diff options
Diffstat (limited to 'Bugzilla/Install')
-rw-r--r-- | Bugzilla/Install/Filesystem.pm | 50 | ||||
-rw-r--r-- | Bugzilla/Install/Localconfig.pm | 65 |
2 files changed, 41 insertions, 74 deletions
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 3fd24cdd1..4986e4d7a 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -27,7 +27,9 @@ package Bugzilla::Install::Filesystem; use strict; use Bugzilla::Constants; +use Bugzilla::Error; use Bugzilla::Install::Localconfig; +use Bugzilla::Util; use File::Find; use File::Path; @@ -484,6 +486,9 @@ sub _update_old_charts { sub fix_all_file_permissions { my ($output) = @_; + my $ws_group = Bugzilla->localconfig->{'webservergroup'}; + my $group_id = _check_web_server_group($ws_group, $output); + return if ON_WINDOWS; my $fs = FILESYSTEM(); @@ -491,17 +496,10 @@ sub fix_all_file_permissions { my %dirs = %{$fs->{all_dirs}}; my %recurse_dirs = %{$fs->{recurse_dirs}}; - print "Fixing file permissions...\n" if $output; + print get_text('install_file_perms_fix') . "\n" if $output; my $owner_id = POSIX::getuid(); - my $group_id = POSIX::getgid(); - my $ws_group = Bugzilla->localconfig->{'webservergroup'}; - if ($ws_group) { - my $ws_group_id = getgrnam($ws_group); - die "There is no such group: $ws_group. Check your \$webservergroup" - . " setting in localconfig" unless defined $ws_group_id; - $group_id = $ws_group_id; - } + $group_id = POSIX::getgid() unless defined $group_id; foreach my $dir (sort keys %dirs) { next unless -d $dir; @@ -561,6 +559,40 @@ sub _fix_perms { || warn "Failed to change permissions of $name: $!"; } +sub _check_web_server_group { + my ($group, $output) = @_; + + my $filename = bz_locations()->{'localconfig'}; + my $group_id; + + # If we are on Windows, webservergroup does nothing + if (ON_WINDOWS && $group && $output) { + print "\n\n" . get_text('install_webservergroup_windows') . "\n\n"; + } + + # If we're not on Windows, make sure that webservergroup isn't + # empty. + elsif (!ON_WINDOWS && !$group && $output) { + print "\n\n" . get_text('install_webservergroup_empty') . "\n\n"; + } + + # If we're not on Windows, make sure we are actually a member of + # the webservergroup. + elsif (!ON_WINDOWS && $group) { + $group_id = getgrnam($group); + ThrowCodeError('invalid_webservergroup', { group => $group }) + unless defined $group_id; + + # If on unix, see if we need to print a warning about a webservergroup + # that we can't chgrp to + if ($output && $< != 0 && !grep($_ eq $group_id, split(" ", $)))) { + print "\n\n" . get_text('install_webservergroup_not_in') . "\n\n"; + } + } + + return $group_id; +} + 1; __END__ diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm index f01be8bf9..971c27d02 100644 --- a/Bugzilla/Install/Localconfig.pm +++ b/Bugzilla/Install/Localconfig.pm @@ -339,9 +339,6 @@ EOT exit; } - # Now we do some checks on localconfig values. - _check_web_server_group($localconfig->{'webservergroup'}) if $output; - # Reset the cache for Bugzilla->localconfig so that it will be re-read delete Bugzilla->request_cache->{localconfig}; @@ -388,68 +385,6 @@ sub _get_default_diffpath { return $diff_binaries; } -sub _check_web_server_group { - my ($group) = @_; - - my $filename = bz_locations()->{'localconfig'}; - - # If we are on Windows, webservergroup does nothing - if (ON_WINDOWS && $group) { - print <<EOT - -Warning: You have set webservergroup in $filename -Please understand that this does not bring you any security when -running under Windows. -Verify that the file permissions in your Bugzilla directory are -suitable for your system. Avoid unnecessary write access. - -EOT - } - - # If we're not on Windows, make sure that webservergroup isn't - # empty. - elsif (!ON_WINDOWS && !$group) { - print <<EOT; - -******************************************************************************** -WARNING! You have not entered a value for the "webservergroup" parameter -in localconfig. This means that certain files and directories which need -to be editable by both you and the webserver must be world writable, and -other files (including the localconfig file which stores your database -password) must be world readable. This means that _anyone_ who can obtain -local access to this machine can do whatever they want to your Bugzilla -installation, and is probably also able to run arbitrary Perl code as the -user that the webserver runs as. - -You really, really, really need to change this setting. -******************************************************************************** -EOT - } - - # If we're not on Windows, make sure we are actually a member of - # the webservergroup. - elsif (!ON_WINDOWS && $group) { - # If on unix, see if we need to print a warning about a webservergroup - # that we can't chgrp to - my $webservergid = (getgrnam($group))[2] - or die("no such group: $group"); - if ($< != 0 && !grep($_ eq $webservergid, split(" ", $)))) { - my $root = ROOT_USER; - print <<EOT; - -Warning: you have entered a value for the "webservergroup" parameter in -localconfig, but you are not either a) running this script as $root; or b) a -member of this group. This can cause permissions problems and decreased -security. If you experience problems running Bugzilla scripts, log in as -$root and re-run this script, become a member of the group, or remove the -value of the "webservergroup" parameter. Note that any warnings about -"uninitialized values" that you may see below are caused by this. - -EOT - } - } -} - 1; __END__ |