Now it is _impossible_ to specify what user is used to install and run tomcat with. I use user www with apache2 and want to run tomcat with a different user because of security reasons. I have written a patch to the jakarta-tomcat55 port to make it possible to install and run jakarta-tomcat55 server with an alternate user. Fix: The patch consists of free files: Makefile.diff pkg-install.diff pkg-deinstall.diff The patch: srv# cat *.diff +REPLACE_FILES+= ${PKGDIR}/pkg-install \ + ${PKGDIR}/pkg-deinstall +PKGINSTALL= ${WRKDIR}/pkg-install +PKGDEINSTALL= ${WRKDIR}/pkg-deinstall + +.if defined(TOMCAT_USER) +USER=${TOMCAT_USER} +.endif + +.if defined(TOMCAT_GROUP) +GROUP=${TOMCAT_GROUP} +.endif + .include <bsd.port.pre.mk> .if ${JAVA_PORT_VERSION:C/^([0-9])\.([0-9])(.*)$/\1.\2/} == "1.4" @@ -91,7 +104,6 @@ @${ECHO_MSG} " Logfile stderr: ${STDERR_LOG}" @${ECHO_MSG} " Starting after install: ${AUTO_START}" @${ECHO_MSG} " Stop time-out: ${STOP_TIMEOUT} sec." - @PKG_PREFIX=${PREFIX} ${SH} pkg-install ${PKGNAME} PRE-INSTALL post-patch: @${ECHO_MSG} -n ">> Removing unneeded files..." @@ -129,6 +141,9 @@ $f > ${WRKDIR}/`basename $f` @${ECHO_MSG} " [ DONE ]" .endfor + +pre-install: + @PKG_PREFIX=${PREFIX} ${SH} pkg-install ${PKGNAME} PRE-INSTALL do-install: @${ECHO_MSG} -n ">> Creating destination directory..." if [ "$2" = "POST-DEINSTALL" ]; then # If the user exists, then display a message - if pw usershow "www" 2>/dev/null 1>&2; then - echo "To delete the www user permanently, use 'pw userdel www'" + if pw usershow "%%USER%%" 2>/dev/null 1>&2; then + echo "To delete the %%USER%% user permanently, use 'pw userdel %%USER%%'" fi fi # Set some constants -USER=www -GROUP=${USER} UID=80 GID=${UID} # See if the group already exists -if ! pw groupshow "${GROUP}" 2>/dev/null 1>&2; then +if ! pw groupshow "%%GROUP%%" 2>/dev/null 1>&2; then # If not, try to create it - if pw groupadd ${GROUP} -g ${GID}; then - echo "Added group \"${GROUP}\"." + if pw groupadd "%%GROUP%%" -g ${GID}; then + echo "Added group \"%%GROUP%%\"." + elif pw groupadd "%%GROUP%%"; then + echo "Added group \"%%GROUP%%\"." else - echo "Adding group \"${GROUP}\" failed..." + echo "Adding group \"%%GROUP%%\" failed..." exit 1 fi fi # See if the user already exists -if ! pw usershow "${USER}" 2>/dev/null 1>&2; then +if ! pw usershow "%%USER%%" 2>/dev/null 1>&2; then # If not, try to create it - if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \ - -s "/sbin/nologin" -d "/nonexistent" \ - -c "World Wide Web Owner"; \ + if pw useradd "%%USER%%" -u ${UID} -g "%%GROUP%%" -h - \ + -s "/sbin/nologin" -d "/nonexistent" \ + -c "World Wide Web Owner"; then - echo "Added user \"${USER}\"." + echo "Added user \"%%USER%%\"." + elif pw useradd "%%USER%%" -g "%%GROUP%%" -h - \ + -s "/sbin/nologin" -d "/nonexistent" \ + -c "World Wide Web Owner"; + then + echo "Added user \"%%USER%%\"." else - echo "Adding user \"${USER}\" failed..." + echo "Adding user \"%%USER%%\" failed..." exit 1 fi fi I hope this patch or similar will be added to this port soon. Best 4 you Pawel Wieleba--oW7qXMOfHhIEPpUVRu6lqS09YomTAquuYfbrkU2ACCXZzag2 Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" --- Makefile-ORG Mon Sep 5 20:50:10 2005 +++ Makefile Mon Sep 5 21:07:11 2005 @@ -66,6 +66,19 @@ STDOUT_LOG=${STDOUT_LOG} \ STDERR_LOG=${STDERR_LOG}
Responsible Changed From-To: freebsd-ports-bugs->hq I'll handle this.
