From: ivan <ivan>
Date: Tue, 29 Mar 2005 22:41:10 +0000 (+0000)
Subject: better self-service debugging, don't point to install.html for suEXEC/setuid in self... 
X-Git-Tag: SQL_LEDGER_2_4_4~1^2~393
X-Git-Url: http://git.freeside.biz/gitweb/?a=commitdiff_plain;h=36939d45fbe729c953a81354030bedcb17fad91f;p=freeside.git

better self-service debugging, don't point to install.html for suEXEC/setuid in self-service setup docs
---

diff --git a/fs_selfservice/FS-SelfService/SelfService.pm b/fs_selfservice/FS-SelfService/SelfService.pm
index 6e3ca3b5a..0f581758b 100644
--- a/fs_selfservice/FS-SelfService/SelfService.pm
+++ b/fs_selfservice/FS-SelfService/SelfService.pm
@@ -1,7 +1,7 @@
 package FS::SelfService;
 
 use strict;
-use vars qw($VERSION @ISA @EXPORT_OK $socket %autoload $tag);
+use vars qw($VERSION @ISA @EXPORT_OK $dir $socket %autoload $tag);
 use Exporter;
 use Socket;
 use FileHandle;
@@ -13,7 +13,8 @@ $VERSION = '0.03';
 
 @ISA = qw( Exporter );
 
-$socket =  "/usr/local/freeside/selfservice_socket";
+$dir = "/usr/local/freeside";
+$socket =  "$dir/selfservice_socket";
 $socket .= '.'.$tag if defined $tag && length($tag);
 
 #maybe should ask ClientAPI for this list
@@ -57,6 +58,11 @@ $ENV{'BASH_ENV'} = '';
 my $freeside_uid = scalar(getpwnam('freeside'));
 die "not running as the freeside user\n" if $> != $freeside_uid;
 
+-e $dir or die "FATAL: $dir doesn't exist!";
+-d $dir or die "FATAL: $dir isn't a directory!";
+-r $dir or die "FATAL: Can't read $dir as freeside user!";
+-x $dir or die "FATAL: $dir not searchable (executable) as freeside user!";
+
 foreach my $autoload ( keys %autoload ) {
 
   my $eval =
@@ -81,7 +87,7 @@ foreach my $autoload ( keys %autoload ) {
 sub simple_packet {
   my $packet = shift;
   socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or die "socket: $!";
-  connect(SOCK, sockaddr_un($socket)) or die "connect: $!";
+  connect(SOCK, sockaddr_un($socket)) or die "connect to $socket: $!";
   nstore_fd($packet, \*SOCK) or die "can't send packet: $!";
   SOCK->flush;
 
diff --git a/httemplate/docs/selfservice.html b/httemplate/docs/selfservice.html
index 370704fe8..f78c2bff2 100644
--- a/httemplate/docs/selfservice.html
+++ b/httemplate/docs/selfservice.html
@@ -37,7 +37,7 @@ Then:
   <li>Enable CGI execution for files with the `.cgi' extension.  (with <a href="http://www.apache.org/docs/mod/mod_mime.html#addhandler">Apache</a>)
   <li>Create the /usr/local/freeside directory on the external machine (owned by the freeside user).
   <li>touch /usr/local/freeside/selfservice_socket; chown freeside /usr/local/freeside/selfservice_socket; chmod 600 /usr/local/freeside/selfservice_socket
-  <li>Use <a href="http://www.apache.org/docs/suexec.html">suEXEC</a> or <a href="http://www.perl.com/CPAN-local/doc/manual/html/pod/perlsec.html#Security_Bugs">setuid</a> (see <a href="install.html">install.html</a> for details) to run signup.cgi, selfservice.cgi, agent.cgi and passwd.cgi as the freeside user.
+  <li>Use <a href="http://www.apache.org/docs/suexec.html">suEXEC</a> or <a href="http://www.perl.com/CPAN-local/doc/manual/html/pod/perlsec.html#Security_Bugs">setuid</a> to run signup.cgi, selfservice.cgi, agent.cgi and passwd.cgi as the freeside user.  <b>Do not run your public web server as the freeside user!</b>
   <li>Append the identity.pub from the freeside user on your freeside machine to the authorized_keys file of the newly created freeside user on the external machine(s).
   <li>Run an instance of <pre>freeside-selfservice-server <i>user</i> <i>machine</i> <i>agentnum</i> <i>refnum</i></pre> on the Freeside machine for each external machine.
   <ul>