| ID |
Date |
Author |
Author Email |
Category |
Subject |
Status |
Last Revision |
|
29
|
Thu Nov 27 11:43:32 2008 |
T. Ribbrock | emgaron+elog@ribbrock.org | Script | /etc/init.d/elog script for Debian-like distros | Stable | | The attached script was used by the Debian package (which is no longer maintained) to start/stop elogd. I have changed it based on some comments in the forum (see script) to add some more functionality. As there is no mainatined elog package for Debian anymore, I'm placing it here in the hope that it might come in handy for users who want to run elog under Debian.
This script needs to be placed in /etc/init.d and expects elogd to be installed as /usr/sbin/elogd (can be changed, of course). |
| Attachment 1: elog
|
#!/bin/sh
# Init script for ELOG.
# Copyright © 2003, 2005 Recai Oktaş <roktas@omu.edu.tr>
#
# Additional changes by Thomas Ribbrock <emgaron@ribbrock.org>
# - 2008-11-27: Added better reload functionality, based on suggestion and
# code from Yoshio Imai as posted in elog forum
#
# Licensed under the GNU General Public License, version 2.
# See the file `http://www.gnu.org/copyleft/gpl.txt'.
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/elogd
NAME=elogd
DESC="ELOG daemon"
test -f $DAEMON || exit 0
set -e
# Admin should be able to lock some options.
if [ -f /etc/default/elog ]; then
. /etc/default/elog
fi
# To be in the safe side, the followings should be always defined.
PIDFILE=${PIDFILE:-/var/run/$NAME.pid}
CONFFILE=${CONFFILE:-/etc/elog.conf}
# Add the options to argument list only if defined previously. Since
# some options may also be present in the conffile, we couldn't preset
# those options which would otherwise overwrite the settings in the
# conffile. Also note that, all have reasonable compiled-in defaults.
ARGS="${PIDFILE+"-f $PIDFILE"} \
${CONFFILE+"-c $CONFFILE"} \
${LOGBOOKDIR+"-d $LOGBOOKDIR"} \
${RESOURCEDIR+"-s $RESOURCEDIR"} \
${PORT+"-p $PORT"} \
${HOST+"-n $HOST"} \
${VERBOSE+"-v"}"
# Always run as a daemon.
ARGS=`echo $ARGS -D`
case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $ARGS 2>&1
sleep 1
if [ -f "$PIDFILE" ] && ps h `cat "$PIDFILE"` >/dev/null; then
echo "$NAME."
else
echo "$NAME failed to start; check syslog for diagnostics."
exit 1
fi
;;
stop)
echo -n "Stopping $DESC: $NAME"
start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $ARGS 2>&1
echo "."
;;
reload)
# Send HUP signal to reload config file
# (Only needed if config is edited manually and not via
# webinterface)
if [ -f $PIDFILE ]; then
echo -n "$DESC to reread config file ... "
kill -HUP `cat "$PIDFILE"`
echo "done"
else
echo "No $PIDFILE found!"
fi
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
if [ "$?" != "0" ]; then
exit 1
fi
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0
# vim:ai:sts=8:sw=8:
|
|
28
|
Fri Mar 28 10:23:50 2008 |
svrmarty | svrmarty@gmx.net | Other | ELOG V2.7.3-2080 debian amd64 package | Stable | Fri Mar 28 10:23:55 2008 by svrmarty | |
| Attachment 1: elog_2.7.3+r2080-1_amd64.deb
|
|
27
|
Tue Jan 29 23:18:39 2008 |
Diogo Alves | diogomiguelalves@gmail.com | Script | Multiple file upload for Firefox | Stable | Wed Jan 30 07:56:53 2008 by Stefan Ritt | Here's a firefox extension that works extremely well if one uses drag n'drop to upload several attachment files at once:
https://addons.mozilla.org/en-US/firefox/addon/219
|
|
26
|
Mon Jul 16 16:43:07 2007 |
Peter Rienstra | peter.rienstra@gmail.com | Other | Re: Compiling elogd.c on HP-UX 64 bit | Beta | Thu Jul 12 09:38:47 2007 by Peter Rienstra |
I downloaded revision 1888. There were no problems compiling it. It's running on the HP-UX system now and everything seems to work fine.  |
|
25
|
Mon Jul 16 15:57:47 2007 |
Stefan Ritt | stefan.ritt@psi.ch | Other | Re: Compiling elogd.c on HP-UX 64 bit | Beta | Thu Jul 12 09:38:47 2007 by Peter Rienstra |
| Peter Rienstra wrote: | | HP-UX doesn't have the "seteuid" and "setegid" functions. But there are "setuid+setgid", "setreuid+setregid" and "setresuid+setresgid" functions available. |
I had a look and found that setreuid/setregid is also available under Linux, so I use those functions instead, which should also work on HP-UX. Can you check revision 1888 (http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1888), compile it and see if you can run it at least under your non-root account. |
|
24
|
Mon Jul 16 15:27:08 2007 |
Peter Rienstra | peter.rienstra@gmail.com | Other | Re: Compiling elogd.c on HP-UX 64 bit | Beta | Thu Jul 12 09:38:47 2007 by Peter Rienstra | Stefan,
First I want to say I really like your program. We work in a small group of 5 database administrators, and this is exactly what we need to inform each other. Elog is simple but very functional, so thanks!
