IT/Internal

From CA Greens wiki
Revision as of 02:24, 1 June 2011 by Boftgp (talk | contribs) (Be the mailman user and archive and remove an unwanted mailman list)

Jump to: navigation, search

Here are some things you might have to do on wangari.

Add a new web volunteer for a local

Check ownership of the local's directory. Count the files in the directory, then search for files not belonging to the right group or with inadequate permissions.

 ls -ld /w/cal/contracosta
 find /w/cal/contracosta  | wc -l
 find /w/cal/contracosta \! -group  contracosta
 find /w/cal/contracosta  -type d \! -perm -775 | wc -l

If the '-perm' search gives a non-zero line count, fix the offending plain file or directory. I'll use 'tail' to avoid flooding the terminal if there are hundreds. Use 'wc -l" to count lines instead.

 find /w/cal/contracosta  -type d \! -perm -775 | tail
 chmod ug+w,o-w /w/cal/contracosta/foobar.shtml
 chmod ug+w,o-w,a+x,g+s /w/cal/contracosta/foo/bar/baz/

We're setting write for the user and group and clearing it for others. Setting "search" (x) for everyone. Setting "set group-ID". The "set group-ID" bit tells the kernel any new file here must be created with the same user-ID and group-ID as this directory has. It has the effect that three different people creating files in the directory will all be creating files that belong to the "contracosta" group.

Suppose you find dozens of non-conforming files. You can combine the "wrong group" search and the fix:

 find /w/cal/contracosta -print0 \! -group  contracosta | xargs -0 -l10 chgrp contracosta

Wrong permissions search+fix. One for dirs and one for plain files:

 find /w/cal/contracosta -print0  -type d \! -perm -775 | xargs -0 -l10 chmod 2775
 find /w/cal/contracosta -print0  -type f \! -perm -644 | xargs -0 -l10 chmod 644
 

Check new volunteer's groups and add her or him to the right one.

 gpw bert
 gpw bheurer
 gpw contracosta
 adduser bheurer contracosta

Be the mailman user and archive and remove an unwanted mailman list

As root,

 su - list

which gives you a login shell as Mr. list. First remind yourself where Mailman is. Try the tab key instead of asterisk there.

 egrep 'cgi-bin|piperm' /etc/apa*/sites-a*/wa* | grep -v '^#'

Then do stuff. Keep the name of the list in a shell variable to avoid typing it over and over.

 cd /var/lib/mailman
 bye=humboldt-discuss
 file  archives/private/$bye*
 cp -a lists/$bye ~/oldlists/lists
 cp -a archives/private/$bye* ~/oldlists/archives
 ls -l data/al*
 ls bin
 bin/rmlist -a $bye
 ls -l data/al*

Now it's gone. After a minute or two, Postfix will notice the change and forget about the former list's addresses. You don't have to signal it.

 exit
 exit

password protect a directory on the web server

Create (-c) a new password file with one username password pair in it. If you're adding a pair to an existing password file, skip the -c.

 htpasswd -c -b /home/jims/seekritstuff/.htpasswd-foobar userjoe joesseekritpasswerd

Create a web server config file in the directory you're protecting

 cd /w/cal/seekritdir
 cat <<enuf
 AuthUserFile /home/jims/seekritstuff/.htpasswd-foobar
 AuthGroupFile /dev/null
 AuthName Internal
 AuthType Basic
 require valid-user
 enuf