#!/bin/sh
+if [ "$UID" -eq 0 ]; then
+ echo "No need to run as root."
+ exit 1
+fi
+
if [ "$1" = "-h" -o "$1" = "--help" -o $# -ne 1 ]; then
echo "Usage $0 <dirname>"
echo "<dirname> is the full path to the site, such as /var/www/example.nl"
# The template to copy
TEMPLATE_DIR=/data/www/template
# The bases to create users under
-USERBASE="ou=Httpd Users,ou=Users,dc=drsnuggles,dc=stderr,dc=nl"
-GROUPBASE="ou=Domain Groups,ou=Groups,dc=drsnuggles,dc=stderr,dc=nl"
+USERBASE="uniqueIdentifier=7,uniqueIdentifier=6,dc=drsnuggles,dc=stderr,dc=nl"
+GROUPBASE="uniqueIdentifier=4,uniqueIdentifier=8,dc=drsnuggles,dc=stderr,dc=nl"
# PHP config to change the error_log setting in
PHP_CONFIG=conf/php.ini.override
# PHP error logfile to set error_log to
ldapvi --profile bind --add --in --ldapvi <<EOF || exit
add cn=$GROUP,$GROUPBASE
cn: $GROUP
+displayName: $SITE
gidNumber: $ID
-objectClass: posixGroup
+objectClass: simplePosixGroup
+objectClass: simpleGroup
objectClass: top
-add cn=$SITE,$USERBASE
-cn: $SITE
+add cn=$SCRIPT_USER,$USERBASE
+cn: $SCRIPT_USER
+displayName: $SITE
uidNumber: $ID
gidNumber: $HTTPD_USERS_GID
homeDirectory: $DIR
objectClass: posixAccount
-objectClass: account
+objectClass: simpleObject
objectClass: top
uid: $SCRIPT_USER
EOF
# Allow lighttpd to read anything in htdocs, applications, conf and data
sudo setfacl -R -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs" "$DIR/applications" "$DIR/conf" "$DIR/data"
-# Allow lighttpd to write new files in logs (but not touch existing or those created by lighttpd)
-sudo setfacl -m u:$HTTPD_USER:rwX "$DIR/logs"
+# Allow lighttpd to write new files in logs
+sudo setfacl -m d:u:$HTTPD_USER:rwX,u:$HTTPD_USER:rwX "$DIR/logs"
# Give scripts read access to the dir itself
sudo setfacl -m u:$SCRIPT_USER:rx "$DIR"
projects / matthijs / servers / drsnuggles.git / blobdiff