diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2017-10-07 19:32:06 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2017-10-07 19:32:06 -0300 |
commit | 0d6bcb2b7d08e3a41481372c1ae0d11868d88b1b (patch) | |
tree | d4429ce3a62e9cb5d095ad567b5f821d99a7b9f5 /templates/vserver | |
parent | 5bfb15bdbedbc7273a283d611c84ed1cf401011b (diff) | |
download | simplepkg-0d6bcb2b7d08e3a41481372c1ae0d11868d88b1b.tar.gz simplepkg-0d6bcb2b7d08e3a41481372c1ae0d11868d88b1b.tar.bz2 |
New repo layout with git migration
Diffstat (limited to 'templates/vserver')
34 files changed, 4717 insertions, 0 deletions
diff --git a/templates/vserver/files/etc/apache/httpd.conf b/templates/vserver/files/etc/apache/httpd.conf new file mode 100644 index 0000000..7b7115d --- /dev/null +++ b/templates/vserver/files/etc/apache/httpd.conf @@ -0,0 +1,1046 @@ +## +## httpd.conf -- Apache HTTP server configuration file +## + +# +# Based upon the NCSA server configuration files originally by Rob McCool. +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See <URL:http://httpd.apache.org/docs/> for detailed information about +# the directives. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# After this file is processed, the server will look for and process +# /etc/apache/srm.conf and then /etc/apache/access.conf +# unless you have overridden these with ResourceConfig and/or +# AccessConfig directives here. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" +# with ServerRoot set to "/usr/local/apache" will be interpreted by the +# server as "/usr/local/apache/logs/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# + +# +# ServerType is either inetd, or standalone. Inetd mode is only supported on +# Unix platforms. +# +ServerType standalone + +# ServerTokens directive +ServerTokens ProductOnly + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation +# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>); +# you will save yourself a lot of trouble. +# +ServerRoot "/usr" + +# +# The LockFile directive sets the path to the lockfile used when Apache +# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or +# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at +# its default value. The main reason for changing it is if the logs +# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL +# DISK. The PID of the main server process is automatically appended to +# the filename. +# +#LockFile /var/run/httpd.lock + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +PidFile /var/run/httpd.pid + +# +# ScoreBoardFile: File used to store internal server process information. +# Not all architectures require this. But if yours does (you'll know because +# this file will be created when you run Apache) then you *must* ensure that +# no two invocations of Apache share the same scoreboard file. +# +ScoreBoardFile /var/run/httpd.scoreboard + +# +# In the standard configuration, the server will process httpd.conf (this +# file, specified by the -f command line option), srm.conf, and access.conf +# in that order. The latter two files are now distributed empty, as it is +# recommended that all directives be kept in a single file for simplicity. +# The commented-out values below are the built-in defaults. You can have the +# server ignore these files altogether by using "/dev/null" (for Unix) or +# "nul" (for Win32) for the arguments to the directives. +# +#ResourceConfig /etc/apache/srm.conf +#AccessConfig /etc/apache/access.conf + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 2 + +# +# Server-pool size regulation. Rather than making you guess how many +# server processes you need, Apache dynamically adapts to the load it +# sees --- that is, it tries to maintain enough server processes to +# handle the current load, plus a few spare servers to handle transient +# load spikes (e.g., multiple simultaneous requests from a single +# Netscape browser). +# +# It does this by periodically checking how many servers are waiting +# for a request. If there are fewer than MinSpareServers, it creates +# a new spare. If there are more than MaxSpareServers, some of the +# spares die off. The default values are probably OK for most sites. +# +MinSpareServers 5 +MaxSpareServers 10 + +# +# Number of servers to start initially --- should be a reasonable ballpark +# figure. +# +StartServers 5 + +# +# Limit on total number of servers running, i.e., limit on the number +# of clients who can simultaneously connect --- if this limit is ever +# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW. +# It is intended mainly as a brake to keep a runaway server from taking +# the system with it as it spirals down... +# +MaxClients 150 + +# +# MaxRequestsPerChild: