documentation for installation updated

improved suid-wrapper creation
This commit is contained in:
lars 2006-04-29 08:30:37 +00:00
parent b895416bc1
commit 07002d747d
8 changed files with 163 additions and 45 deletions

59
INSTALL
View File

@ -3,13 +3,14 @@ The following notes will guide you through the installation of ezmlm-web:
OVERVIEW:
0 - important notes
1 - get it
2 - install executable
2 - install executable and shared files
3 - configuration file
4 - compile cgi wrapper
5 - install cgi wrapper
6 - [optional] configure access control (http authentication)
7 - css stylesheet file
8 - final test
9 - any problems?
------------------------------------------------------------------------------
@ -36,16 +37,11 @@ OVERVIEW:
(debian users may stop reading here)
2. Copy ezmlm-web.cgi to some publically readable directory. It does not
have to be in a path accessible to your web server, but any user with a
mailing list must be able to run it (Check the read and execute rights
on both the file and directory). We put our copy in "/usr/local/bin".
At the top of ezmlm-web.cgi you may have to change the $ENV{'PATH'}
variable. Be careful about what you set as the path. Too
much is a security risk and too little will cause the script to
malfunction. Version 2.0 requires that the following programs be
accessible in your path: mv, rm
2. Execute the following lines to install the cgi script and the shared data
files to the appropriate locations.
perl Makefile.PL
make
make install
3. Edit the examples/ezmlmwebrc.dist file and alter the variables to suit
@ -62,15 +58,6 @@ OVERVIEW:
supply to a minimum and also make reasonable guesses about default
values.
The directory containing ezmlm-web's language files should be something
like '/usr/local/share/ezmlm-web/lang':
mkdir -p /usr/local/share/ezmlm-web
cp -r share/lang /usr/local/share/ezmlm-web
You can change this default location in the ezmlmwebrc file.
Do the same with the share/template directory (e.g copy it
to /usr/local/share/ezmlm-web/template). Then you also have to
set the appropriate location in the ezmlmwebrc file.
Finally, copy the ezmlmwebrc file to one of
the following places:
1) the home directory of the user that runs ezmlm-web.cgi (~/.ezmlmwebrc)
@ -80,26 +67,22 @@ OVERVIEW:
(ezmlm-web will look for it in these places in the given order)
4. Edit the index.c file and change the path to the path of your copy
of ezmlm-web.cgi. Then compile this file. You can do this by issuing
this command:
gcc -o index.cgi share/index.c
5. For every user/virtual host that needs to manage mailing lists, you
need to create a SUID (user not root!!) copy of index.cgi (e.g
chmod 4755 index.cgi). These need to reside somewhere accessible by
the web server. I suggest that you put them in a sub directory (see
about security) of each user/virtual host's home directory (eg.
4. For every user/virtual host that needs to manage mailing lists, you
need to create a suid wrapper owned by the user whom the mailing lists
belong to. This wrapper needs to reside somewhere accessible by
the web server. I suggest that you put it in a sub directory
of each user/virtual host's home directory (eg.
/home/luser/public_html/ezmlm for Apache).
Create a suid wrapper by issuing the following command:
ezmlm-web-make-suid
The copies don't actually have to be called index.cgi, but it is nice
for web servers that can resolve a cgi script as an index page (see the
srm.conf file in Apache). It is important to make sure that whichever
directory you choose to put them can
for web servers that can resolve a cgi script as an index page. It is
important to make sure that whichever directory you choose to put them can
i: Execute CGI Scripts and
ii: Be access controlled (here I mean both web and user access) by
some method (eg .htaccess, access.conf for Apache).
some method (eg .htaccess for Apache).
6. Install some method of securing access to the page. The following
@ -138,9 +121,9 @@ OVERVIEW:
Again, see the ApacheWeek article for details.
7. You should copy the stylesheet file (share/css/default.css) to a location
of your choice. It has to be accessible by an URL - maybe a place like
"/var/www/ezmlm-web.css" could be appropriate.
7. Copy the stylesheet file (/usr/local/share/ezmlm-web/css/default.css)
to a location of your choice. It has to be accessible by an URL - maybe
a place like "/var/www/ezmlm-web.css" could be appropriate.
Now you may have to change the "HTML_CSS_FILE" setting in your
ezmlmwebrc file. This value is a URL - not the local filename.