My problem is that I don't have root access to the HP-UX machines. We don't run elogd as root, so I wasn't really interested in the seteuid functionality, I just wanted to compile and run the program.
HP-UX doesn't have the "seteuid" and "setegid" functions. But there are "setuid+setgid", "setreuid+setregid" and "setresuid+setresgid" functions available. I'm not sure which one is the best to use. I uploaded the manpages as attachment. I hope this will help you.
If you want I can do a compile and run test on HP-UX with your altered source code. But I can't do a test with "root".
| Stefan Ritt wrote: | I applied most of your patches to the elog source code, SVN revision 1885. The only missing piece has to do with seteuid/setuid. I definitively need seteuid for linux, because elogd might be started under root, then it falls back to an optional elog user. But when it stops, it has to restore the original root user in order to delete the PID file (/var/run/elogd.pid) which was created under root. If seteuid does not exist under HP-UX, you should add something like
#ifdef HP-UX
setuid(...)
#else
seteuid(...)
#endif
Probably the HP-UX has to be something else, but I cannot test this since I don't have such an OS here. Once you get this working I can put it into the standard distribution. |
|
| Attachment 1: man_setuid.txt
|
setuid(2) setuid(2)
NAME
setuid(), setgid() - set user and group IDs
SYNOPSIS
#include <unistd.h>
int setuid(uid_t uid);
int setgid(gid_t gid);
DESCRIPTION
setuid() sets the real-user-ID (ruid), effective-user-ID (euid),
and/or saved-user-ID (suid) of the calling process. If the Security
Containment product is installed, these interfaces treat a process
observing CHSUBJIDENT as a privileged process. Otherwise, only
processes with an euid of zero are treated as privileged processes.
See privileges(5) for more information on Security Containment and
fine-grained privileges.
The following conditions govern setuid's behavior:
+ If the process is privileged, setuid() sets the ruid, euid,
and suid to uid.
+ If the process is not privileged and the argument uid is equal
to the ruid or the suid, setuid() sets the euid to uid; the
ruid and suid remain unchanged. (If a set-user-ID program is
not running as superuser, it can change its euid to match its
ruid and reset itself to the previous euid value.)
+ If the process is not privileged, the argument uid is equal to
the euid, and the calling process has the PRIV_SETRUGID
privilege, setuid() sets the ruid to uid; the euid and suid
remain unchanged.
setgid() sets the real-group-ID (rgid), effective-group-ID (egid),
and/or saved-group-ID (sgid) of the calling process. The following
conditions govern setgid()'s behavior:
+ If the process is privileged, setgid() sets the rgid and egid
to gid.
+ If the process is not privileged and the argument gid is equal
to the rgid or the sgid, setgid() sets the egid to gid; the
rgid and sgid remain unchanged.
+ If the process is not privileged, the argument gid is equal to
the egid, and the calling process has the PRIV_SETRUGID
privilege, setgid() sets the rgid to gid; the egid and sgid
remain unchanged.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: May 2006
setuid(2) setuid(2)
Security Restrictions
Some or all of the actions associated with this system call require
the CHSUBJIDENT privilege. Processes owned by the superuser have this
privilege. Processes owned by other users may have this privilege,
depending on system configuration.
See privileges(5) for more information about privileged access on
systems that support fine-grained privileges.
RETURN VALUE
Upon successful completion, setuid() and setgid() return 0; otherwise,
they return -1 and set errno to indicate the error.
ERRORS
setuid() and setgid() fail and return -1 if any of the following
conditions are encountered:
[EPERM] None of the conditions above are met.
[EINVAL] uid (gid) is not a valid user (group) ID.
WARNINGS
It is recommended that the PRIV_SETRUGID capability be avoided, as it
is provided for backward compatibility. This feature may be modified
or dropped from future HP-UX releases. When changing the real user ID
and real group ID, use of setresuid() and setresgid() (see
setresuid(2)) is recommended instead.
AUTHOR
setuid() was developed by AT&T, the University of California,
Berkeley, and HP.
setgid() was developed by AT&T.
