From 4f718e1ecb59dd40f45fc55705c99251e29d23f3 Mon Sep 17 00:00:00 2001 From: Andrew McNab Date: Fri, 27 May 2005 10:20:02 +0000 Subject: [PATCH] Add gsexec RPM --- org.gridsite.core/doc/gsexec.8 | 56 +++++++++++++++++++++++++++++++++++++ org.gridsite.core/src/Makefile | 10 +++++-- org.gridsite.core/src/gridsite.spec | 18 +++++++++++- 3 files changed, 80 insertions(+), 4 deletions(-) create mode 100644 org.gridsite.core/doc/gsexec.8 diff --git a/org.gridsite.core/doc/gsexec.8 b/org.gridsite.core/doc/gsexec.8 new file mode 100644 index 0000000..fbc5a62 --- /dev/null +++ b/org.gridsite.core/doc/gsexec.8 @@ -0,0 +1,56 @@ +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "GSEXEC" 8 "2005-05-27" "GridSite Apache Extensions" "gsexec" + +.SH NAME +gsexec \- Switch user before executing external programs + +.SH "SYNOPSIS" + +.PP +\fBgsexec\fR -\fBV\fR + + +.SH "SUMMARY" + +.PP +gsexec is used by the Apache HTTP Server to switch to another user before +executing CGI programs\&. In order to achieve this, it must run as root\&. +Since the HTTP daemon normally doesn't run as root, the gsexec executable +needs the setuid bit set and must be owned by root\&. It should never be +writable for any other person than root\&. + +.PP +gsexec is based on Apache's suexec. +For further information about the concepts and the security model of +the original suexec +please refer to the suexec documentation: + +(http://httpd\&.apache\&.org/docs-2\&.0/suexec\&.html)\&. + + +.SH "OPTIONS" + + +.TP +-V +If you are root, this option displays the compile options of gsexec\&. +For security reasons all configuration options are changeable only at +compile time\&. + diff --git a/org.gridsite.core/src/Makefile b/org.gridsite.core/src/Makefile index 234cd8a..f4ed603 100644 --- a/org.gridsite.core/src/Makefile +++ b/org.gridsite.core/src/Makefile @@ -251,6 +251,7 @@ install: apidoc $(prefix)/bin \ $(prefix)/sbin \ $(prefix)/share/man/man1 \ + $(prefix)/share/man/man8 \ $(prefix)/lib/httpd/modules \ $(prefix)/share/doc/gridsite-$(PATCH_VERSION) cp -f ../interface/gridsite.h $(prefix)/include @@ -279,17 +280,20 @@ install: apidoc cp -f doxygen/* $(prefix)/share/doc/gridsite-$(PATCH_VERSION) cp -f ../CHANGES ../README ../INSTALL ../LICENSE ../VERSION \ $(prefix)/share/doc/gridsite-$(PATCH_VERSION) - cp -f ../doc/*.html ../doc/*.conf ../doc/*.1 ../doc/*.sh \ + cp -f ../doc/*.html ../doc/*.conf ../doc/*.1 ../doc/*.8 ../doc/*.sh \ $(prefix)/share/doc/gridsite-$(VERSION) cp -f ../doc/*.1 $(prefix)/share/man/man1 + cp -f ../doc/*.8 $(prefix)/share/man/man8 gzip -f $(prefix)/share/man/man1/*.1 - cd ../doc ; for i in *.1 ; do ../src/roffit < $$i \ + gzip -f $(prefix)/share/man/man8/*.8 + cd ../doc ; for i in *.1 *.8 ; do ../src/roffit < $$i \ > $(prefix)/share/doc/gridsite-$(VERSION)/$$i.html ; done cp -f htcp $(prefix)/bin ln -sf htcp $(prefix)/bin/htls ln -sf htcp $(prefix)/bin/htll ln -sf htcp $(prefix)/bin/htrm ln -sf htcp $(prefix)/bin/htmkdir + cp -f gsexec $(prefix)/sbin cp -f mod_gridsite.so $(prefix)/lib/httpd/modules # @@ -310,7 +314,7 @@ dist: roffit gridsite.spec \ Doxyfile doxygen.css doxyheader.html \ ../gridsite-$(PATCH_VERSION)/src - cp -f ../doc/*.html ../doc/*.1 ../doc/*.conf ../doc/*.sh \ + cp -f ../doc/*.html ../doc/*.1 ../doc/*.8 ../doc/*.conf ../doc/*.sh \ ../gridsite-$(PATCH_VERSION)/doc cp -f ../interface/*.h \ ../gridsite-$(PATCH_VERSION)/interface diff --git a/org.gridsite.core/src/gridsite.spec b/org.gridsite.core/src/gridsite.spec index 5bf3b16..6e9c191 100644 --- a/org.gridsite.core/src/gridsite.spec +++ b/org.gridsite.core/src/gridsite.spec @@ -10,7 +10,7 @@ URL: http://www.gridsite.org/ Vendor: GridPP #Requires: libxml2,curl-ssl,mod_ssl #Buildrequires: libxml2-devel,curl-ssl-devel,httpd-devel -Packager: Andrew McNab +Packager: Andrew McNab %description GridSite adds GSI, VOMS and GACL support to Apache 2.0 (mod_gridsite), @@ -31,6 +31,18 @@ servers using HTTP or HTTPS, or to put or delete files or directories onto remote servers using HTTPS. htcp is similar to scp(1), but uses HTTP/HTTPS rather than ssh as its transfer protocol. +%package gsexec +Group: Applications/Internet +Summary: gsexec binary for the Apache HTTP server +#Requires: curl-ssl + +%description gsexec +This package includes the /usr/sbin/gsexec binary which can be installed +to allow the Apache HTTP server to run CGI programs (and any programs +executed by SSI pages) as a user other than the 'apache' user. gsexec +is a drop-in replacement for suexec, with extended functionality for use +with GridSite and Grid Security credentials. + %prep %setup @@ -83,3 +95,7 @@ rm -f %(echo ${MYPREFIX:-/usr})/share/doc/gridsite %attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htls.1.gz %attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htll.1.gz %attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man1/htmkdir.1.gz + +%files gsexec +%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/sbin/gsexec +%attr(-, root, root) %(echo ${MYPREFIX:-/usr})/share/man/man8/gsexec.8.gz -- 1.8.2.3