view misc/newwebuser.in @ 5:0a7a5940ee3a

Change description per license
author Peter Gervai <grin@grin.hu>
date Tue, 10 Mar 2009 15:03:24 +0100
parents c7f6b056b673
children
line wrap: on
line source

#! /bin/sh -e

# create a per-user whitelist target directory, password, and so forth.

# This script creates the directories needed for per-addressee white
#   lists and log directories.  It also runs htpasswd to create an entry
#   in the Apache password file for the userdirs directory.

# The files and directories must be writable by both the httpd and dccm
#   processes.  That is assumed to be arranged by having the processes share
#   a group such as "www" and using a umask of 007.
#   The dccm log directories and files should not be globally readable
#   to protect the privacy of mail.
#   If dccm is run by a "user" such as "dcc", you might be able to
#   use suEXEC.  You might need to make a symbolic of ~dcc/public_html"
#   to ~dcc/userdirs.

# The web "usernames" are related the per-user white list directory names
#   see in DCC log files.  The white list and log directory in
#   "userdirs/local/xxx" is accessed with the user name "xxx".
#   "userdirs/esmtp/xxx@example.com" uses the user name "esmtp/xxx@example.com

# One additional directory named @prefix@/userdirs/tmp is created for the
#   CGI scripts that manage the per-user white lists and logs.


# Copyright (c) 2008 by Rhyolite Software, LLC
#
# This agreement is not applicable to any entity which sells anti-spam
# solutions to others or provides an anti-spam solution as part of a
# security solution sold to other entities, or to a private network
# which employs the DCC or uses data provided by operation of the DCC
# but does not provide corresponding data to other users.
#
# Permission to use, copy, modify, and distribute this software without
# changes for any purpose with or without fee is hereby granted, provided
# that the above copyright notice and this permission notice appear in all
# copies and any distributed versions or copies are either unchanged
# or not called anything similar to "DCC" or "Distributed Checksum
# Clearinghouse".
#
# Parties not eligible to receive a license under this agreement can
# obtain a commercial license to use DCC by contacting Rhyolite Software
# at sales@rhyolite.com.
#
# A commercial license would be for Distributed Checksum and Reputation
# Clearinghouse software.  That software includes additional features.  This
# free license for Distributed ChecksumClearinghouse Software does not in any
# way grant permision to use Distributed Checksum and Reputation Clearinghouse
# software
#
# THE SOFTWARE IS PROVIDED "AS IS" AND RHYOLITE SOFTWARE, LLC DISCLAIMS ALL
# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL RHYOLITE SOFTWARE, LLC
# BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
# OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
# ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
# SOFTWARE.
#	Rhyolite Software DCC 1.3.103-1.11 $Revision$
#	@configure_input@


exec 1>&2 </dev/null

# Since the CGI scripts cannot accept args and so must rely on the
#   DCC parameter file in the built-in homedir, do the same here.
DCC_HOMEDIR=@prefix@
. $DCC_HOMEDIR/dcc_conf

USAGE="`basename $0`: [-x] [-p htpasswd-pgm] [-g group] [-P whitelist-prototype] username"
HTPASSWD=@HTPASSWD@
GROUP=www
while getopts "xp:g:P:" c; do
    case $c in
	x) set -x;;
	p) HTPASSWD=$OPTARG;;
	g) GROUP="$OPTARG";;	    #GID shared with httpd
	P) PROTO="$OPTARG";;
	*) echo "$USAGE" 1>&2; exit 1;;
    esac
done
shift `expr $OPTIND - 1 || true`
if test "$#" -ne 1 -o -z "$1"; then
    echo "$USAGE" 1>&2
    exit 1
fi
USER=$1

if test -z "$DCCM_USERDIRS"; then
    cat <<EOF 1>&2
Per-user white lists require DCCM_USERDIRS defined in$DCC_HOMEDIR/dcc_conf.
Please consider installing a new version of dcc_conf.
EOF
    exit 1
fi

if test ! -r $DCC_HOMEDIR/ids; then
    if test -n "$DCCUID"; then
	echo "`basename $0: must be run by root or $DCCUID" 1>&2
    else
	echo "`basename $0: must be run by root" 1>&2
    fi
    exit 1
fi


USERDIRS=$DCC_HOMEDIR/$DCCM_USERDIRS
WEBUSERS=$USERDIRS/webusers
TMP_DIR=$USERDIRS/tmp
USER=`expr "$USER" : "$DCCM_USERDIRS/\(.*\)" \| "$USER"`
LOCAL_DIR=`expr "$USER" : '\(..*\)/..*' || true`
if test -z "$LOCAL_DIR"; then
    LOCAL_DIR="$USERDIRS/local"
    PER_USER="$USERDIRS/local/$USER"
else
    USER=`expr "$USER" : 'local/\(.*\)' \| "$USER"`
    LOCAL_DIR="$USERDIRS/$LOCAL_DIR"
    PER_USER="$USERDIRS/$USER"
fi

# create the directories
#   (some systems don't have `mkdir -p`)
for nm in "$USERDIRS" "$TMP_DIR" "$LOCAL_DIR" "$PER_USER" "$PER_USER/log"; do
    if test ! -d "$nm"; then
	mkdir "$nm"
    fi
done

# create the initial whiteclnt file
#   copy the prototype
if test ! -s $PER_USER/whiteclnt; then
    date "+# white list for $USER%n#%n#%n#webuser created %x %X %Z%n" \
	> "$PER_USER/whiteclnt"
    if test "$PROTO" != ""; then
	cat "$PROTO" >> "$PER_USER/whiteclnt"
    fi
fi

# Add the username and password to the htpasswd file
#   Create the htpasswd file for the first user.
if test ! -f $WEBUSERS; then
    $HTPASSWD -c $WEBUSERS "$USER"
else
    $HTPASSWD $WEBUSERS "$USER"
fi

# set permissions of existing files and directories in case they're wrong
chgrp $GROUP "$USERDIRS" "$TMP_DIR" "$PER_USER" "$PER_USER/log"
chgrp $GROUP "$PER_USER/whiteclnt" $WEBUSERS
if test -n "$DCCUID"; then
    chown $DCCUID $WEBUSERS "$USERDIRS" "$TMP_DIR" "$LOCAL_DIR"
    chown $DCCUID "$PER_USER" "$PER_USER/log" "$PER_USER/whiteclnt"
fi
chmod g=rwx "$USERDIRS" "$TMP_DIR" "$PER_USER" "$PER_USER/log"
chmod g=rw "$PER_USER/whiteclnt" $WEBUSERS
chmod o= "$PER_USER/log" $WEBUSERS