[shellinabox] Add user/group and certs directory
Simone Caronni
slaanesh at fedoraproject.org
Wed Sep 12 09:47:43 UTC 2012
commit b15565af5a8728dc7e5346244208ed6160a668c0
Author: Simone Caronni <negativo17 at gmail.com>
Date: Wed Sep 12 11:47:34 2012 +0200
Add user/group and certs directory
shellinabox.spec | 35 ++++++++++++++++++++++++++++++-----
shellinaboxd.sysconfig | 2 +-
2 files changed, 31 insertions(+), 6 deletions(-)
---
diff --git a/shellinabox.spec b/shellinabox.spec
index 22d2343..88b4628 100644
--- a/shellinabox.spec
+++ b/shellinabox.spec
@@ -1,6 +1,8 @@
+%global username shellinabox
+
Name: shellinabox
Version: 2.14
-Release: 8%{?dist}
+Release: 9%{?dist}
Summary: Web based AJAX terminal emulator
Group: System Environment/Daemons
License: GPLv2
@@ -16,7 +18,7 @@ Patch0: %{name}-2.14-fixkeys.patch
BuildRequires: openssl-devel
BuildRequires: zlib-devel
-%if 0%{?fedora} >= 15 || 0%{?rhel} > 6
+%if 0%{?fedora} || 0%{?rhel} > 6
BuildRequires: systemd-units
Requires(post): systemd-sysv
Requires(post): systemd-units
@@ -28,6 +30,7 @@ Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
Requires(postun): /sbin/service
%endif
+Requires(pre): shadow-utils
%description
Shell In A Box implements a web server that can export arbitrary command line
@@ -49,12 +52,13 @@ make %{?_smp_mflags}
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
+mkdir -p %{buildroot}%{_localstatedir}/run/%{name}
install -p -m 755 -D shellinaboxd %{buildroot}%{_sbindir}/shellinaboxd
install -p -m 644 -D shellinaboxd.1 %{buildroot}%{_mandir}/man1/shellinaboxd.1
install -p -m 644 -D %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/shellinaboxd
-%if 0%{?fedora} >= 15 || 0%{?rhel} > 6
+%if 0%{?fedora} || 0%{?rhel} > 6
# Systemd unit files
mkdir -p %{buildroot}%{_unitdir}
@@ -71,6 +75,13 @@ install -p -m 755 -D %{SOURCE3} %{buildroot}%{_initrddir}/shellinaboxd
%clean
rm -rf %{buildroot}
+
+%pre
+getent group %username >/dev/null || groupadd -r %username &>/dev/null || :
+getent passwd %username >/dev/null || useradd -r -s /sbin/nologin \
+ -d /var/run/shellinabox -M -c 'Shellinabox' -g %username %username &>/dev/null || :
+exit 0
+
# Until this is fixed upstream in fedpkg, leave it like this
# http://permalink.gmane.org/gmane.linux.redhat.fedora.devel/168291
%if (0%{?fedora} == 16 || 0%{?fedora} == 17) && !0%{?rhel}
@@ -94,6 +105,10 @@ if [ $1 -ge 1 ] ; then
# Package upgrade, not uninstall
/bin/systemctl try-restart shellinaboxd.service >/dev/null 2>&1 || :
fi
+test "$1" != 0 || userdel %username &>/dev/null || :
+test "$1" != 0 || groupdel %username &>/dev/null || :
+exit 0
+
%endif
@@ -107,6 +122,9 @@ fi
%postun
%systemd_postun_with_restart shellinaboxd.service
+test "$1" != 0 || userdel %username &>/dev/null || :
+test "$1" != 0 || groupdel %username &>/dev/null || :
+exit 0
%endif
@@ -125,6 +143,9 @@ fi
if [ "$1" -ge "1" ]; then
/sbin/service shellinaboxd condrestart >/dev/null 2>&1 || :
fi
+test "$1" != 0 || userdel %username &>/dev/null || :
+test "$1" != 0 || groupdel %username &>/dev/null || :
+exit 0
%endif
@@ -134,16 +155,20 @@ fi
%config(noreplace) %{_sysconfdir}/sysconfig/shellinaboxd
%{_mandir}/man1/shellinaboxd.1.*
%{_sbindir}/shellinaboxd
-%if 0%{?fedora} >= 15 || 0%{?rhel} > 6
+%if 0%{?fedora} || 0%{?rhel} > 6
%{_unitdir}/shellinaboxd.service
%else
%{_initrddir}/shellinaboxd
%endif
+%attr(750,%{username},%{username}) %{_localstatedir}/run/%{name}
%changelog
+* Tue Sep 12 2012 Simone Caronni <negativo17 at gmail.com> - 2.14-9
+- Added user/group and confined directory for certificates, based on work from Joel Young.
+
* Tue Sep 11 2012 Joel Young <jdy at cryregarder.com> - 2.14-8
-- Fixed bug with firefox 15 ignored key:
+- Fixed bug with firefox 15+ ignored key:
http://code.google.com/p/shellinabox/issues/detail?id=202&q=key%20work
* Wed Sep 05 2012 Simone Caronni <negativo17 at gmail.com> - 2.14-7
diff --git a/shellinaboxd.sysconfig b/shellinaboxd.sysconfig
index dce83a8..1903333 100644
--- a/shellinaboxd.sysconfig
+++ b/shellinaboxd.sysconfig
@@ -1,4 +1,4 @@
# Shell in a box daemon configuration
# For details see shellinaboxd man page
-OPTS="-s /:LOGIN"
+OPTS="--cert=/var/run/shellinabox -u shellinabox -g shellinabox -s /:LOGIN"
More information about the scm-commits
mailing list