From 3e20cde0cbfbee63e69c9ff324bd5254a3a52fda Mon Sep 17 00:00:00 2001
From: Michael van Elst <mlestv@openpkg.org>
Date: Tue, 28 Jan 2003 12:31:55 +0000
Subject: [PATCH] now runs without root

---
 rt/rc.rt         | 10 +++---
 rt/rt.spec       |  8 +++--
 rt/rtapache.conf | 81 ++++++++++++++++++++++++++++++++++++++++++------
 3 files changed, 81 insertions(+), 18 deletions(-)

diff --git a/rt/rc.rt b/rt/rc.rt
index b8bd461b08..75836c3f0c 100644
--- a/rt/rc.rt
+++ b/rt/rc.rt
@@ -18,24 +18,24 @@
     rt_err_rotprolog="true"
     rt_err_rotepilog="true"
     rt_apachectl=@l_prefix@/libexec/rt/tools/rtapachectl
-    rt_sessiondir=@l_pefix@/var/rt/mason-session
+    rt_sessiondir=@l_prefix@/var/rt/mason-session
 
-%start -p 200 -u root
+%start -p 200 -u @l_rusr@
     opServiceEnabled rt || exit 0
     ${rt_apachectl} start
 
-%stop -p 200 -u root
+%stop -p 200 -u @l_rusr@
     opServiceEnabled rt || exit 0
     ${rt_apachectl} stop
     sleep 2
 
-%restart -u root
+%restart -u @l_rusr@
     opServiceEnabled rt || exit 0
     ${rt_apachectl} stop
     sleep 2
     ${rt_apachectl} start
 
-%daily -u root
+%daily -u @l_rusr@
     opServiceEnabled rt || exit 0
     if [ ".$rt_log_files" != . ]; then
         shtool rotate -f \
diff --git a/rt/rt.spec b/rt/rt.spec
index 0378ba4e0b..2fe60cb6cb 100644
--- a/rt/rt.spec
+++ b/rt/rt.spec
@@ -238,8 +238,8 @@ AutoReqProv:  no
         $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d
     %{l_shtool} install -c -m 755 \
         -e 's;@l_prefix@;%{l_prefix};g' \
-        -e 's;@l_musr@;%{l_rusr};g'     \
-        -e 's;@l_mgrp@;%{l_rgrp};g'     \
+        -e 's;@l_rusr@;%{l_rusr};g'     \
+        -e 's;@l_rgrp@;%{l_rgrp};g'     \
         %{SOURCE rc.rt} \
         $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
 
@@ -283,7 +283,8 @@ AutoReqProv:  no
         '%attr(640,%{l_musr},%{l_rgrp}) %{l_prefix}/etc/rt/config.pm' \
         '%attr(750,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/rt/mason-data' \
         '%attr(750,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/rt/mason-session' \
-        '%attr(750,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/rt/log'
+        '%attr(750,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/rt/log' \
+        '%attr(750,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/rt/run'
 
 %files -f files
 
@@ -312,4 +313,5 @@ AutoReqProv:  no
         rm -f -r $RPM_INSTALL_PREFIX/var/rt/mason-data/*
         rm -f $RPM_INSTALL_PREFIX/var/rt/log/*
         rm -f $RPM_INSTALL_PREFIX/var/rt/run/apache.pid
+        rm -f $RPM_INSTALL_PREFIX/var/rt/run/ssl_scache
     fi
diff --git a/rt/rtapache.conf b/rt/rtapache.conf
index e3f9079277..b2423879ae 100644
--- a/rt/rtapache.conf
+++ b/rt/rtapache.conf
@@ -3,20 +3,81 @@
 ##  ______________________________________________________
 ##
 
-#   suck in Apache default/base configuration
-Include "@l_prefix@/etc/apache/apache.base"
+ServerType             standalone
+ServerRoot             @l_prefix@
+ServerAdmin            root@@l_hostname@.@l_domainame@
+ServerName             @l_hostname@.@l_domainame@
+ServerTokens           Prod
+User                   @l_rusr@
+Group                  @l_rgrp@
+Port                   8380
 
-#ServerName       rt.example.com
-
-User              @l_rusr@
-Group             @l_rgrp@
-Port              8380
+#   runtime files
 PidFile           @l_prefix@/var/rt/run/apache.pid
 ScoreBoardFile    @l_prefix@/var/rt/run/apache.sb
-CustomLog         @l_prefix@/var/rt/log/access.log common
-ErrorLog          @l_prefix@/var/rt/log/error.log
-MaxClients        5
 
+#  server behaviour
+Timeout                300
+KeepAlive              on
+MaxKeepAliveRequests   100
+KeepAliveTimeout       15
+MinSpareServers        5
+MaxSpareServers        10
+StartServers           5
+MaxClients             15
+MaxRequestsPerChild    500
+HostnameLookups        off
+UseCanonicalName       on
+
+#   access logging
+LogFormat              "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat              "%h %l %u %t \"%r\" %>s %b" common
+LogFormat              "%{Referer}i -> %U" referer
+LogFormat              "%{User-agent}i" agent
+CustomLog              @l_prefix@/var/rt/log/access.log common
+
+#   error logging
+LogLevel               warn
+ErrorLog               @l_prefix@/var/rt/log/error.log
+ServerSignature        on
+
+#   secure root directory
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+</Directory>
+
+#   browser specifics
+<IfModule mod_setenvif.c>
+    BrowserMatch "Mozilla/2"       nokeepalive
+    BrowserMatch "MSIE 4\.0b2;"    nokeepalive downgrade-1.0 force-response-1.0
+    BrowserMatch "RealPlayer 4\.0" force-response-1.0
+    BrowserMatch "Java/1\.0"       force-response-1.0
+    BrowserMatch "JDK/1\.0"        force-response-1.0
+</IfModule>
+
+#   SSL/TLS support
+<IfModule mod_ssl.c>
+    SSLRandomSeed           startup builtin
+    SSLRandomSeed           connect builtin
+    SSLMutex                sem
+    SSLSessionCache         shmcb:@l_prefix@/var/rt/run/ssl_scache(512000)
+    SSLSessionCacheTimeout  300
+    SSLLog                  @l_prefix@/var/rt/log/ssl.log
+    SSLLogLevel             warn
+    SSLCipherSuite          ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+    SetEnvIf User-Agent ".*MSIE.*" \
+             nokeepalive ssl-unclean-shutdown \
+             downgrade-1.0 force-response-1.0
+    <Files ~ "\.(cgi|shtml|phtml|php?)$">
+        SSLOptions +StdEnvVars
+    </Files>
+    <Directory "@l_prefix@/cgi">
+        SSLOptions +StdEnvVars
+    </Directory>
+</IfModule>
+
+#   configure global document root
 DocumentRoot      @l_prefix@/libexec/rt/WebRT/html
 <Directory        "@l_prefix@/libexec/rt/WebRT/html">
 Options           None