Hi once again. In the patch I forgot about this: --- Makefile-NEW Tue Sep 6 07:57:43 2005 +++ Makefile Tue Sep 6 07:59:45 2005 @@ -143,7 +143,7 @@ .endfor pre-install: - @PKG_PREFIX=${PREFIX} ${SH} pkg-install ${PKGNAME} PRE-INSTALL + @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL do-install: @${ECHO_MSG} -n ">> Creating destination directory..." Sorry.
State Changed From-To: open->feedback Maintainer asked for feedback.
On Fri, Sep 09, 2005 at 08:28:22PM +0800, Kang Liu wrote: > I made a new patch based on PR:85761 > I think it might be better if add a "?" before USER and GROUP. I find your approach quite fine. Anyway, after a bit of testing, I found out that there is a problem with the ?= assignement: $ whoami rv $ echo $USER rv (from the port directory) $ make -V USER rv As you can see, the ?= symbol implies that no $USER variable is defined, even in the shell environement, which is probably the case here as $USER is indeed defined for any login. I bet that was the reason why Pawel introduced the TOMCAT_USER variable. The main issue here is that using TOMCAT_USER instead of USER would break backward compatibility. Hence the .if defined() clause in the original patch... Herve
On Fri, Sep 09, 2005 at 08:28:22PM +0800, Kang Liu wrote: > I made a new patch based on PR:85761 > I think it might be better if add a "?" before USER and GROUP. After some more testing, I realized that your new patch just changes the header in pkg-install and that setting ${USER} in the port will not change the name of the account created by pkg-install, which is, IMHO, the scope of the PR and the original patch from Pawel. > Index: pkg-install > =================================================================== > RCS file: /home/ncvs/ports/www/jakarta-tomcat55/pkg-install,v > retrieving revision 1.2 > diff -u -r1.2 pkg-install > --- pkg-install 13 Jun 2005 14:08:34 -0000 1.2 > +++ pkg-install 9 Sep 2005 12:09:21 -0000 > @@ -1,6 +1,6 @@ > #!/bin/sh > # > -# Checks if the 'www' user and group exist. If they don't, then > +# Checks if the '%%USER%%' user and %%GROUP%% group exist. If they don't, > then > # an attempt is made to create both. > # > # $FreeBSD: ports/www/jakarta-tomcat55/pkg-install,v 1.2 2005/06/13 > 14:08:34 hq Exp $ > I think a good approach would be to use Pawel's approach but with your "?=" hack, that is by replacing (in Pawel's patch) all USER and GROUP respectively by TOMCAT_USER and TOMCAT_GROUP and then: TOMCAT_USER?= www TOMCAT_GROUP?= www This way, users may indeed change the user and group owning the Tomcat files (through make.conf, pkgtools.conf, or make command(line arguments) but with no "collision" with environement variable ${USER}. Herve