7
MANIFEST Normal file
View File

@ -0,0 +1,7 @@
ezmlm-web.cgi
changelog
copyright
TODO
UPGRADING
share
examples

114
Makefile.PL Normal file
View File

@ -0,0 +1,114 @@
# $Id$
use strict;
use ExtUtils::MakeMaker;
# See lib/ExtUtils/MakeMaker.pm for details of how to influence
# the contents of the Makefile that is written.
WriteMakefile(
'NAME' => 'ezmlm-web',
'AUTHOR' => 'Lars Kruse <devel@sumpfralle.de>',
'VERSION_FROM' => 'ezmlm-web.cgi', # finds $VERSION
'DISTNAME' => 'ezmlm-web',
'PREREQ_PM' => {
'Mail::Ezmlm' => 0.07,
'Mail::Address' => 1.15,
'CGI' => 2.6,
'CGI::Carp' => 1.06,
'DB_File' => 1.65,
'Getopt::Std' => 1.0,
'File::Find' => 0.0,
'File::Copy' => 2.02,
'File::Path' => 1.07,
'Text::ParseWords' => 3.0 },
'dist' => { COMPRESS => 'gzip', SUFFIX => 'gz' }
);
sub MY::postamble {
my ($self, $datadir) = @_;
my $SHAREDIR = "\$(DESTINSTALLSHARE)/$self->{NAME}";
return <<ENDOFTEXT
# REALINSTALLBIN is introduced later depending on "site" or "vendor" installation
export REALINSTALLBIN
export NOECHO
export CC
real_install_bin_: REALINSTALLBIN := \$(INSTALLSITEBIN)
real_install_bin_: install_suid_wrapper install_cgi
real_install_bin_site: REALINSTALLBIN := \$(INSTALLSITEBIN)
real_install_bin_site: install_suid_wrapper install_cgi
real_install_bin_vendor: REALINSTALLBIN := \$(INSTALLVENDORBIN)
real_install_bin_vendor: install_suid_wrapper install_cgi
real_install_bin_perl: REALINSTALLBIN := \$(INSTALLBIN)
real_install_bin_perl: install_suid_wrapper install_cgi
real_build_bin_: REALINSTALLBIN := \$(INSTALLSITEBIN)
real_build_bin_: build_suid_wrapper
real_build_bin_site: REALINSTALLBIN := \$(INSTALLSITEBIN)
real_build_bin_site: build_suid_wrapper
real_build_bin_vendor: REALINSTALLBIN := \$(INSTALLVENDORBIN)
real_build_bin_vendor: build_suid_wrapper
real_build_bin_perl: REALINSTALLBIN := \$(INSTALLBIN)
real_build_bin_perl: build_suid_wrapper
subdirs:: real_build_bin_\$(INSTALLDIRS)
clean_subdirs: clean_suid_wrapper
build_suid_wrapper:
\$(MAKE) -C suid-wrapper build
clean_suid_wrapper:
\$(MAKE) -C suid-wrapper clean
make_real_bin: real_install_bin_\$(INSTALLDIRS)
\$(MKPATH) \$(DESTDIR)\$(REALINSTALLBIN)
install_cgi: make_real_bin
install -c -m 755 ezmlm-web.cgi \$(DESTDIR)\$(REALINSTALLBIN)/ezmlm-web.cgi
install_suid_wrapper: build_suid_wrapper make_real_bin
\$(NOECHO) echo "WARNING: \$(REALINSTALLBIN)"
install -c -m 0755 suid-wrapper/index.cgi \$(DESTDIR)\$(REALINSTALLBIN)/ezmlm-web.wrapper
install -c -m 0755 suid-wrapper/ezmlm-web-make-suid \$(DESTDIR)\$(REALINSTALLBIN)/
install:: real_install_bin_\$(INSTALLDIRS) install_share_\$(INSTALLDIRS)
install_share_site:: DESTINSTALLSHARE := \$(DESTDIR)\$(PREFIX)/local/share
install_share_site:: install_share
install_share_vendor:: DESTINSTALLSHARE := \$(DESTDIR)\$(PREFIX)/share
install_share_vendor:: install_share
install_share:
install -d -m 0755 $SHAREDIR
install -d -m 0755 $SHAREDIR/lang
for file in share/lang/*.hdf ; \\
do install -c -m 0644 \$\$file $SHAREDIR/lang/ ; \\
done
install -d -m 0755 $SHAREDIR/css
for file in share/css/*.css ; \\
do install -c -m 0644 \$\$file $SHAREDIR/css/ ; \\
done
install -d -m 0755 $SHAREDIR/template
install -d -m 0755 $SHAREDIR/template/ui
install -d -m 0755 $SHAREDIR/template/ui/default
install -d -m 0755 $SHAREDIR/template/ui/gnupg
install -d -m 0755 $SHAREDIR/template/config_options
for file in share/template/*.cs ; \\
do install -c -m 0644 \$\$file $SHAREDIR/template/ ; \\
done
for file in share/template/config_options/*.cs ; \\
do install -c -m 0644 \$\$file $SHAREDIR/template/config_options/ ; \\
done
for file in share/template/ui/default/*.hdf ; \\
do install -c -m 0644 \$\$file $SHAREDIR/template/ui/default/ ; \\
done
for file in share/template/ui/gnupg/*.hdf ; \\
do install -c -m 0644 \$\$file $SHAREDIR/template/ui/gnupg/ ; \\
done
ENDOFTEXT
}