SEE ALSO
exec(2), getuid(2), setresuid(2), privileges(5).
STANDARDS CONFORMANCE
setuid(): AES, SVID2, SVID3, XPG2, XPG3, XPG4, FIPS 151-2, POSIX.1
setgid(): AES, SVID2, SVID3, XPG2, XPG3, XPG4, FIPS 151-2, POSIX.1
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: May 2006
|
| Attachment 2: man_setreuid.txt
|
setreuid(2) setreuid(2)
NAME
setreuid - set real and effective user IDs
SYNOPSIS
#include <unistd.h>
int setreuid(uid_t ruid, uid_t euid);
DESCRIPTION
The setreuid() function sets the real and effective user IDs of the
current process to the values specified by the ruid and euid
arguments. If ruid or euid is -1, the corresponding effective or real
user ID of the current process is left unchanged.
A process with appropriate privileges can set either ID to any value.
An unprivileged process can only set the effective user ID if the euid
argument is equal to either the real, effective, or saved user ID of
the process.
It is unspecified whether a process without appropriate privileges is
permitted to change the real user ID to match the current real,
effective or saved user ID of the process.
RETURN VALUE
Upon successful completion, 0 is returned. Otherwise, -1 is returned
and errno is set to indicate the error.
ERRORS
The setreuid() function will fail if:
[EINVAL] The value of the ruid or euid argument
is invalid or out-of-range.
[EPERM] The current process does not have
appropriate privileges, and either an
attempt was made to change the effective
user ID to a value other than the real
user ID or the saved set-user-ID or an
attempt was made to change the real user
ID to a value not permitted by the
implementation.
SEE ALSO
getuid(2), setuid(2), <unistd.h>.
CHANGE HISTORY
First released in Issue 4, Version 2.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
|
| Attachment 3: man_setresuid.txt
|
setresuid(2) setresuid(2)
NAME
setresuid, setresgid - set real, effective, and saved user and group
IDs
SYNOPSIS
#include <unistd.h>
int setresuid(uid_t ruid, uid_t euid, uid_t suid);
int setresgid(gid_t rgid, gid_t egid, gid_t sgid);
DESCRIPTION
setresuid() sets the real, effective and/or saved user ID of the
calling process.
If the current real, effective or saved user ID is equal to that of a
user having appropriate privileges, setresuid() sets the real,
effective and saved user IDs to ruid, euid, and suid, respectively.
Otherwise, setresuid() only sets the real, effective, and saved user
IDs if ruid, euid, and suid each match at least one of the current
real, effective, or saved user IDs.
If ruid, euid, or suid is -1, setresuid() leaves the current real,
effective or saved user ID unchanged.
setresgid() sets the real, effective and/or saved group ID of the
calling process.
If the current real, effective or saved user ID is equal to that of a
user having appropriate privileges, setresgid() sets the real,
effective, and saved group ID to rgid, egid, and sgid, respectively.
Otherwise, setresgid() only sets the real, effective and saved group
ID if rgid, egid, and sgid each match at least one of the current
real, effective or saved group ID.
If rgid, egid, or sgid is -1, setresgid() leaves the current real,
effective or saved group ID unchanged.
Security Restrictions
Some or all of the actions associated with this system call require
the PRIV_CHSUBJIDENT privilege (CHSUBJIDENT). Processes owned by the
superuser will have this privilege. Processes owned by other users
may have this privilege, depending on system configuration. See
privileges(5) for more information about privileged access on systems
that support fine-grained privileges.
RETURN VALUE
Upon successful completion, setresuid() and setresgid() return 0;
otherwise, they return -1 and set errno to indicate the error.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: May 2005
setresuid(2) setresuid(2)
ERRORS
setresuid() and setresgid() fail if any of the following conditions
are encountered:
[EINVAL] ruid, euid, or suid (rgid, egid, or sgid) is not a
valid user (group) ID.
[EPERM] None of the conditions above are met.
AUTHOR
setresuid() and setresgid() were developed by HP.
SEE ALSO
exec(2), getuid(2), setuid(2).
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: May 2005
|
|
23
|
Fri Jul 13 12:36:45 2007 |
Stefan Ritt | stefan.ritt@psi.ch | Other | Re: Compiling elogd.c on HP-UX 64 bit | Beta | Thu Jul 12 09:38:47 2007 by Peter Rienstra | I applied most of your patches to the elog source code, SVN revision 1885. The only missing piece has to do with seteuid/setuid. I definitively need seteuid for linux, because elogd might be started under root, then it falls back to an optional elog user. But when it stops, it has to restore the original root user in order to delete the PID file (/var/run/elogd.pid) which was created under root. If seteuid does not exist under HP-UX, you should add something like
#ifdef HP-UX
setuid(...)
