package FS::SelfService;
use strict;
-use vars qw($VERSION @ISA @EXPORT_OK $socket %autoload $tag);
+use vars qw($VERSION @ISA @EXPORT_OK $dir $socket %autoload $tag);
use Exporter;
use Socket;
use FileHandle;
@ISA = qw( Exporter );
-$socket = "/usr/local/freeside/selfservice_socket";
+$dir = "/usr/local/freeside";
+$socket = "$dir/selfservice_socket";
$socket .= '.'.$tag if defined $tag && length($tag);
#maybe should ask ClientAPI for this list
my $freeside_uid = scalar(getpwnam('freeside'));
die "not running as the freeside user\n" if $> != $freeside_uid;
+-e $dir or die "FATAL: $dir doesn't exist!";
+-d $dir or die "FATAL: $dir isn't a directory!";
+-r $dir or die "FATAL: Can't read $dir as freeside user!";
+-x $dir or die "FATAL: $dir not searchable (executable) as freeside user!";
+
foreach my $autoload ( keys %autoload ) {
my $eval =
sub simple_packet {
my $packet = shift;
socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or die "socket: $!";
- connect(SOCK, sockaddr_un($socket)) or die "connect: $!";
+ connect(SOCK, sockaddr_un($socket)) or die "connect to $socket: $!";
nstore_fd($packet, \*SOCK) or die "can't send packet: $!";
SOCK->flush;
<li>Enable CGI execution for files with the `.cgi' extension. (with <a href="http://www.apache.org/docs/mod/mod_mime.html#addhandler">Apache</a>)
<li>Create the /usr/local/freeside directory on the external machine (owned by the freeside user).
<li>touch /usr/local/freeside/selfservice_socket; chown freeside /usr/local/freeside/selfservice_socket; chmod 600 /usr/local/freeside/selfservice_socket
- <li>Use <a href="http://www.apache.org/docs/suexec.html">suEXEC</a> or <a href="http://www.perl.com/CPAN-local/doc/manual/html/pod/perlsec.html#Security_Bugs">setuid</a> (see <a href="install.html">install.html</a> for details) to run signup.cgi, selfservice.cgi, agent.cgi and passwd.cgi as the freeside user.
+ <li>Use <a href="http://www.apache.org/docs/suexec.html">suEXEC</a> or <a href="http://www.perl.com/CPAN-local/doc/manual/html/pod/perlsec.html#Security_Bugs">setuid</a> to run signup.cgi, selfservice.cgi, agent.cgi and passwd.cgi as the freeside user. <b>Do not run your public web server as the freeside user!</b>
<li>Append the identity.pub from the freeside user on your freeside machine to the authorized_keys file of the newly created freeside user on the external machine(s).
<li>Run an instance of <pre>freeside-selfservice-server <i>user</i> <i>machine</i> <i>agentnum</i> <i>refnum</i></pre> on the Freeside machine for each external machine.
<ul>