View File

@ -2,7 +2,7 @@ Package: ezmlm-web
Version: 3.2-1
Section: admin
Priority: extra
Architecture: all
Architecture: any
Depends: perl, httpd-cgi, libemail-address-perl, libemail-ezmlm-perl (>= 0.07)
Suggests: qmail-src, bash (>=2.0), gcc
Maintainer: Lars Kruse <devel@sumpfralle.de>

15
suid-wrapper/Makefile Normal file
View File

@ -0,0 +1,15 @@
# Makefile to compile the binary suid-wrapper for ezmlm-web
#
# REALINSTALLBIN should be defined in the higher level Makefile
.PHONY: build clean
build:
$(NOECHO) echo "#define EZMLM_WEB_CGI \"$(REALINSTALLBIN)/ezmlm-web.cgi\"" >index.h
$(CC) -o index.cgi index.c
sed -i 's#^EZMLM_WEB_SUID_WRAPPER=.*$$#EZMLM_WEB_SUID_WRAPPER=$(REALINSTALLBIN)/ezmlm-web.wrapper#' ezmlm-web-make-suid
clean:
-rm index.cgi
$(NOECHO) echo "#define EZMLM_WEB_CGI \"/usr/bin/ezmlm-web.cgi\"" >index.h

View File

@ -9,9 +9,7 @@
set -eu
C_SOURCE=/usr/share/ezmlm-web/index.c
which cc >/dev/null || { echo "no compiler (cc) installed - sorry" >&2; exit 1; }
EZMLM_WEB_SUID_WRAPPER=/usr/local/bin/ezmlm-web.wrapper
[ $(id -u) -ne 0 ] && [ $# -ne 1 ] && echo "Syntax (for non-root): $(basename $0) DESTINATION_FILE" >&2 && exit 1
[ $(id -u) -eq 0 ] && [ $# -gt 2 -o $# -lt 1 ] && echo "Syntax (for root): $(basename $0) [USERNAME] DESTINATION_FILE" >&2 && exit 1
@ -23,7 +21,7 @@ if [ $# -eq 1 ]
EZ_FILE=$2
fi
cc -o "$EZ_FILE" "$C_SOURCE"
cp "$EZMLM_WEB_SUID_WRAPPER" "$EZ_FILE"
if [ $(id -u) -eq 0 ]
then chown "$EZ_USER". "$EZ_FILE" || { echo "the user '$EZ_USER' does not exist" >&2; rm "$EZ_FILE"; exit 1; }
fi

View File

@ -1,7 +1,7 @@
/* $Id$ */
/* Change this path to wherever you decided to put ezmlm-web.cgi */
#define EZMLM_WEB_CGI "/usr/local/bin/ezmlm-web.cgi"
// define the location of your ezmlm-web.cgi file in this header file
#include "index.h"
#include <stdio.h>
#include <unistd.h>

1
suid-wrapper/index.h Normal file
View File

@ -0,0 +1 @@
#define EZMLM_WEB_CGI "/usr/local/bin/ezmlm-web.cgi"