for installation updated
improved suid-wrapper creation
This commit is contained in:
parent
b895416bc1
commit
07002d747d
59
INSTALL
59
INSTALL
|
@ -3,13 +3,14 @@ The following notes will guide you through the installation of ezmlm-web:
|
||||||
OVERVIEW:
|
OVERVIEW:
|
||||||
0 - important notes
|
0 - important notes
|
||||||
1 - get it
|
1 - get it
|
||||||
2 - install executable
|
2 - install executable and shared files
|
||||||
3 - configuration file
|
3 - configuration file
|
||||||
4 - compile cgi wrapper
|
4 - compile cgi wrapper
|
||||||
5 - install cgi wrapper
|
5 - install cgi wrapper
|
||||||
6 - [optional] configure access control (http authentication)
|
6 - [optional] configure access control (http authentication)
|
||||||
7 - css stylesheet file
|
7 - css stylesheet file
|
||||||
8 - final test
|
8 - final test
|
||||||
|
9 - any problems?
|
||||||
|
|
||||||
|
|
||||||
------------------------------------------------------------------------------
|
------------------------------------------------------------------------------
|
||||||
|
@ -36,16 +37,11 @@ OVERVIEW:
|
||||||
(debian users may stop reading here)
|
(debian users may stop reading here)
|
||||||
|
|
||||||
|
|
||||||
2. Copy ezmlm-web.cgi to some publically readable directory. It does not
|
2. Execute the following lines to install the cgi script and the shared data
|
||||||
have to be in a path accessible to your web server, but any user with a
|
files to the appropriate locations.
|
||||||
mailing list must be able to run it (Check the read and execute rights
|
perl Makefile.PL
|
||||||
on both the file and directory). We put our copy in "/usr/local/bin".
|
make
|
||||||
|
make install
|
||||||
At the top of ezmlm-web.cgi you may have to change the $ENV{'PATH'}
|
|
||||||
variable. Be careful about what you set as the path. Too
|
|
||||||
much is a security risk and too little will cause the script to
|
|
||||||
malfunction. Version 2.0 requires that the following programs be
|
|
||||||
accessible in your path: mv, rm
|
|
||||||
|
|
||||||
|
|
||||||
3. Edit the examples/ezmlmwebrc.dist file and alter the variables to suit
|
3. Edit the examples/ezmlmwebrc.dist file and alter the variables to suit
|
||||||
|
@ -62,15 +58,6 @@ OVERVIEW:
|
||||||
supply to a minimum and also make reasonable guesses about default
|
supply to a minimum and also make reasonable guesses about default
|
||||||
values.
|
values.
|
||||||
|
|
||||||
The directory containing ezmlm-web's language files should be something
|
|
||||||
like '/usr/local/share/ezmlm-web/lang':
|
|
||||||
mkdir -p /usr/local/share/ezmlm-web
|
|
||||||
cp -r share/lang /usr/local/share/ezmlm-web
|
|
||||||
You can change this default location in the ezmlmwebrc file.
|
|
||||||
Do the same with the share/template directory (e.g copy it
|
|
||||||
to /usr/local/share/ezmlm-web/template). Then you also have to
|
|
||||||
set the appropriate location in the ezmlmwebrc file.
|
|
||||||
|
|
||||||
Finally, copy the ezmlmwebrc file to one of
|
Finally, copy the ezmlmwebrc file to one of
|
||||||
the following places:
|
the following places:
|
||||||
1) the home directory of the user that runs ezmlm-web.cgi (~/.ezmlmwebrc)
|
1) the home directory of the user that runs ezmlm-web.cgi (~/.ezmlmwebrc)
|
||||||
|
@ -80,26 +67,22 @@ OVERVIEW:
|
||||||
(ezmlm-web will look for it in these places in the given order)
|
(ezmlm-web will look for it in these places in the given order)
|
||||||
|
|
||||||
|
|
||||||
4. Edit the index.c file and change the path to the path of your copy
|
4. For every user/virtual host that needs to manage mailing lists, you
|
||||||
of ezmlm-web.cgi. Then compile this file. You can do this by issuing
|
need to create a suid wrapper owned by the user whom the mailing lists
|
||||||
this command:
|
belong to. This wrapper needs to reside somewhere accessible by
|
||||||
gcc -o index.cgi share/index.c
|
the web server. I suggest that you put it in a sub directory
|
||||||
|
of each user/virtual host's home directory (eg.
