8
0
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-24 15:23:03 +01:00
firebird-mirror/builds/install/arch-specific/linux/super/postinstall.sh.in

384 lines
9.6 KiB
Bash
Raw Normal View History

2003-07-09 00:59:57 +02:00
#! /bin/sh
#------------------------------------------------------------------------
# Prompt for response, store result in Answer
Answer=""
AskQuestion() {
Test=$1
DefaultAns=$2
echo -n "${1}"
Answer="$DefaultAns"
read Answer
}
#------------------------------------------------------------------------
# add a service line in the (usually) /etc/services or /etc/inetd.conf file
# Here there are three cases, not found => add service line,
# found & different => ask user to check
# found & same => do nothing
#
replaceLineInFile() {
FileName=$1
newLine=$2
oldLine=$3
if [ -z "$oldLine" ]
then
echo "$newLine" >> $FileName
elif [ "$oldLine" != "$newLine" ]
then
echo ""
echo "--- Warning ----------------------------------------------"
echo ""
echo " In file $FileName found line: "
echo " $oldLine"
echo " Which differs from the expected line:"
echo " $newLine"
echo ""
# AskQuestion "Press return to update file or ^C to abort install"
cat $FileName | grep -v "$oldLine" > ${FileName}.tmp
mv ${FileName}.tmp $FileName
echo "$newLine" >> $FileName
echo "Updated."
fi
}
#------------------------------------------------------------------------
# remove line from config file if it exists in it.
removeLineFromFile() {
FileName=$1
oldLine=$2
2003-09-08 21:31:12 +02:00
if [ -f $FileName ]
2003-07-09 00:59:57 +02:00
then
2003-09-08 21:31:12 +02:00
if [ ! -z "$oldLine" ]
then
cat $FileName | grep -v "$oldLine" > ${FileName}.tmp
mv ${FileName}.tmp $FileName
echo "Updated."
fi
2003-07-09 00:59:57 +02:00
fi
}
#------------------------------------------------------------------------
# changeInitPassword
changeInitPassword() {
NewPasswd=$1
InitFile=/etc/rc.d/init.d/firebird
if [ -f $InitFile ]
then
ed $InitFile <<EOF
/ISC_PASSWORD/s/ISC_PASSWORD:=.*\}/ISC_PASSWORD:=$NewPasswd\}/g
w
q
EOF
chmod u=rwx,g=rx,o= $InitFile
fi
}
#------------------------------------------------------------------------
# Unable to generate the password for the rpm, so put out a message
# instead
keepOrigDBAPassword() {
NewPasswd='masterkey'
echo "Firebird initial install password " > $DBAPasswordFile
echo "for user SYSDBA is : $NewPasswd" >> $DBAPasswordFile
echo "for install on `hostname` at time `date`" >> $DBAPasswordFile
echo "You should change this password at the earliest oportunity" >> $DBAPasswordFile
echo ""
echo "(For superserver you will also want to check the password in the" >> $DBAPasswordFile
echo "daemon init routine in the file /etc/rc.d/init.d/firebird)" >> $DBAPasswordFile
echo "" >> $DBAPasswordFile
echo "Your should password can be changed to a more suitable one using the" >> $DBAPasswordFile