Here comes the patch then... Index: Makefile =================================================================== RCS file: /home/ncvs/ports/www/jakarta-tomcat55/Makefile,v retrieving revision 1.28 diff -u -r1.28 Makefile --- Makefile 6 Sep 2005 03:23:45 -0000 1.28 +++ Makefile 22 Sep 2005 13:05:08 -0000 @@ -37,8 +37,8 @@ STARTUP_ORDER?= 020 STARTUP_SCRIPT_NAME= ${PORTNAME}${MAJOR_VER:S/.//}.sh STARTUP_SCRIPT= ${PREFIX}/etc/rc.d/${STARTUP_ORDER}.${STARTUP_SCRIPT_NAME} -USER= www -GROUP= www +TOMCAT_USER?= www +TOMCAT_GROUP?= www PW?= /usr/sbin/pw HTTP_PORT?= 8180 SHUTDOWN_PORT?= 8005 @@ -54,7 +54,7 @@ ${WRKSRC}/conf/server.xml JAR_FILE= bin/bootstrap.jar WRKDIR?= ${WRKDIRPREFIX}${.CURDIR}/work -PLIST_SUB+= T=${APP_HOME:S/^${PREFIX}\///} WWWOWN=${USER} WWWGRP=${GROUP} +PLIST_SUB+= T=${APP_HOME:S/^${PREFIX}\///} WWWOWN=${TOMCAT_USER} WWWGRP=${TOMCAT_GROUP} LATEST_LINK= ${APP_SHORTNAME} CONF_EXT= sample PLIST_SUB+= CONF_EXT=${CONF_EXT} @@ -62,10 +62,15 @@ SUB_FILES= tomcat.sh SUB_LIST= TOMCAT_VERSION=${MAJOR_VER:S/.//} \ TOMCAT_HOME=${APP_HOME} \ - USER=${USER} \ + USER=${TOMCAT_USER} \ STDOUT_LOG=${STDOUT_LOG} \ STDERR_LOG=${STDERR_LOG} +REPLACE_FILES+= ${PKGDIR}/pkg-install \ + ${PKGDIR}/pkg-deinstall +PKGINSTALL= ${WRKDIR}/pkg-install +PKGDEINSTALL= ${WRKDIR}/pkg-deinstall + .include <bsd.port.pre.mk> .if ${JAVA_PORT_VERSION:C/^([0-9])\.([0-9])(.*)$/\1.\2/} == "1.4" @@ -82,7 +87,7 @@ @${ECHO_MSG} " Startup script location: ${STARTUP_SCRIPT}" @${ECHO_MSG} " Location of JDK: ${JAVA_HOME}" @${ECHO_MSG} " Location of Java port: ${JAVA_PORT}" - @${ECHO_MSG} " Running as (user/group): ${USER}/${GROUP}" + @${ECHO_MSG} " Running as (user/group): ${TOMCAT_USER}/${TOMCAT_GROUP}" @${ECHO_MSG} " HTTP port: ${HTTP_PORT}" @${ECHO_MSG} " Shutdown listener port: ${SHUTDOWN_PORT}" @${ECHO_MSG} " WARP port: ${WARP_PORT}" @@ -91,7 +96,6 @@ @${ECHO_MSG} " Logfile stderr: ${STDERR_LOG}" @${ECHO_MSG} " Starting after install: ${AUTO_START}" @${ECHO_MSG} " Stop time-out: ${STOP_TIMEOUT} sec." - @PKG_PREFIX=${PREFIX} ${SH} pkg-install ${PKGNAME} PRE-INSTALL post-patch: @${ECHO_MSG} -n ">> Removing unneeded files..." @@ -108,7 +112,7 @@ -e "/%%CONTROL_SCRIPT%%/s//${CONTROL_SCRIPT:S/\//\\\//g}/g" \ -e "/%%CONTROL_SCRIPT_MANPAGE_TITLE%%/s//${CONTROL_SCRIPT_MANPAGE_TITLE}/g" \ -e "/%%CONTROL_SCRIPT_NAME%%/s//${CONTROL_SCRIPT_NAME}/g" \ - -e "/%%GROUP%%/s//${GROUP}/g" \ + -e "/%%GROUP%%/s//${TOMCAT_GROUP}/g" \ -e "/%%HTTP_PORT%%/s//${HTTP_PORT}/g" \ -e "/%%JAVA_CMD%%/s//bin\/java/g" \ -e "/%%JAVA_HOME%%/s//${JAVA_HOME:S/\//\\\//g}/g" \ @@ -124,12 +128,15 @@ -e "/%%STDERR_LOG%%/s//${STDERR_LOG:S/\//\\\//g}/g" \ -e "/%%STDOUT_LOG%%/s//${STDOUT_LOG:S/\//\\\//g}/g" \ -e "/%%STOP_TIMEOUT%%/s//${STOP_TIMEOUT}/g" \ - -e "/%%USER%%/s//${USER}/g" \ + -e "/%%USER%%/s//${TOMCAT_USER}/g" \ -e "/%%WARP_PORT%%/s//${WARP_PORT}/g" \ $f > ${WRKDIR}/`basename $f` @${ECHO_MSG} " [ DONE ]" .endfor +pre-install: + @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL + do-install: @${ECHO_MSG} -n ">> Creating destination directory..." @${MKDIR} ${APP_HOME} @@ -158,7 +165,7 @@ ${WRKDIR}/daemonctl.c > ${WRKDIR}/daemonctl_.c @cd ${WRKDIR} && ${CC} -ansi -o ${CONTROL_SCRIPT_NAME} daemonctl_.c @${CP} ${WRKDIR}/${CONTROL_SCRIPT_NAME} ${CONTROL_SCRIPT} - @${CHOWN} ${USER}:${GROUP} ${CONTROL_SCRIPT} + @${CHOWN} ${TOMCAT_USER}:${TOMCAT_GROUP} ${CONTROL_SCRIPT} @${CHMOD} 6754 ${CONTROL_SCRIPT} @${ECHO_MSG} " [ DONE ]" @@ -173,8 +180,8 @@ .endif @${ECHO_MSG} -n ">> Creating log files..." - @${INSTALL} -m 664 -o ${USER} -g ${GROUP} /dev/null ${STDOUT_LOG} - @${INSTALL} -m 664 -o ${USER} -g ${GROUP} /dev/null ${STDERR_LOG} + @${INSTALL} -m 664 -o ${TOMCAT_USER} -g ${TOMCAT_GROUP} /dev/null ${STDOUT_LOG} + @${INSTALL} -m 664 -o ${TOMCAT_USER} -g ${TOMCAT_GROUP} /dev/null ${STDERR_LOG} @${ECHO_MSG} " [ DONE ]" @${ECHO_MSG} -n ">> Creating symlink to tools.jar..." @@ -182,7 +189,7 @@ @${ECHO_MSG} " [ DONE ]" @${ECHO_MSG} -n ">> Fixing ownership settings..." - @${CHOWN} -R ${USER}:${GROUP} ${APP_HOME} + @${CHOWN} -R ${TOMCAT_USER}:${TOMCAT_GROUP} ${APP_HOME} @${ECHO_MSG} " [ DONE ]" @${ECHO_MSG} -n ">> Fixing permissions..." @@ -191,13 +198,13 @@ @${ECHO_MSG} -n ">> Creating PID file..." @${TOUCH} ${PID_FILE} - @${CHOWN} ${USER}:${GROUP} ${PID_FILE} + @${CHOWN} ${TOMCAT_USER}:${TOMCAT_GROUP} ${PID_FILE} @${CHMOD} 0600 ${PID_FILE} @${ECHO_MSG} " [ DONE ]" post-install: @${ECHO_MSG} "${APP_TITLE} ${PORTVERSION} has been installed in ${APP_HOME}." - @${ECHO_MSG} "If a user should be able to use ${CONTROL_SCRIPT_NAME}, then put this user in the group ${GROUP}." + @${ECHO_MSG} "If a user should be able to use ${CONTROL_SCRIPT_NAME}, then put this user in the group ${TOMCAT_GROUP}." .if !defined(NOPORTDOCS) @${ECHO_MSG} "Use 'man ${CONTROL_SCRIPT_NAME}' for information about starting and stopping ${APP_TITLE}." .endif Index: pkg-deinstall =================================================================== RCS file: /home/ncvs/ports/www/jakarta-tomcat55/pkg-deinstall,v retrieving revision 1.2 diff -u -r1.2 pkg-deinstall --- pkg-deinstall 2 Jan 2004 12:31:11 -0000 1.2 +++ pkg-deinstall 22 Sep 2005 13:05:08 -0000 @@ -5,7 +5,7 @@ # * Checks if the PID file exists. If it does, it kills the # process and