|
||||||
|
/home/luser/public_html/ezmlm for Apache).
|
||||||
|
|
||||||
|
Create a suid wrapper by issuing the following command:
|
||||||
5. For every user/virtual host that needs to manage mailing lists, you
|
ezmlm-web-make-suid
|
||||||
need to create a SUID (user not root!!) copy of index.cgi (e.g
|
|
||||||
chmod 4755 index.cgi). These need to reside somewhere accessible by
|
|
||||||
the web server. I suggest that you put them in a sub directory (see
|
|
||||||
about security) of each user/virtual host's home directory (eg.
|
|
||||||
/home/luser/public_html/ezmlm for Apache).
|
|
||||||
|
|
||||||
The copies don't actually have to be called index.cgi, but it is nice
|
The copies don't actually have to be called index.cgi, but it is nice
|
||||||
for web servers that can resolve a cgi script as an index page (see the
|
for web servers that can resolve a cgi script as an index page. It is
|
||||||
srm.conf file in Apache). It is important to make sure that whichever
|
important to make sure that whichever directory you choose to put them can
|
||||||
directory you choose to put them can
|
|
||||||
i: Execute CGI Scripts and
|
i: Execute CGI Scripts and
|
||||||
ii: Be access controlled (here I mean both web and user access) by
|
ii: Be access controlled (here I mean both web and user access) by
|
||||||
some method (eg .htaccess, access.conf for Apache).
|
some method (eg .htaccess for Apache).
|
||||||
|
|
||||||
|
|
||||||
6. Install some method of securing access to the page. The following
|
6. Install some method of securing access to the page. The following
|
||||||
|
@ -138,9 +121,9 @@ OVERVIEW:
|
||||||
Again, see the ApacheWeek article for details.
|
Again, see the ApacheWeek article for details.
|
||||||
|
|
||||||
|
|
||||||
7. You should copy the stylesheet file (share/css/default.css) to a location
|
7. Copy the stylesheet file (/usr/local/share/ezmlm-web/css/default.css)
|
||||||
of your choice. It has to be accessible by an URL - maybe a place like
|
to a location of your choice. It has to be accessible by an URL - maybe
|
||||||
"/var/www/ezmlm-web.css" could be appropriate.
|
a place like "/var/www/ezmlm-web.css" could be appropriate.
|
||||||
Now you may have to change the "HTML_CSS_FILE" setting in your
|
Now you may have to change the "HTML_CSS_FILE" setting in your
|
||||||
ezmlmwebrc file. This value is a URL - not the local filename.
|
ezmlmwebrc file. This value is a URL - not the local filename.
|
||||||
|
|
||||||
|
|
7
MANIFEST
Normal file
7
MANIFEST
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
ezmlm-web.cgi
|
||||||
|
changelog
|
||||||
|
copyright
|
||||||
|
TODO
|
||||||
|
UPGRADING
|
||||||
|
share
|
||||||
|
examples
|
114
Makefile.PL
Normal file
114
Makefile.PL
Normal file
|
@ -0,0 +1,114 @@
|
||||||
|
# $Id$
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use ExtUtils::MakeMaker;
