Changes

From SME Server
Jump to navigationJump to search
m
Changed Note to use Template:Note box
Line 291: Line 291:     
Templates are normally expanded to be owned by <var class="LITERAL">root</var> and are not executable, which is a reasonable default for most configuration files. However, templates may need to generate configuration files which are owned by a different user, or which need to be executable or have other special permissions. This can be done by creating a <var class="LITERAL">templates.metadata</var> file which defines the additional attributes for the expansion.
 
Templates are normally expanded to be owned by <var class="LITERAL">root</var> and are not executable, which is a reasonable default for most configuration files. However, templates may need to generate configuration files which are owned by a different user, or which need to be executable or have other special permissions. This can be done by creating a <var class="LITERAL">templates.metadata</var> file which defines the additional attributes for the expansion.
 
+
{{Note box|msg=Configuration files should generally '''not''' be writable by any user other than root. In particular, configuration files should not normally be writable the ''www'' user as this poses a significant security risk. Installation advice which says <tt>chmod 777</tt> is almost invariably wrong.}}
<div class="NOTE"><blockquote class="NOTE">
  −
 
  −
'''Note: '''Configuration files should generally <span class="emphasis">''not''</span> be writable by any user other than root. In particular, configuration files should not normally be writable the <span class="emphasis">''www''</span> user as this poses a significant security risk. Installation advice which says "chmod 777" is almost invariably wrong.
  −
 
  −
</blockquote></div>
      
For example, here is the metadata file <tt class="FILENAME">/etc/e-smith/templates.metadata/etc/ppp/ip-up.local</tt><nowiki>:</nowiki>
 
For example, here is the metadata file <tt class="FILENAME">/etc/e-smith/templates.metadata/etc/ppp/ip-up.local</tt><nowiki>:</nowiki>
Line 306: Line 301:  
which sets the group to <var class="LITERAL">daemon</var> and makes the script executable. Note that the file is readable by members of the <var class="LITERAL">daemon</var> group, but it is not writable by anyone but root. It is also possible to use the same template to generate multiple output files, such as in this example:
 
which sets the group to <var class="LITERAL">daemon</var> and makes the script executable. Note that the file is readable by members of the <var class="LITERAL">daemon</var> group, but it is not writable by anyone but root. It is also possible to use the same template to generate multiple output files, such as in this example:
   −
  <nowiki>TEMPLATE_PATH="/etc/sysconfig/network-scripts/route-ethX"
+
  TEMPLATE_PATH="/etc/sysconfig/network-scripts/route-ethX"
 
  OUTPUT_FILENAME="/etc/sysconfig/network-scripts/route-eth1"
 
  OUTPUT_FILENAME="/etc/sysconfig/network-scripts/route-eth1"
 
  MORE_DATA={ THIS_DEVICE => "eth1" }
 
  MORE_DATA={ THIS_DEVICE => "eth1" }
  FILTER=sub { $_[0] =~ /^#/ ? '' : $_[0] } # Remove comments</nowiki>
+
  FILTER=sub { $_[0] =~ /^#/ ? '' : $_[0] } # Remove comments
    
The templates.metadata file for route-eth0 just uses <var class="LITERAL">eth0</var> instead of <var class="LITERAL">eth1</var> on the second and third lines. Note also the <var class="LITERAL">FILTER</var> setting which allows post-processing of the generated template.
 
The templates.metadata file for route-eth0 just uses <var class="LITERAL">eth0</var> instead of <var class="LITERAL">eth1</var> on the second and third lines. Note also the <var class="LITERAL">FILTER</var> setting which allows post-processing of the generated template.

Navigation menu