From: Julien Moutinho Date: Sat, 23 Mar 2013 20:38:23 +0000 (+0100) Subject: Polissage : vm_hosted : chemins et droits. X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=commitdiff_plain;h=c18eb554fffb9736aaeda756f5f9c69c34f95fb3 Polissage : vm_hosted : chemins et droits. --- diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index b87bf14..6860ff1 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -81,7 +81,7 @@ http { types_hash_max_size 2048; include /etc/nginx/site.d/*/server.conf; } -pid /var/run/nginx.pid; +pid /run/nginx.pid; user www-data; worker_processes 2; diff --git a/vm_hosted b/vm_hosted index 21950b0..b68dc3d 100755 --- a/vm_hosted +++ b/vm_hosted @@ -709,21 +709,39 @@ rule_mail_configure () { } rule_mysql_configure () { rule apt_get_install mysql-server-5.5 - sudo install -m 644 -o root -g root \ + rule adduser mysql \ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/mysql \ + --shell /bin/false \ + --system + rule adduser mysql-data \ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/mysql/data \ + --shell /bin/false \ + --system + sudo usermod --home /home/mysql mysql + sudo adduser mysql mysql-data + sudo install -m 640 -o mysql -g mysql \ "$tool"/etc/mysql/my.cnf \ /etc/mysql/my.cnf - if test ! -d /home/mysql + sudo install -d -m 751 -o mysql -g mysql \ + /home/mysql + sudo install -d -m 750 -o mysql-data -g mysql-data \ + /home/mysql/data + if test ! -d /home/mysql/data then - sudo install -d -m 750 -o mysql -g mysql \ - /home/mysql - sudo install -d -m 750 -o mysql -g mysql \ - /home/mysql/data sudo -u mysql mysql_install_db \ --no-defaults \ --datadir=/home/mysql/data - sudo usermod --home /home/mysql mysql fi sudo service tmpfs restart + case $(sudo sv status mysql || true) in + (run:*) sudo sv restart mysql + esac } rule_network_configure () { sudo install -m 644 -o root -g root /dev/stdin /etc/hostname <<-EOF @@ -867,16 +885,13 @@ rule_nginx_configure () { done rule apt_get_install spawn-fcgi fcgiwrap sudo insserv --remove fcgiwrap - sudo insserv --remove nginx + #sudo insserv --remove nginx rule tmpfs_configure sudo service php5-fpm restart # NOTE: relance les processus du pool # pour leur donner les droits # de leurs groupes supplémentaires. sudo service nginx restart - #case $(sv status nginx) in - # (run:*) sudo sv restart nginx - # esac } rule_php5_fpm_configure () { local -; set +f @@ -979,7 +994,7 @@ rule_php5_fpm_configure () { sudo install -m 664 -o php5 -g php5 \ "$tool"/etc/php5/fpm/php.ini \ /etc/php5/fpm/php.ini - case $(sv status php5-"$pool") in + case $(sudo sv status php5-"$pool") in (run:*) sudo sv restart php5-"$pool" esac done @@ -1117,7 +1132,7 @@ rule_runit_configure () { local sv_hash=$(printf %s "$sv" | sha1sum | cut -f 1 -d ' ') local sv_status IFS= read -r sv_status_$sv_hash <<-EOF - $(sv status "$sv") + $(sudo sv status "$sv") EOF rm -f /etc/service/"$sv" done @@ -1139,12 +1154,12 @@ rule_runit_configure () { /etc/sv/"$sv"/log/run fi test ! -r "$tool"/etc/sv/"$sv"/configure.sh || - . "$tool"/etc/sv/"$sv"/configure.sh + . "$tool"/etc/sv/"$sv"/configure.sh ln -fns ../sv/"$sv" /etc/service/"$sv" eval local sv_status=\"\${sv_status_$sv_hash-}\" case $sv_status in ("") true;; - (run:*) sv restart "$sv";; + (run:*) sudo sv restart "$sv";; esac done } @@ -1203,7 +1218,7 @@ rule_ssh_configure () { #Compression yes #CompressionLevel 9 #ControlMaster auto - #ControlPath ~/var/run/ssh/%h-%p-%r.sock + #ControlPath ~/var/run/ssh/sock/%h-%p-%r GSSAPIAuthentication no GSSAPIDelegateCredentials no HashKnownHosts yes