|
||||||
|
# See lib/ExtUtils/MakeMaker.pm for details of how to influence
|
||||||
|
# the contents of the Makefile that is written.
|
||||||
|
WriteMakefile(
|
||||||
|
'NAME' => 'ezmlm-web',
|
||||||
|
'AUTHOR' => 'Lars Kruse <devel@sumpfralle.de>',
|
||||||
|
'VERSION_FROM' => 'ezmlm-web.cgi', # finds $VERSION
|
||||||
|
'DISTNAME' => 'ezmlm-web',
|
||||||
|
'PREREQ_PM' => {
|
||||||
|
'Mail::Ezmlm' => 0.07,
|
||||||
|
'Mail::Address' => 1.15,
|
||||||
|
'CGI' => 2.6,
|
||||||
|
'CGI::Carp' => 1.06,
|
||||||
|
'DB_File' => 1.65,
|
||||||
|
'Getopt::Std' => 1.0,
|
||||||
|
'File::Find' => 0.0,
|
||||||
|
'File::Copy' => 2.02,
|
||||||
|
'File::Path' => 1.07,
|
||||||
|
'Text::ParseWords' => 3.0 },
|
||||||
|
'dist' => { COMPRESS => 'gzip', SUFFIX => 'gz' }
|
||||||
|
);
|
||||||
|
|
||||||
|
sub MY::postamble {
|
||||||
|
my ($self, $datadir) = @_;
|
||||||
|
my $SHAREDIR = "\$(DESTINSTALLSHARE)/$self->{NAME}";
|
||||||
|
return <<ENDOFTEXT
|
||||||
|
# REALINSTALLBIN is introduced later depending on "site" or "vendor" installation
|
||||||
|
export REALINSTALLBIN
|
||||||
|
export NOECHO
|
||||||
|
export CC
|
||||||
|
|
||||||
|
real_install_bin_: REALINSTALLBIN := \$(INSTALLSITEBIN)
|
||||||
|
real_install_bin_: install_suid_wrapper install_cgi
|
||||||
|
|
||||||
|
real_install_bin_site: REALINSTALLBIN := \$(INSTALLSITEBIN)
|
||||||
|
real_install_bin_site: install_suid_wrapper install_cgi
|
||||||
|
|
||||||
|
real_install_bin_vendor: REALINSTALLBIN := \$(INSTALLVENDORBIN)
|
||||||
|
real_install_bin_vendor: install_suid_wrapper install_cgi
|
||||||
|
|
||||||
|
real_install_bin_perl: REALINSTALLBIN := \$(INSTALLBIN)
|
||||||
|
real_install_bin_perl: install_suid_wrapper install_cgi
|
||||||
|
|
||||||
|
real_build_bin_: REALINSTALLBIN := \$(INSTALLSITEBIN)
|
||||||
|
real_build_bin_: build_suid_wrapper
|
||||||
|
|
||||||
|
real_build_bin_site: REALINSTALLBIN := \$(INSTALLSITEBIN)
|
||||||
|
real_build_bin_site: build_suid_wrapper
|
||||||
|
|
||||||
|
real_build_bin_vendor: REALINSTALLBIN := \$(INSTALLVENDORBIN)
|
||||||
|
real_build_bin_vendor: build_suid_wrapper
|
||||||
|
|
||||||
|
real_build_bin_perl: REALINSTALLBIN := \$(INSTALLBIN)
|
||||||
|
real_build_bin_perl: build_suid_wrapper
|
||||||
|
|
||||||
|
|
||||||
|
subdirs:: real_build_bin_\$(INSTALLDIRS)
|
||||||
|
|
||||||
|
clean_subdirs: clean_suid_wrapper
|
||||||
|
|
||||||
|
build_suid_wrapper:
|
||||||
|
\$(MAKE) -C suid-wrapper build
|
||||||
|
|
||||||
|
clean_suid_wrapper:
|
||||||
|
\$(MAKE) -C suid-wrapper clean
|
||||||
|
|
||||||
|
make_real_bin: real_install_bin_\$(INSTALLDIRS)
|
||||||
|
\$(MKPATH) \$(DESTDIR)\$(REALINSTALLBIN)
