Don't run conserver as root - give it sudo abilities

svn path=/trunk/packages/sipb-xen-console-server/; revision=1118

diff --git a/debian/changelog b/debian/changelog
index b74354f..f08d5e9 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+sipb-xen-console-server (2.7) unstable; urgency=low
+
+  * Don't run conserver as root; use sudo instead
+
+ -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 02:38:46 -0400
+
 sipb-xen-console-server (2.06.3) unstable; urgency=low
 
   * Running conserver as root so it can run xm console

diff --git a/debian/sipb-xen-console-server.postinst b/debian/sipb-xen-console-server.postinst
new file mode 100755 (executable)
index 0000000..8734aff
--- /dev/null
+++ b/debian/sipb-xen-console-server.postinst
@@ -0,0 +1,44 @@
+#!/bin/sh
+# postinst script for sipb-xen-console-server
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    configure)
+        cat >>/etc/sudoers <<EOF
+### BEGIN sipb-xen-console-server
+conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console d_*
+### END sipb-xen-console-server
+EOF
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

diff --git a/debian/sipb-xen-console-server.prerm b/debian/sipb-xen-console-server.prerm
new file mode 100755 (executable)
index 0000000..320d360
--- /dev/null
+++ b/debian/sipb-xen-console-server.prerm
@@ -0,0 +1,39 @@
+#!/bin/sh
+# prerm script for sipb-xen-console-server
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    remove|upgrade|deconfigure)
+        perl -i.bak -ne 's%^### (BEGIN|END) sipb-xen-console-server\s*$%%m && ($skip = ($1 eq "BEGIN")); print unless $skip;' /etc/sudoers
+    ;;
+
+    failed-upgrade)
+    ;;
+
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

diff --git a/files/etc/conserver/conserver.cf.sipb-xen b/files/etc/conserver/conserver.cf.sipb-xen
index f86e9fb..837e411 100644 (file)
--- a/files/etc/conserver/conserver.cf.sipb-xen
+++ b/files/etc/conserver/conserver.cf.sipb-xen
@@ -6,7 +6,7 @@ default * {
        timestamp "1lab";
        rw *;
        type exec;
-       exec xm console d_f;
+       exec sudo xm console d_f;
        execsubst f=cs;
 }
 

diff --git a/files/etc/conserver/server.conf.sipb-xen b/files/etc/conserver/server.conf.sipb-xen
index eb76ea9..9081b3b 100644 (file)
--- a/files/etc/conserver/server.conf.sipb-xen
+++ b/files/etc/conserver/server.conf.sipb-xen
@@ -1,2 +1,2 @@
 OPTS='-p 3109  '
-ASROOT=y
+ASROOT=