#else
seteuid(...)
#endif
Probably the HP-UX has to be something else, but I cannot test this since I don't have such an OS here. Once you get this working I can put it into the standard distribution. |
|
22
|
Wed Jul 11 11:13:16 2007 |
Peter Rienstra | peter.rienstra@gmail.com | Other | Compiling elogd.c on HP-UX 64 bit | Beta | Thu Jul 12 09:38:47 2007 by Peter Rienstra | We succeeded in compiling and running elogd (elog-2.6.5) on HP-UX 64 bit Itanium platform (HP-UX B.11.23 U ia64).
The main problem was we got a core dump after starting elogd. The cause was that the memory has be allocated with a 4 byte boundary. This could be the case on other 64 bit platforms as well. A colleague of mine (Sander Notting) found the solution.
Unzip and untar the zip file (elog-latest.tar.gz)
Go to the src directory (elog-2.6.5/src)
Edit elogd.c
Replace all:
show_selection_page(NULL); => show_selection_page();
seteuid => setuid
setegid => setgid
On line 564:
void *buffer => char *buffer
Line 645, add the text in bold:
void *xmalloc(size_t bytes)
{
char *temp;
/* Align buffer on 4 byte boundery for HP UX and other 64 bit systems to prevent Bus error(core dump)*/
if (bytes & 3)
bytes += 4 - (bytes & 3);
temp = (char *) malloc(bytes + 12);
After that compile:
cc -w -c -o regex.o regex.c
cc -w -c -o mxml.o ../../mxml/mxml.c
cc -w -c -o strlcpy.o ../../mxml/strlcpy.c
cc -I../../mxml -o elogd elogd.c regex.o mxml.o strlcpy.o
We didn't try to run elogd under root yet. |
| Attachment 1: elogdhpux64.c.gz
|
|
21
|
Tue Feb 20 18:20:40 2007 |
Val Schmidt | vschmidt@ldeo.columbia.edu | Documentation | Secure elog with SSL under Apache2 on Ubuntu | Stable | | The steps for configuration under Apache2 are a bit different. Below I've included a quick list of instructions for Ubuntu. One nice thing about this method, is that only https requests to https://your.url/elog are redirected (not all https connections to your url) so you can have other services running under ssl:
My Setup:
Ubuntu 6.10 (Edgy):
Linux tide1 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux
Packages:ii apache2 2.0.55-4ubuntu4 next generation, scalable, extendable web se
ii apache2-common 2.0.55-4ubuntu4 next generation, scalable, extendable web se
ii apache2-mpm-worker 2.0.55-4ubuntu4 high speed threaded model for Apache2
ii apache2-utils 2.0.55-4ubuntu4 utility programs for webservers
ii elog 2.6.1+r1642-1 Logbook system to manage notes through a Web ---
To setup ssl in apache2 for elog I started here:
This min-howto was kindly provided in a forum. I reproduced it here without permission.
A Mini-Howto for apache2:
apt-get install apache2
apache2-ssl-certificate
(and answer the questions)
Now, enable ssl:
a2enmod ssl
configure ssl:
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
"/etc/apache2/sites-enabled/ssl" should look like this:
NameVirtualHost *:443
<VirtualHost *:443>
(... configure the directories too...)
and "/etc/apache2/sites-enabled/default" should look like this:
NameVirtualHost *:80
<VirtualHost *:80>
(... configure the directories too...)
In /etc/apache2/ports.conf, add Listen 443
In the middle of /etc/apache2/sites-available/ssl file, insert this two lines:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
Hope it helps :)
This method, without configuraiton of any of the <Directory> directives in /etc/apache2/sites-available/ssl, makes everything in /var/www https accessible. This may not be desirable. Configure the directives as you see fit.
To get SSL forwarding going for elog, in /etc/apache2/sites-available/ssl, I added the following:
ServerName tide1.unh.edu
ProxyRequests Off
ProxyPreserveHost On
<Location /elog/>
Order allow,deny
allow from all
ProxyPass http://tide1.unh.edu:8080/
ProxyPassReverse http://tide1.unh.edu:8080/
SSLRequireSSL
</Location>
Once this is in place one must restart apache with
sudo /etc/init.d/apache2 force-reload
In /etc/elog.conf I added:
URL=https://tide1.unh.edu/elog
and restarted elog as above.
Finally, I removed the firewall entry that allowed connections to port 8080 for non-secure elog.
Items of note:
The "apache2-ssl-certificate" created a certificate that seems to expire in 30 days. This obviously not ideal. More details about how to create certificates can be found at HERE. At some point in the future, we'll have to figure this out and create a more appropriate certificate. |
|