Line 291: |
Line 291: |
| | | |
| Templates are normally expanded to be owned by <var class="LITERAL">root</var> and are not executable, which is a reasonable default for most configuration files. However, templates may need to generate configuration files which are owned by a different user, or which need to be executable or have other special permissions. This can be done by creating a <var class="LITERAL">templates.metadata</var> file which defines the additional attributes for the expansion. | | Templates are normally expanded to be owned by <var class="LITERAL">root</var> and are not executable, which is a reasonable default for most configuration files. However, templates may need to generate configuration files which are owned by a different user, or which need to be executable or have other special permissions. This can be done by creating a <var class="LITERAL">templates.metadata</var> file which defines the additional attributes for the expansion. |
− | | + | {{Note box|msg=Configuration files should generally '''not''' be writable by any user other than root. In particular, configuration files should not normally be writable the ''www'' user as this poses a significant security risk. Installation advice which says <tt>chmod 777</tt> is almost invariably wrong.}} |
− | <div class="NOTE"><blockquote class="NOTE">
| |
− | | |
− | '''Note: '''Configuration files should generally <span class="emphasis">''not''</span> be writable by any user other than root. In particular, configuration files should not normally be writable the <span class="emphasis">''www''</span> user as this poses a significant security risk. Installation advice which says "chmod 777" is almost invariably wrong.
| |
− | | |
− | </blockquote></div>
| |
| | | |
| For example, here is the metadata file <tt class="FILENAME">/etc/e-smith/templates.metadata/etc/ppp/ip-up.local</tt><nowiki>:</nowiki> | | For example, here is the metadata file <tt class="FILENAME">/etc/e-smith/templates.metadata/etc/ppp/ip-up.local</tt><nowiki>:</nowiki> |
Line 306: |
Line 301: |
| which sets the group to <var class="LITERAL">daemon</var> and makes the script executable. Note that the file is readable by members of the <var class="LITERAL">daemon</var> group, but it is not writable by anyone but root. It is also possible to use the same template to generate multiple output files, such as in this example: | | which sets the group to <var class="LITERAL">daemon</var> and makes the script executable. Note that the file is readable by members of the <var class="LITERAL">daemon</var> group, but it is not writable by anyone but root. It is also possible to use the same template to generate multiple output files, such as in this example: |
| | | |
− | <nowiki>TEMPLATE_PATH="/etc/sysconfig/network-scripts/route-ethX" | + | TEMPLATE_PATH="/etc/sysconfig/network-scripts/route-ethX" |
| OUTPUT_FILENAME="/etc/sysconfig/network-scripts/route-eth1" | | OUTPUT_FILENAME="/etc/sysconfig/network-scripts/route-eth1" |
| MORE_DATA={ THIS_DEVICE => "eth1" } | | MORE_DATA={ THIS_DEVICE => "eth1" } |
− | FILTER=sub { $_[0] =~ /^#/ ? '' : $_[0] } # Remove comments</nowiki> | + | FILTER=sub { $_[0] =~ /^#/ ? '' : $_[0] } # Remove comments |
| | | |
| The templates.metadata file for route-eth0 just uses <var class="LITERAL">eth0</var> instead of <var class="LITERAL">eth1</var> on the second and third lines. Note also the <var class="LITERAL">FILTER</var> setting which allows post-processing of the generated template. | | The templates.metadata file for route-eth0 just uses <var class="LITERAL">eth0</var> instead of <var class="LITERAL">eth1</var> on the second and third lines. Note also the <var class="LITERAL">FILTER</var> setting which allows post-processing of the generated template. |