|
|
- #!/bin/sh /etc/rc.common
-
- . /lib/functions.sh
-
- START=95
- STOP=10
-
- USE_PROCD=1
- BACKUPPC_BIN="/usr/share/backuppc/bin/BackupPC"
- BACKUPPC_USER=backuppc
-
- # it would be better if it was possible to do this at install time, but we
- # can't, because in case of an openwrt image bundled with backuppc, all
- # ownerships other than root are lost.
- preconfigure() {
- # create backuppc group and user if needed
- if ! group_exists backuppc; then
- group_add backuppc 864
- fi
- if ! user_exists backuppc; then
- user_add backuppc 864 864 "BackupPC user" /data/backuppc /bin/sh
- fi
- # install default config if none exists, yet
- if [ ! -e /data/backuppc/conf/config.pl ]; then
- cp /usr/share/backuppc/conf/config.pl /data/backuppc/conf/config.pl
- fi
- # ensure proper ownerships and rights
- chown backuppc:backuppc /data/backuppc /data/backuppc/* \
- /www/cgi-bin/BackupPC_Admin
- chmod 750 /data/backuppc /data/backuppc/*
- chmod 755 /usr/share/backuppc/bin/BackupPC_Admin_real
- # The CGI needs to be world-executable, because uhttpd-cgi.c:386 checks
- # for exactly that. We don't want that, but can't avoid it, currently.
- chmod 6751 /www/cgi-bin/BackupPC_Admin
- chown -R :backuppc /data/backuppc/conf
- chmod 2770 /data/backuppc/conf
- # protect webinterface with a random password by default
- if [ -x /usr/sbin/uhttpd ] && ! grep -q backuppc /etc/httpd.conf >/dev/null 2>&1; then
- PASS=$(perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..8)')
- PASSHASH=$(/usr/sbin/uhttpd -m "${PASS}")
- echo "/cgi-bin/BackupPC_Admin:backuppc:${PASSHASH}" >> /etc/httpd.conf
- uci set uhttpd.main.config=/etc/httpd.conf
- /etc/init.d/uhttpd restart
- # inform user
- echo
- echo "To protect access to the backuppc web interface, HTTP basic authentication in"
- echo "uhttpd for http://$(/sbin/uci get "system.@system[0].hostname")/cgi-bin/BackupPC_Admin has been configured:"
- echo "user: backuppc"
- echo "pass: ${PASS}"
- echo
- echo "It is also recommended to follow the steps in"
- echo "https://wiki.openwrt.org/doc/uci/uhttpd#securing_uhttpd"
- echo "to secure access to uhttpd."
- fi
- }
-
- start_service() {
- # don't run preconfigure steps if called during image build
- if [ -z "${IPKG_INSTROOT}" ]; then
- preconfigure
- fi
- procd_open_instance
- procd_set_param user $BACKUPPC_USER
- procd_set_param reload_signal 1
- procd_set_param command $BACKUPPC_BIN
- }
|