diff options
| -rw-r--r-- | fs_selfservice/FS-SelfService/SelfService.pm | 12 | ||||
| -rw-r--r-- | httemplate/docs/selfservice.html | 2 |
2 files changed, 10 insertions, 4 deletions
diff --git a/fs_selfservice/FS-SelfService/SelfService.pm b/fs_selfservice/FS-SelfService/SelfService.pm index 6e3ca3b5a..0f581758b 100644 --- a/fs_selfservice/FS-SelfService/SelfService.pm +++ b/fs_selfservice/FS-SelfService/SelfService.pm @@ -1,7 +1,7 @@ package FS::SelfService; use strict; -use vars qw($VERSION @ISA @EXPORT_OK $socket %autoload $tag); +use vars qw($VERSION @ISA @EXPORT_OK $dir $socket %autoload $tag); use Exporter; use Socket; use FileHandle; @@ -13,7 +13,8 @@ $VERSION = '0.03'; @ISA = qw( Exporter ); -$socket = "/usr/local/freeside/selfservice_socket"; +$dir = "/usr/local/freeside"; +$socket = "$dir/selfservice_socket"; $socket .= '.'.$tag if defined $tag && length($tag); #maybe should ask ClientAPI for this list @@ -57,6 +58,11 @@ $ENV{'BASH_ENV'} = ''; my $freeside_uid = scalar(getpwnam('freeside')); die "not running as the freeside user\n" if $> != $freeside_uid; +-e $dir or die "FATAL: $dir doesn't exist!"; +-d $dir or die "FATAL: $dir isn't a directory!"; +-r $dir or die "FATAL: Can't read $dir as freeside user!"; +-x $dir or die "FATAL: $dir not searchable (executable) as freeside user!"; + foreach my $autoload ( keys %autoload ) { my $eval = @@ -81,7 +87,7 @@ foreach my $autoload ( keys %autoload ) { sub simple_packet { my $packet = shift; socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or die "socket: $!"; - connect(SOCK, sockaddr_un($socket)) or die "connect: $!"; + connect(SOCK, sockaddr_un($socket)) or die "connect to $socket: $!"; nstore_fd($packet, \*SOCK) or die "can't send packet: $!"; SOCK->flush; diff --git a/httemplate/docs/selfservice.html b/httemplate/docs/selfservice.html index 370704fe8..f78c2bff2 100644 --- a/httemplate/docs/selfservice.html +++ b/httemplate/docs/selfservice.html @@ -37,7 +37,7 @@ Then: <li>Enable CGI execution for files with the `.cgi' extension. (with <a href="http://www.apache.org/docs/mod/mod_mime.html#addhandler">Apache</a>) <li>Create the /usr/local/freeside directory on the external machine (owned by the freeside user). <li>touch /usr/local/freeside/selfservice_socket; chown freeside /usr/local/freeside/selfservice_socket; chmod 600 /usr/local/freeside/selfservice_socket - <li>Use <a href="http://www.apache.org/docs/suexec.html">suEXEC</a> or <a href="http://www.perl.com/CPAN-local/doc/manual/html/pod/perlsec.html#Security_Bugs">setuid</a> (see <a href="install.html">install.html</a> for details) to run signup.cgi, selfservice.cgi, agent.cgi and passwd.cgi as the freeside user. + <li>Use <a href="http://www.apache.org/docs/suexec.html">suEXEC</a> or <a href="http://www.perl.com/CPAN-local/doc/manual/html/pod/perlsec.html#Security_Bugs">setuid</a> to run signup.cgi, selfservice.cgi, agent.cgi and passwd.cgi as the freeside user. <b>Do not run your public web server as the freeside user!</b> <li>Append the identity.pub from the freeside user on your freeside machine to the authorized_keys file of the newly created freeside user on the external machine(s). <li>Run an instance of <pre>freeside-selfservice-server <i>user</i> <i>machine</i> <i>agentnum</i> <i>refnum</i></pre> on the Freeside machine for each external machine. <ul> |