|
||||||
|
|
||||||
|
install_cgi: make_real_bin
|
||||||
|
install -c -m 755 ezmlm-web.cgi \$(DESTDIR)\$(REALINSTALLBIN)/ezmlm-web.cgi
|
||||||
|
|
||||||
|
install_suid_wrapper: build_suid_wrapper make_real_bin
|
||||||
|
\$(NOECHO) echo "WARNING: \$(REALINSTALLBIN)"
|
||||||
|
install -c -m 0755 suid-wrapper/index.cgi \$(DESTDIR)\$(REALINSTALLBIN)/ezmlm-web.wrapper
|
||||||
|
install -c -m 0755 suid-wrapper/ezmlm-web-make-suid \$(DESTDIR)\$(REALINSTALLBIN)/
|
||||||
|
|
||||||
|
install:: real_install_bin_\$(INSTALLDIRS) install_share_\$(INSTALLDIRS)
|
||||||
|
install_share_site:: DESTINSTALLSHARE := \$(DESTDIR)\$(PREFIX)/local/share
|
||||||
|
install_share_site:: install_share
|
||||||
|
install_share_vendor:: DESTINSTALLSHARE := \$(DESTDIR)\$(PREFIX)/share
|
||||||
|
install_share_vendor:: install_share
|
||||||
|
install_share:
|
||||||
|
install -d -m 0755 $SHAREDIR
|
||||||
|
install -d -m 0755 $SHAREDIR/lang
|
||||||
|
for file in share/lang/*.hdf ; \\
|
||||||
|
do install -c -m 0644 \$\$file $SHAREDIR/lang/ ; \\
|
||||||
|
done
|
||||||
|
install -d -m 0755 $SHAREDIR/css
|
||||||
|
for file in share/css/*.css ; \\
|
||||||
|
do install -c -m 0644 \$\$file $SHAREDIR/css/ ; \\
|
||||||
|
done
|
||||||
|
install -d -m 0755 $SHAREDIR/template
|
||||||
|
install -d -m 0755 $SHAREDIR/template/ui
|
||||||
|
install -d -m 0755 $SHAREDIR/template/ui/default
|
||||||
|
install -d -m 0755 $SHAREDIR/template/ui/gnupg
|
||||||
|
install -d -m 0755 $SHAREDIR/template/config_options
|
||||||
|
for file in share/template/*.cs ; \\
|
||||||
|
do install -c -m 0644 \$\$file $SHAREDIR/template/ ; \\
|
||||||
|
done
|
||||||
|
for file in share/template/config_options/*.cs ; \\
|
||||||
|
do install -c -m 0644 \$\$file $SHAREDIR/template/config_options/ ; \\
|
||||||
|
done
|
||||||
|
for file in share/template/ui/default/*.hdf ; \\
|
||||||
|
do install -c -m 0644 \$\$file $SHAREDIR/template/ui/default/ ; \\
|
||||||
|
done
|
||||||
|
for file in share/template/ui/gnupg/*.hdf ; \\
|
||||||
|
do install -c -m 0644 \$\$file $SHAREDIR/template/ui/gnupg/ ; \\
|
||||||
|
done
|
||||||
|
ENDOFTEXT
|
||||||
|
}
|
|
@ -2,7 +2,7 @@ Package: ezmlm-web
|
||||||
Version: 3.2-1
|
Version: 3.2-1
|
||||||
Section: admin
|
Section: admin
|
||||||
Priority: extra
|
Priority: extra
|
||||||
Architecture: all
|
Architecture: any
|
||||||
Depends: perl, httpd-cgi, libemail-address-perl, libemail-ezmlm-perl (>= 0.07)
|
Depends: perl, httpd-cgi, libemail-address-perl, libemail-ezmlm-perl (>= 0.07)
|
||||||
Suggests: qmail-src, bash (>=2.0), gcc
|
Suggests: qmail-src, bash (>=2.0), gcc
|
||||||
Maintainer: Lars Kruse <devel@sumpfralle.de>