echo "/usr/local/firebird/bin/gsec program as show below:" >> $DBAPasswordFile
echo "" >> $DBAPasswordFile
echo ">cd /usr/local/firebird" >> $DBAPasswordFile
echo ">bin/gsec -user sysdba -password <password>" >> $DBAPasswordFile
echo "GSEC>modify sysdba -pw <newpassword>" >> $DBAPasswordFile
echo "GSEC>quit" >> $DBAPasswordFile
chmod u=r,go= $DBAPasswordFile
}
#------------------------------------------------------------------------
# Generate new sysdba password
generateNewDBAPassword() {
2003-09-08 21:31:12 +02:00
# openssl generates random data.
if [ -f /usr/bin/openssl ]
then
NewPasswd=`openssl rand -base64 10 | cut -c1-8`
fi
2003-07-09 00:59:57 +02:00
2003-09-08 21:31:12 +02:00
# mkpasswd is a bit of a hassle, but check to see if it's there
if [ -z "$NewPasswd" ]
then
if [ -f /usr/bin/mkpasswd ]
then
NewPasswd=`/usr/bin/mkpasswd -l 8`
fi
fi
2003-07-09 00:59:57 +02:00
2003-09-08 21:31:12 +02:00
if [ -z "$NewPasswd" ]
then
keepOrigDBAPassword
return
fi
NewPasswd=`echo $NewPasswd | awk '{ for(i=1; i<=8; i++) {x = substr($1, i, 1); if (x == "/") x = "_"; printf "%c", x }; print ""}'`
2003-07-09 00:59:57 +02:00
echo "Firebird generated password " > $DBAPasswordFile
echo "for user SYSDBA is : $NewPasswd" >> $DBAPasswordFile
echo "generated on `hostname` at time `date`" >> $DBAPasswordFile
echo "(For superserver you will also want to check the password in the" >> $DBAPasswordFile
echo "daemon init routine in the file /etc/rc.d/init.d/firebird)" >> $DBAPasswordFile
echo "" >> $DBAPasswordFile
echo "Your password can be changed to a more suitable one using the" >> $DBAPasswordFile
2003-09-08 21:31:12 +02:00
echo "@prefix@/bin/changeDBAPassword.sh script" >> $DBAPasswordFile
2003-07-09 00:59:57 +02:00
echo "" >> $DBAPasswordFile
2003-09-08 21:31:12 +02:00
chmod u=r,go= $DBAPasswordFile
2003-07-09 00:59:57 +02:00
2003-09-08 21:31:12 +02:00
echo ""
echo Running gsec to modify SYSDBA password
2003-07-09 00:59:57 +02:00
$IBBin/gsec -user sysdba -password masterkey <<EOF
modify sysdba -pw $NewPasswd
EOF
2003-09-08 21:31:12 +02:00
echo ""
echo Running ed to modify /etc/init.d/firebird
2003-07-09 00:59:57 +02:00
changeInitPassword "$NewPasswd"
}
2003-09-08 21:31:12 +02:00
2003-07-09 00:59:57 +02:00
#------------------------------------------------------------------------
# Change sysdba password - this routine is interactive and is only
# used in the install shell script not the rpm one.
askUserForNewDBAPassword() {
NewPasswd=""
echo ""
while [ -z "$NewPasswd" ]
do
AskQuestion "Please enter new password for SYSDBA user: "
NewPasswd=$Answer
if [ ! -z "$NewPasswd" ]
then
$IBBin/gsec -user sysdba -password masterkey <<EOF
modify sysdba -pw $NewPasswd
EOF
echo ""
changeInitPassword "$NewPasswd"
fi
done
}
#------------------------------------------------------------------------
# Change sysdba password - this routine is interactive and is only
# used in the install shell script not the rpm one.
# On some systems the mkpasswd program doesn't appear and on others
# there is another mkpasswd which does a different operation. So if
# the specific one isn't available then keep the original password.
changeDBAPassword() {
if [ -z "$InteractiveInstall" ]
then
2003-09-08 21:31:12 +02:00
generateNewDBAPassword
2003-07-09 00:59:57 +02:00
else
askUserForNewDBAPassword
fi
}
2003-09-08 21:31:12 +02:00
#------------------------------------------------------------------------
# For security reasons most files in firebird installation are
# root-owned and world-readable(executable) only (including firebird).
# For some files RunUser (firebird) must have write access -
# lock and log are such.
MakeFileFirebirdWritable() {
FileName=$1
chown $RunUser.$RunUser $FileName
chmod 0644 $FileName
}
#------------------------------------------------------------------------
# Add new user and group
addFirebirdUser() {
testStr=`grep firebird /etc/group`
if [ -z "$testStr" ]
then
groupadd -g 84 -o -r firebird
fi
testStr=`grep firebird /etc/passwd`
if [ -z "$testStr" ]
then
useradd -o -r -M -d $IBRootDir -s /bin/false \
-c "Firebird Database Administrator" -g firebird -u 84 firebird
# >/dev/null 2>&1
fi
}
2003-07-09 00:59:57 +02:00
#= Main Post ===============================================================
# Make sure the links are in place
if [ ! -L /usr/local/firebird -a ! -d /usr/local/firebird ]
