now runs without root

23 years ago · 3e20cde0cb
3 changed files with 81 additions and 18 deletions
--- a/rt/rc.rt
+++ b/rt/rc.rt
@ -18,24 +18,24 @@
    rt_err_rotprolog="true"
    rt_err_rotepilog="true"
    rt_apachectl=@l_prefix@/libexec/rt/tools/rtapachectl
-    rt_sessiondir=@l_pefix@/var/rt/mason-session
+    rt_sessiondir=@l_prefix@/var/rt/mason-session

-%start -p 200 -u root
+%start -p 200 -u @l_rusr@
    opServiceEnabled rt || exit 0
    ${rt_apachectl} start

-%stop -p 200 -u root
+%stop -p 200 -u @l_rusr@
    opServiceEnabled rt || exit 0
    ${rt_apachectl} stop
    sleep 2

-%restart -u root
+%restart -u @l_rusr@
    opServiceEnabled rt || exit 0
    ${rt_apachectl} stop
    sleep 2
    ${rt_apachectl} start

-%daily -u root
+%daily -u @l_rusr@
    opServiceEnabled rt || exit 0
    if [ ".$rt_log_files" != . ]; then
        shtool rotate -f \
--- a/rt/rt.spec
+++ b/rt/rt.spec
@ -238,8 +238,8 @@ AutoReqProv:  no
        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
    %{l_shtool} install -c -m 755 \
        -e 's;@l_prefix@;%{l_prefix};g' \
-        -e 's;@l_musr@;%{l_rusr};g'     \
-        -e 's;@l_mgrp@;%{l_rgrp};g'     \
+        -e 's;@l_rusr@;%{l_rusr};g'     \
+        -e 's;@l_rgrp@;%{l_rgrp};g'     \
        %{SOURCE rc.rt} \
        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/

@ -283,7 +283,8 @@ AutoReqProv:  no
        '%attr(640,%{l_musr},%{l_rgrp}) %{l_prefix}/etc/rt/config.pm' \
        '%attr(750,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/rt/mason-data' \
        '%attr(750,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/rt/mason-session' \
-        '%attr(750,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/rt/log'
+        '%attr(750,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/rt/log' \
+        '%attr(750,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/rt/run'

 %files -f files

@ -312,4 +313,5 @@ AutoReqProv:  no
        rm -f -r $RPM_INSTALL_PREFIX/var/rt/mason-data/*
        rm -f $RPM_INSTALL_PREFIX/var/rt/log/*
        rm -f $RPM_INSTALL_PREFIX/var/rt/run/apache.pid
+        rm -f $RPM_INSTALL_PREFIX/var/rt/run/ssl_scache
    fi
--- a/rt/rtapache.conf
+++ b/rt/rtapache.conf
@ -3,20 +3,81 @@
 ##  ______________________________________________________
 ##

-#   suck in Apache default/base configuration
-Include "@l_prefix@/etc/apache/apache.base"
+ServerType             standalone
+ServerRoot             @l_prefix@
+ServerAdmin            root@@l_hostname@.@l_domainame@
+ServerName             @l_hostname@.@l_domainame@
+ServerTokens           Prod
+User                   @l_rusr@
+Group                  @l_rgrp@
+Port                   8380

-#ServerName       rt.example.com
-
-User              @l_rusr@
-Group             @l_rgrp@
-Port              8380
+#   runtime files
 PidFile           @l_prefix@/var/rt/run/apache.pid
 ScoreBoardFile    @l_prefix@/var/rt/run/apache.sb
-CustomLog         @l_prefix@/var/rt/log/access.log common
-ErrorLog          @l_prefix@/var/rt/log/error.log
-MaxClients        5

+#  server behaviour
+Timeout                300
+KeepAlive              on
+MaxKeepAliveRequests   100
+KeepAliveTimeout       15
+MinSpareServers        5
+MaxSpareServers        10
+StartServers           5
+MaxClients             15
+MaxRequestsPerChild    500
+HostnameLookups        off
+UseCanonicalName       on
+
+#   access logging
+LogFormat              "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat              "%h %l %u %t \"%r\" %>s %b" common
+LogFormat              "%{Referer}i -> %U" referer
+LogFormat              "%{User-agent}i" agent
+CustomLog              @l_prefix@/var/rt/log/access.log common
+
+#   error logging
+LogLevel               warn
+ErrorLog               @l_prefix@/var/rt/log/error.log
+ServerSignature        on
+
+#   secure root directory
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+</Directory>
+
+#   browser specifics
+<IfModule mod_setenvif.c>
+    BrowserMatch "Mozilla/2"       nokeepalive
+    BrowserMatch "MSIE 4\.0b2;"    nokeepalive downgrade-1.0 force-response-1.0
+    BrowserMatch "RealPlayer 4\.0" force-response-1.0
+    BrowserMatch "Java/1\.0"       force-response-1.0
+    BrowserMatch "JDK/1\.0"        force-response-1.0
+</IfModule>
+
+#   SSL/TLS support
+<IfModule mod_ssl.c>
+    SSLRandomSeed           startup builtin
+    SSLRandomSeed           connect builtin
+    SSLMutex                sem
+    SSLSessionCache         shmcb:@l_prefix@/var/rt/run/ssl_scache(512000)
+    SSLSessionCacheTimeout  300
+    SSLLog                  @l_prefix@/var/rt/log/ssl.log
+    SSLLogLevel             warn
+    SSLCipherSuite          ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+    SetEnvIf User-Agent ".*MSIE.*" \
+             nokeepalive ssl-unclean-shutdown \
+             downgrade-1.0 force-response-1.0
+    <Files ~ "\.(cgi|shtml|phtml|php?)$">
+        SSLOptions +StdEnvVars
+    </Files>
+    <Directory "@l_prefix@/cgi">
+        SSLOptions +StdEnvVars
+    </Directory>
+</IfModule>
+
+#   configure global document root
 DocumentRoot      @l_prefix@/libexec/rt/WebRT/html
 <Directory        "@l_prefix@/libexec/rt/WebRT/html">
 Options           None