|
Maintainer: Lars Kruse <devel@sumpfralle.de>
|
||||||
|
|
15
suid-wrapper/Makefile
Normal file
15
suid-wrapper/Makefile
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# Makefile to compile the binary suid-wrapper for ezmlm-web
|
||||||
|
#
|
||||||
|
# REALINSTALLBIN should be defined in the higher level Makefile
|
||||||
|
|
||||||
|
.PHONY: build clean
|
||||||
|
|
||||||
|
build:
|
||||||
|
$(NOECHO) echo "#define EZMLM_WEB_CGI \"$(REALINSTALLBIN)/ezmlm-web.cgi\"" >index.h
|
||||||
|
$(CC) -o index.cgi index.c
|
||||||
|
sed -i 's#^EZMLM_WEB_SUID_WRAPPER=.*$$#EZMLM_WEB_SUID_WRAPPER=$(REALINSTALLBIN)/ezmlm-web.wrapper#' ezmlm-web-make-suid
|
||||||
|
|
||||||
|
clean:
|
||||||
|
-rm index.cgi
|
||||||
|
$(NOECHO) echo "#define EZMLM_WEB_CGI \"/usr/bin/ezmlm-web.cgi\"" >index.h
|
||||||
|
|
|
@ -9,9 +9,7 @@
|
||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
C_SOURCE=/usr/share/ezmlm-web/index.c
|
EZMLM_WEB_SUID_WRAPPER=/usr/local/bin/ezmlm-web.wrapper
|
||||||
|
|
||||||
which cc >/dev/null || { echo "no compiler (cc) installed - sorry" >&2; exit 1; }
|
|
||||||
|
|
||||||
[ $(id -u) -ne 0 ] && [ $# -ne 1 ] && echo "Syntax (for non-root): $(basename $0) DESTINATION_FILE" >&2 && exit 1
|
[ $(id -u) -ne 0 ] && [ $# -ne 1 ] && echo "Syntax (for non-root): $(basename $0) DESTINATION_FILE" >&2 && exit 1
|
||||||
[ $(id -u) -eq 0 ] && [ $# -gt 2 -o $# -lt 1 ] && echo "Syntax (for root): $(basename $0) [USERNAME] DESTINATION_FILE" >&2 && exit 1
|
[ $(id -u) -eq 0 ] && [ $# -gt 2 -o $# -lt 1 ] && echo "Syntax (for root): $(basename $0) [USERNAME] DESTINATION_FILE" >&2 && exit 1
|
||||||
|
@ -23,7 +21,7 @@ if [ $# -eq 1 ]
|
||||||
EZ_FILE=$2
|
EZ_FILE=$2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cc -o "$EZ_FILE" "$C_SOURCE"
|
cp "$EZMLM_WEB_SUID_WRAPPER" "$EZ_FILE"
|
||||||
if [ $(id -u) -eq 0 ]
|
if [ $(id -u) -eq 0 ]
|
||||||
then chown "$EZ_USER". "$EZ_FILE" || { echo "the user '$EZ_USER' does not exist" >&2; rm "$EZ_FILE"; exit 1; }
|
then chown "$EZ_USER". "$EZ_FILE" || { echo "the user '$EZ_USER' does not exist" >&2; rm "$EZ_FILE"; exit 1; }
|
||||||
fi
|
fi
|
|
@ -1,7 +1,7 @@
|
||||||
/* $Id$ */
|
/* $Id$ */
|
||||||
|
|
||||||
/* Change this path to wherever you decided to put ezmlm-web.cgi */
|
// define the location of your ezmlm-web.cgi file in this header file
|
||||||
#define EZMLM_WEB_CGI "/usr/local/bin/ezmlm-web.cgi"
|
#include "index.h"
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
1
suid-wrapper/index.h
Normal file
1
suid-wrapper/index.h
Normal file
|
@ -0,0 +1 @@
|
||||||
|
#define EZMLM_WEB_CGI "/usr/local/bin/ezmlm-web.cgi"
|
Loading…
Reference in a new issue