removes the PID file. # -# * Checks if the 'www' user exists. If it does, then it displays +# * Checks if the '%%USER%%' user exists. If it does, then it displays # a message. # # $FreeBSD: ports/www/jakarta-tomcat55/pkg-deinstall,v 1.2 2004/01/02 12:31:11 znerd Exp $ @@ -37,8 +37,8 @@ if [ "$2" = "POST-DEINSTALL" ]; then # If the user exists, then display a message - if pw usershow "www" 2>/dev/null 1>&2; then - echo "To delete the www user permanently, use 'pw userdel www'" + if pw usershow "%%USER%%" 2>/dev/null 1>&2; then + echo "To delete the %%USER%% user permanently, use 'pw userdel %%USER%%'" fi fi Index: pkg-install =================================================================== RCS file: /home/ncvs/ports/www/jakarta-tomcat55/pkg-install,v retrieving revision 1.2 diff -u -r1.2 pkg-install --- pkg-install 13 Jun 2005 14:08:34 -0000 1.2 +++ pkg-install 22 Sep 2005 13:05:08 -0000 @@ -1,6 +1,6 @@ #!/bin/sh # -# Checks if the 'www' user and group exist. If they don't, then +# Checks if the '%%USER%%' user and %%GROUP%% group exist. If they don't, then # an attempt is made to create both. # # $FreeBSD: ports/www/jakarta-tomcat55/pkg-install,v 1.2 2005/06/13 14:08:34 hq Exp $ @@ -12,34 +12,39 @@ fi # Set some constants -USER=www -GROUP=${USER} UID=80 GID=${UID} # See if the group already exists -if ! pw groupshow "${GROUP}" 2>/dev/null 1>&2; then +if ! pw groupshow "%%GROUP%%" 2>/dev/null 1>&2; then # If not, try to create it - if pw groupadd ${GROUP} -g ${GID}; then - echo "Added group \"${GROUP}\"." + if pw groupadd "%%GROUP%%" -g ${GID}; then + echo "Added group \"%%GROUP%%\"." + elif pw groupadd "%%GROUP%%"; then + echo "Added group \"%%GROUP%%\"." else - echo "Adding group \"${GROUP}\" failed..." + echo "Adding group \"%%GROUP%%\" failed..." exit 1 fi fi # See if the user already exists -if ! pw usershow "${USER}" 2>/dev/null 1>&2; then +if ! pw usershow "%%USER%%" 2>/dev/null 1>&2; then # If not, try to create it - if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \ - -s "/sbin/nologin" -d "/nonexistent" \ - -c "World Wide Web Owner"; \ + if pw useradd "%%USER%%" -u ${UID} -g "%%GROUP%%" -h - \ + -s "/sbin/nologin" -d "/nonexistent" \ + -c "World Wide Web Owner"; then - echo "Added user \"${USER}\"." + echo "Added user \"%%USER%%\"." + elif pw useradd "%%USER%%" -g "%%GROUP%%" -h - \ + -s "/sbin/nologin" -d "/nonexistent" \ + -c "World Wide Web Owner"; + then + echo "Added user \"%%USER%%\"." else - echo "Adding user \"${USER}\" failed..." + echo "Adding user \"%%USER%%\" failed..." exit 1 fi fi
State Changed From-To: feedback->closed Patch commited. Thanks for your contribution!