then
# Main link and...
ln -s $RPM_INSTALL_PREFIX/interbase /usr/local/firebird
fi
IBRootDir=/usr/local/firebird
2003-09-08 21:31:12 +02:00
export IBRootDir
2003-07-09 00:59:57 +02:00
IBBin=$IBRootDir/bin
2003-09-08 21:31:12 +02:00
export IBBin
# RunUser=root
RunUser=firebird
export RunUser
DBAPasswordFile=$IBRootDir/SYSDBA.password
export DBAPasswordFile
2003-07-09 00:59:57 +02:00
# Update /etc/services
FileName=/etc/services
newLine="gds_db 3050/tcp # InterBase Database Remote Protocol"
oldLine=`grep "^gds_db" $FileName`
replaceLineInFile "$FileName" "$newLine" "$oldLine"
# remove any gds_db line in the /etc/inetd.conf
FileName=/etc/inetd.conf
2003-09-08 21:31:12 +02:00
if [ -f $FileName ]
then
oldLine=`grep "^gds_db" $FileName`
2003-07-09 00:59:57 +02:00
2003-09-08 21:31:12 +02:00
removeLineFromFile "$FileName" "$oldLine"
fi
2003-07-09 00:59:57 +02:00
# Get inetd to reread new init files.
if [ -f /var/run/inetd.pid ]
then
kill -HUP `cat /var/run/inetd.pid`
fi
2003-09-08 21:31:12 +02:00
# Update ownership of files
if [ $RunUser = firebird ]
then
# Prepare firebird user
addFirebirdUser
fi
2003-07-09 00:59:57 +02:00
2003-09-08 21:31:12 +02:00
# For security reasons initially force all root:root non-writable
chown -R root.root $IBRootDir
chmod -R uga-w $IBRootDir
2003-07-09 00:59:57 +02:00
2003-09-08 21:31:12 +02:00
# Prepare bin
2003-07-09 00:59:57 +02:00
cd $IBBin
2003-09-08 21:31:12 +02:00
# Create the fbmgr shell script.
cat > fbmgr <<EOF
2003-07-09 00:59:57 +02:00
#!/bin/sh
INTERBASE=$IBRootDir
export INTERBASE
2003-09-08 21:31:12 +02:00
exec \$INTERBASE/bin/fbmgr.bin \$@
2003-07-09 00:59:57 +02:00
EOF
2003-09-08 21:31:12 +02:00
# Everyone may execute clients
chmod 0555 *
2003-07-09 00:59:57 +02:00
2003-09-08 21:31:12 +02:00
# Shell scripts changing security attributes are for root only
chmod 0500 *.sh
2003-07-09 00:59:57 +02:00
# These two should only be executed by firebird user.
2003-09-08 21:31:12 +02:00
#fbservices=fbguard fbserver
#chown $RunUser.$RunUser $fbservices
#chmod 0544 $fbservices
2003-07-09 00:59:57 +02:00
# Lock files
cd $IBRootDir
for i in isc_init1 isc_lock1 isc_event1 isc_guard1
do
FileName=$i.`hostname`
touch $FileName
2003-09-08 21:31:12 +02:00
MakeFileFirebirdWritable $FileName
2003-07-09 00:59:57 +02:00
done
2003-09-08 21:31:12 +02:00
touch firebird.log
MakeFileFirebirdWritable firebird.log
# Security database
# Nobody besides firebird permitted to even read this file
chown $RunUser.$RunUser security.fdb
chmod 0600 security.fdb
2003-07-09 00:59:57 +02:00
2003-09-08 21:31:12 +02:00
# make examples writable by firebird
for i in examples/*.fdb
do
MakeFileFirebirdWritable $i
done
2003-07-09 00:59:57 +02:00
2003-09-08 21:31:12 +02:00
# prepair to chkconfig ...
2003-07-09 00:59:57 +02:00
chmod ug+rx,o= /etc/rc.d/init.d/firebird
# This will start it at runlevel defined within the firebird file itself.
/sbin/chkconfig --add firebird
# start the db server so we can change the password
2003-09-08 21:31:12 +02:00
(cd /etc/rc.d/init.d; ./firebird start; sleep 1)
2003-07-09 00:59:57 +02:00
# Change sysdba password
changeDBAPassword