mirror of
https://github.com/FirebirdSQL/firebird.git
synced 2025-01-24 10:03:03 +01:00
212 lines
4.6 KiB
Bash
212 lines
4.6 KiB
Bash
#!/bin/sh
|
|
|
|
RunUser=firebird
|
|
export RunUser
|
|
RunGroup=firebird
|
|
export RunGroup
|
|
PidDir=/var/run/firebird
|
|
export PidDir
|
|
|
|
#------------------------------------------------------------------------
|
|
# Get correct options & misc.
|
|
|
|
tarExt=tar
|
|
export tarExt
|
|
|
|
#------------------------------------------------------------------------
|
|
# Add new user and group
|
|
|
|
TryAddGroup() {
|
|
|
|
AdditionalParameter=$1
|
|
testStr=`grep firebird /etc/group`
|
|
|
|
if [ -z "$testStr" ]
|
|
then
|
|
groupadd $AdditionalParameter firebird
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
TryAddUser() {
|
|
|
|
AdditionalParameter=$1
|
|
testStr=`grep firebird /etc/passwd`
|
|
|
|
if [ -z "$testStr" ]
|
|
then
|
|
useradd $AdditionalParameter -d $FBRootDir -s /bin/false \
|
|
-c "Firebird Database Owner" -g firebird firebird
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
addFirebirdUser() {
|
|
|
|
TryAddGroup "-g 84 -r" >/dev/null 2>&1
|
|
TryAddGroup "-g 84" >/dev/null 2>&1
|
|
TryAddGroup "-r" >/dev/null 2>&1
|
|
TryAddGroup " "
|
|
|
|
TryAddUser "-u 84 -r" >/dev/null 2>&1
|
|
TryAddUser "-u 84" >/dev/null 2>&1
|
|
TryAddUser "-r" >/dev/null 2>&1
|
|
TryAddUser " "
|
|
|
|
}
|
|
|
|
|
|
#------------------------------------------------------------------------
|
|
# print location of init script
|
|
|
|
getInitScriptLocation() {
|
|
if [ -f /etc/rc.d/init.d/firebird ]
|
|
then
|
|
echo -n /etc/rc.d/init.d/firebird
|
|
elif [ -f /etc/rc.d/rc.firebird ]
|
|
then
|
|
echo -n /etc/rc.d/rc.firebird
|
|
elif [ -f /etc/init.d/firebird ]
|
|
then
|
|
echo -n /etc/init.d/firebird
|
|
fi
|
|
}
|
|
|
|
|
|
#------------------------------------------------------------------------
|
|
# stop super server if it is running
|
|
|
|
stopSuperServerIfRunning() {
|
|
checkString=`ps -eaf | egrep "\b(fbserver|fbguard)\b" |grep -v grep`
|
|
|
|
if [ ! -z "$checkString" ]
|
|
then
|
|
init_d=`getInitScriptLocation`
|
|
|
|
if [ -x "$init_d" ]
|
|
then
|
|
$init_d stop
|
|
fi
|
|
fi
|
|
}
|
|
|
|
#-----------------------------------------------------------------------
|
|
# Blank stub on HPUX - don't use openssl
|
|
|
|
generateNewDBAPassword() {
|
|
return 0
|
|
}
|
|
|
|
#------------------------------------------------------------------------
|
|
# For security reasons most files in firebird installation are
|
|
# root-owned and world-readable(executable) only (including firebird).
|
|
# For some files RunUser and RunGroup (firebird)
|
|
# must have write access - lock and log for example.
|
|
|
|
setFirebirdWritable() {
|
|
FileName=$1
|
|
chown $RunUser:$RunGroup $FileName
|
|
|
|
if [ "$RunUser" = "root" ]
|
|
# In that case we must open databases, locks, etc. to the world...
|
|
# That's a pity, but required if root RunUser choosen.
|
|
then
|
|
chmod a=rw $FileName
|
|
else
|
|
# This is good secure setting
|
|
chmod ug=rw,o= $FileName
|
|
fi
|
|
}
|
|
|
|
#------------------------------------------------------------------------
|
|
# Change the permissions to restrict access to server programs to
|
|
# firebird group only. This is MUCH better from a safety point of
|
|
# view than installing as root user, even if it requires a little
|
|
# more work.
|
|
|
|
setFilePermissions() {
|
|
cd $FBRootDir
|
|
|
|
# For security reasons initially force all root:root non-writable
|
|
chown -R root:root $FBRootDir
|
|
chmod -R uga-w $FBRootDir
|
|
|
|
# Set up configuration files - make them root-writable
|
|
cd $FBRootDir
|
|
chmod u+w *.conf
|
|
|
|
# Prepare bin
|
|
cd $FBBin
|
|
|
|
# Everyone may execute clients
|
|
chmod a=rx *
|
|
|
|
# Should set owner uid to deliver locks correctly
|
|
[ -f fb_lock_mgr ] && chmod +s fb_lock_mgr
|
|
|
|
# Shell scripts changing security attributes are for root only
|
|
chmod u=rx,go= *.sh
|
|
|
|
# Lock files
|
|
cd $FBRootDir
|
|
for i in init1 lock1 event1 guard1 monitor1 sem1
|
|
do
|
|
FileName=isc_$i.`hostname`
|
|
touch $FileName
|
|
setFirebirdWritable $FileName
|
|
done
|
|
|
|
# Log file
|
|
touch firebird.log
|
|
setFirebirdWritable firebird.log
|
|
|
|
# Security database
|
|
setFirebirdWritable $SecurityDatabase
|
|
|
|
# set up libraries - everyone may use them
|
|
cd $FBRootDir/lib
|
|
chmod a=rx lib*
|
|
|
|
# set up include files - everyone may use them
|
|
cd $FBRootDir/include
|
|
chmod a=r *
|
|
|
|
# fix up examples' permissions
|
|
cd $FBRootDir/examples
|
|
# set a default of read all files in examples
|
|
for i in `find . -name '*' -type f -print`
|
|
do
|
|
chmod a=r $i
|
|
done
|
|
# set a default of read&search all dirs in examples
|
|
for i in `find . -name '*' -type d -print`
|
|
do
|
|
chmod a=rx $i
|
|
done
|
|
# make examples DB(s) writable
|
|
for i in `find . -name '*.fdb' -print`
|
|
do
|
|
setFirebirdWritable $i
|
|
done
|
|
|
|
# fix up doc permissions
|
|
cd $FBRootDir
|
|
for i in `find doc -print`; do
|
|
chown root:root $i
|
|
if [ -d $i ]; then
|
|
chmod 0755 $i
|
|
else
|
|
chmod 0644 $i
|
|
fi
|
|
done
|
|
|
|
# QLI's help
|
|
cd $FBRootDir
|
|
chmod a=r help/help.fdb
|
|
|
|
cd $FBRootDir
|
|
}
|
|
|