From: Dragan Dosen Date: Thu, 3 Apr 2008 20:58:53 +0000 (+0200) Subject: File access permissions for Apache2 configuration X-Git-Tag: v2.2+2~13 X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=commitdiff_plain;h=d03328f5a691130af6d00a90401854ec1dbca134;p=apache2-cn.git File access permissions for Apache2 configuration files (chmod 644). --- diff --git a/debian/config b/debian/config index 24d86fc..e8c2d71 100755 --- a/debian/config +++ b/debian/config @@ -5,13 +5,14 @@ set -e # Load debconf . /usr/share/debconf/confmodule -CONFOLD="/etc/apache/httpd.conf" CONFDIR="/etc/apache2" CONF="$CONFDIR/apache2.conf" HOST=$(hostname) DOMAIN=$(hostname -d) + # Check for existing SSL VirtualHosts. +# has_listen_ssl=0 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then @@ -30,6 +31,9 @@ for file in $CONF $listen_ssl_mask; do fi done + +# SSL certificates. +# if [ $has_listen_ssl -eq 1 ]; then # SSL configuration already exists - no need for SSL certificates. @@ -39,8 +43,7 @@ if [ $has_listen_ssl -eq 1 ]; then else - # SSL certificates? - # + # SSL certificates information.. SSLCF=1 while [ $SSLCF -eq 1 ]; do @@ -109,7 +112,9 @@ else done fi + # Use WWW VirtualHost? +# db_subst apache2-cn/wwwhost stroj_domena "${HOST}.${DOMAIN}" db_subst apache2-cn/wwwhost www_domena "www.${DOMAIN}" db_input critical apache2-cn/wwwhost || true diff --git a/debian/postinst b/debian/postinst index e9923d7..086cc75 100755 --- a/debian/postinst +++ b/debian/postinst @@ -137,6 +137,9 @@ conf_log_fix () { $conf_file > $out mv $out $conf_file fi + + # Be sure.. + chmod 644 $conf_file fi } @@ -156,15 +159,20 @@ generate_ssl () { # Check if port 443 is configured in ports.conf file. # listen_ssl() { - - if ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then + + if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then cp_echo "CN: Enabling SSL port (443) for Apache2 web server." out=$(mktemp ${PORTCONF}.XXXXXX) - cp $PORTCONF $out + + if [ -f "$PORTCONF" ]; then + cp $PORTCONF $out + fi + echo "Listen 443" >> $out cp_mv $out $PORTCONF + chmod 644 $PORTCONF need_restart=1 temp_files="${temp_files} ${out}" @@ -311,13 +319,14 @@ trap cleanup 0 1 2 15 # Make sure that monit conf for Apache is disabled. +# if [ -f "/etc/monit.d/apache1.conf" ]; then mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled pkill -9 -f /usr/sbin/monit || true fi -# First of all - stop Apache web server, make sure Apache is NOT running. +# Make sure Apache is NOT running. # if [ -x /usr/sbin/invoke-rc.d ]; then [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true