Commit 2e2a9405 authored by Marco Mariani's avatar Marco Mariani

(deactivated) setcap commands to allow for chroot

echo zmsetup.pl command instead of calling it from buildout
parent 98c461c8
...@@ -307,8 +307,8 @@ install_cmd = ...@@ -307,8 +307,8 @@ install_cmd =
chmod 1777 data/tmp chmod 1777 data/tmp
mkdir backup ssl .ssh zmstat mkdir backup ssl .ssh zmstat
. ${:ZIMBRA_HOME}/.bashrc echo . ${:ZIMBRA_HOME}/.bashrc
ZIMBRA_INSTALLED_PKGS="${:PACKAGE_LIST}" ${:ZIMBRA_HOME}/libexec/zmsetup.pl echo ZIMBRA_INSTALLED_PKGS=\"${:PACKAGE_LIST}\" ${:ZIMBRA_HOME}/libexec/zmsetup.pl
...@@ -354,8 +354,8 @@ install_cmd = ...@@ -354,8 +354,8 @@ install_cmd =
# clear credential cache to spot commands in zmsetup.pl that would require sudo # clear credential cache to spot commands in zmsetup.pl that would require sudo
sudo -k sudo -k
. ${:ZIMBRA_HOME}/.bashrc echo . ${:ZIMBRA_HOME}/.bashrc
ZIMBRA_INSTALLED_PKGS="${:PACKAGE_LIST}" ${:ZIMBRA_HOME}/libexec/zmsetup.pl echo ZIMBRA_INSTALLED_PKGS=\"${:PACKAGE_LIST}\" ${:ZIMBRA_HOME}/libexec/zmsetup.pl
...@@ -412,12 +412,17 @@ install_cmd = ...@@ -412,12 +412,17 @@ install_cmd =
chmod 1777 data/tmp chmod 1777 data/tmp
touch ${:ZIMBRA_HOME}/postfix/conf/main.cf touch ${:ZIMBRA_HOME}/postfix/conf/main.cf
# allow executables to bind low ports
sudo setcap 'cap_net_bind_service=+ep' ${:ZIMBRA_HOME}/postfix/libexec/master sudo setcap 'cap_net_bind_service=+ep' ${:ZIMBRA_HOME}/postfix/libexec/master
# allow executables to call chroot - appearently not needed
## sudo setcap 'cap_sys_chroot+ep' ${:ZIMBRA_HOME}/postfix/libexec/qmgr
## sudo setcap 'cap_sys_chroot+ep' ${:ZIMBRA_HOME}/postfix/libexec/pickup
## sudo setcap 'cap_sys_chroot+ep' ${:ZIMBRA_HOME}/postfix/libexec/showq
# clear credential cache to spot commands in zmsetup.pl that would require sudo # clear credential cache to spot commands in zmsetup.pl that would require sudo
sudo -k sudo -k
. ${:ZIMBRA_HOME}/.bashrc echo . ${:ZIMBRA_HOME}/.bashrc
ZIMBRA_INSTALLED_PKGS="${:PACKAGE_LIST}" ${:ZIMBRA_HOME}/libexec/zmsetup.pl echo ZIMBRA_INSTALLED_PKGS=\"${:PACKAGE_LIST}\" ${:ZIMBRA_HOME}/libexec/zmsetup.pl
...@@ -489,11 +494,16 @@ install_cmd = ...@@ -489,11 +494,16 @@ install_cmd =
touch ${:ZIMBRA_HOME}/postfix/conf/main.cf touch ${:ZIMBRA_HOME}/postfix/conf/main.cf
mkdir backup ssl .ssh zmstat mkdir backup ssl .ssh zmstat
# allow executables to bind low ports
sudo setcap 'cap_net_bind_service=+ep' ${:ZIMBRA_HOME}/openldap/sbin/slapd sudo setcap 'cap_net_bind_service=+ep' ${:ZIMBRA_HOME}/openldap/sbin/slapd
sudo setcap 'cap_net_bind_service=+ep' ${:ZIMBRA_HOME}/postfix/libexec/master sudo setcap 'cap_net_bind_service=+ep' ${:ZIMBRA_HOME}/postfix/libexec/master
# allow executables to call chroot - appearently not needed
## sudo setcap 'cap_sys_chroot+ep' ${:ZIMBRA_HOME}/postfix/libexec/qmgr
## sudo setcap 'cap_sys_chroot+ep' ${:ZIMBRA_HOME}/postfix/libexec/pickup
## sudo setcap 'cap_sys_chroot+ep' ${:ZIMBRA_HOME}/postfix/libexec/showq
# clear credential cache to spot commands in zmsetup.pl that would require sudo # clear credential cache to spot commands in zmsetup.pl that would require sudo
sudo -k sudo -k
. ${:ZIMBRA_HOME}/.bashrc echo . ${:ZIMBRA_HOME}/.bashrc
ZIMBRA_INSTALLED_PKGS="${:PACKAGE_LIST}" ${:ZIMBRA_HOME}/libexec/zmsetup.pl echo ZIMBRA_INSTALLED_PKGS=\"${:PACKAGE_LIST}\" ${:ZIMBRA_HOME}/libexec/zmsetup.pl
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment