summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Install
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla/Install')
-rw-r--r--Bugzilla/Install/Filesystem.pm50
-rw-r--r--Bugzilla/Install/Localconfig.pm65
2 files changed, 41 insertions, 74 deletions
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index 3fd24cdd1..4986e4d7a 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -27,7 +27,9 @@ package Bugzilla::Install::Filesystem;
use strict;
use Bugzilla::Constants;
+use Bugzilla::Error;
use Bugzilla::Install::Localconfig;
+use Bugzilla::Util;
use File::Find;
use File::Path;
@@ -484,6 +486,9 @@ sub _update_old_charts {
sub fix_all_file_permissions {
my ($output) = @_;
+ my $ws_group = Bugzilla->localconfig->{'webservergroup'};
+ my $group_id = _check_web_server_group($ws_group, $output);
+
return if ON_WINDOWS;
my $fs = FILESYSTEM();
@@ -491,17 +496,10 @@ sub fix_all_file_permissions {
my %dirs = %{$fs->{all_dirs}};
my %recurse_dirs = %{$fs->{recurse_dirs}};
- print "Fixing file permissions...\n" if $output;
+ print get_text('install_file_perms_fix') . "\n" if $output;
my $owner_id = POSIX::getuid();
- my $group_id = POSIX::getgid();
- my $ws_group = Bugzilla->localconfig->{'webservergroup'};
- if ($ws_group) {
- my $ws_group_id = getgrnam($ws_group);
- die "There is no such group: $ws_group. Check your \$webservergroup"
- . " setting in localconfig" unless defined $ws_group_id;
- $group_id = $ws_group_id;
- }
+ $group_id = POSIX::getgid() unless defined $group_id;
foreach my $dir (sort keys %dirs) {
next unless -d $dir;
@@ -561,6 +559,40 @@ sub _fix_perms {
|| warn "Failed to change permissions of $name: $!";
}
+sub _check_web_server_group {
+ my ($group, $output) = @_;
+
+ my $filename = bz_locations()->{'localconfig'};
+ my $group_id;
+
+ # If we are on Windows, webservergroup does nothing
+ if (ON_WINDOWS && $group && $output) {
+ print "\n\n" . get_text('install_webservergroup_windows') . "\n\n";
+ }
+
+ # If we're not on Windows, make sure that webservergroup isn't
+ # empty.
+ elsif (!ON_WINDOWS && !$group && $output) {
+ print "\n\n" . get_text('install_webservergroup_empty') . "\n\n";
+ }
+
+ # If we're not on Windows, make sure we are actually a member of
+ # the webservergroup.
+ elsif (!ON_WINDOWS && $group) {
+ $group_id = getgrnam($group);
+ ThrowCodeError('invalid_webservergroup', { group => $group })
+ unless defined $group_id;
+
+ # If on unix, see if we need to print a warning about a webservergroup
+ # that we can't chgrp to
+ if ($output && $< != 0 && !grep($_ eq $group_id, split(" ", $)))) {
+ print "\n\n" . get_text('install_webservergroup_not_in') . "\n\n";
+ }
+ }
+
+ return $group_id;
+}
+
1;
__END__
diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm
index f01be8bf9..971c27d02 100644
--- a/Bugzilla/Install/Localconfig.pm
+++ b/Bugzilla/Install/Localconfig.pm
@@ -339,9 +339,6 @@ EOT
exit;
}
- # Now we do some checks on localconfig values.
- _check_web_server_group($localconfig->{'webservergroup'}) if $output;
-
# Reset the cache for Bugzilla->localconfig so that it will be re-read
delete Bugzilla->request_cache->{localconfig};
@@ -388,68 +385,6 @@ sub _get_default_diffpath {
return $diff_binaries;
}
-sub _check_web_server_group {
- my ($group) = @_;
-
- my $filename = bz_locations()->{'localconfig'};
-
- # If we are on Windows, webservergroup does nothing
- if (ON_WINDOWS && $group) {
- print <<EOT
-
-Warning: You have set webservergroup in $filename
-Please understand that this does not bring you any security when
-running under Windows.
-Verify that the file permissions in your Bugzilla directory are
-suitable for your system. Avoid unnecessary write access.
-
-EOT
- }
-
- # If we're not on Windows, make sure that webservergroup isn't
- # empty.
- elsif (!ON_WINDOWS && !$group) {
- print <<EOT;
-
-********************************************************************************
-WARNING! You have not entered a value for the "webservergroup" parameter
-in localconfig. This means that certain files and directories which need
-to be editable by both you and the webserver must be world writable, and
-other files (including the localconfig file which stores your database
-password) must be world readable. This means that _anyone_ who can obtain
-local access to this machine can do whatever they want to your Bugzilla
-installation, and is probably also able to run arbitrary Perl code as the
-user that the webserver runs as.
-
-You really, really, really need to change this setting.
-********************************************************************************
-EOT
- }
-
- # If we're not on Windows, make sure we are actually a member of
- # the webservergroup.
- elsif (!ON_WINDOWS && $group) {
- # If on unix, see if we need to print a warning about a webservergroup
- # that we can't chgrp to
- my $webservergid = (getgrnam($group))[2]
- or die("no such group: $group");
- if ($< != 0 && !grep($_ eq $webservergid, split(" ", $)))) {
- my $root = ROOT_USER;
- print <<EOT;
-
-Warning: you have entered a value for the "webservergroup" parameter in
-localconfig, but you are not either a) running this script as $root; or b) a
-member of this group. This can cause permissions problems and decreased
-security. If you experience problems running Bugzilla scripts, log in as
-$root and re-run this script, become a member of the group, or remove the
-value of the "webservergroup" parameter. Note that any warnings about
-"uninitialized values" that you may see below are caused by this.
-
-EOT
- }
- }
-}
-
1;
__END__