the number of requests each child process is +# allowed to process before the child dies. The child will exit so +# as to avoid problems after prolonged use when Apache (and maybe the +# libraries it uses) leak memory or other resources. On most systems, this +# isn't really needed, but a few (such as Solaris) do have notable leaks +# in the libraries. For these platforms, set to something like 10000 +# or so; a setting of 0 means unlimited. +# +# NOTE: This value does not include keepalive requests after the initial +# request per connection. For example, if a child process handles +# an initial request and 10 subsequent "keptalive" requests, it +# would only count as 1 request towards this limit. +# +MaxRequestsPerChild 0 + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the <VirtualHost> +# directive. +# +#Listen 3000 +#Listen 12.34.56.78:80 + +# +# BindAddress: You can support virtual hosts with this option. This directive +# is used to tell the server which IP address to listen to. It can either +# contain "*", an IP address, or a fully qualified Internet domain name. +# See also the <VirtualHost> and Listen directives. +# +#BindAddress * + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Please read the file http://httpd.apache.org/docs/dso.html for more +# details about the DSO mechanism and run `httpd -l' for the list of already +# built-in (statically linked and thus always available) modules in your httpd +# binary. +# +# Note: The order in which modules are loaded is important. Don't change +# the order below without expert advice. +# +# Example: +# LoadModule foo_module libexec/mod_foo.so +LoadModule vhost_alias_module libexec/apache/mod_vhost_alias.so +#LoadModule env_module libexec/apache/mod_env.so +LoadModule define_module libexec/apache/mod_define.so +LoadModule config_log_module libexec/apache/mod_log_config.so +LoadModule mime_magic_module libexec/apache/mod_mime_magic.so +LoadModule mime_module libexec/apache/mod_mime.so +LoadModule negotiation_module libexec/apache/mod_negotiation.so +#LoadModule status_module libexec/apache/mod_status.so +#LoadModule info_module libexec/apache/mod_info.so +LoadModule includes_module libexec/apache/mod_include.so +LoadModule autoindex_module libexec/apache/mod_autoindex.so +LoadModule dir_module libexec/apache/mod_dir.so +LoadModule cgi_module libexec/apache/mod_cgi.so +#LoadModule asis_module libexec/apache/mod_asis.so +#LoadModule imap_module libexec/apache/mod_imap.so +#LoadModule action_module libexec/apache/mod_actions.so +#LoadModule speling_module libexec/apache/mod_speling.so +#LoadModule userdir_module libexec/apache/mod_userdir.so +LoadModule alias_module libexec/apache/mod_alias.so +LoadModule rewrite_module libexec/apache/mod_rewrite.so +LoadModule access_module libexec/apache/mod_access.so +LoadModule auth_module libexec/apache/mod_auth.so +LoadModule anon_auth_module libexec/apache/mod_auth_anon.so +#LoadModule dbm_auth_module libexec/apache/mod_auth_dbm.so +#LoadModule digest_module libexec/apache/mod_digest.so +LoadModule proxy_module libexec/apache/libproxy.so +LoadModule cern_meta_module libexec/apache/mod_cern_meta.so +LoadModule expires_module libexec/apache/mod_expires.so +LoadModule headers_module libexec/apache/mod_headers.so +#LoadModule usertrack_module libexec/apache/mod_usertrack.so +#LoadModule log_forensic_module libexec/apache/mod_log_forensic.so +#LoadModule unique_id_module libexec/apache/mod_unique_id.so +LoadModule setenvif_module libexec/apache/mod_setenvif.so + +# Reconstruction of the complete module list from all available modules +# (static and shared ones) to achieve correct module execution order. +# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO] +ClearModuleList +AddModule mod_vhost_alias.c +#AddModule mod_env.c +AddModule mod_define.c +AddModule mod_log_config.c +AddModule mod_mime_magic.c +AddModule mod_mime.c +AddModule mod_negotiation.c +#AddModule mod_status.c +#AddModule mod_info.c +AddModule mod_include.c +AddModule mod_autoindex.c +AddModule mod_dir.c +AddModule mod_cgi.c +#AddModule mod_asis.c +#AddModule mod_imap.c +#AddModule mod_actions.c +#AddModule mod_speling.c +#AddModule mod_userdir.c +AddModule mod_alias.c +AddModule mod_rewrite.c +AddModule mod_access.c +AddModule mod_auth.c +AddModule mod_auth_anon.c +#AddModule mod_auth_dbm.c +#AddModule mod_digest.c +AddModule mod_proxy.c +AddModule mod_cern_meta.c +AddModule mod_expires.c +AddModule mod_headers.c +#AddModule mod_usertrack.c +#AddModule mod_log_forensic.c +#AddModule mod_unique_id.c +AddModule mod_so.c +AddModule mod_setenvif.c + +# +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. The default is Off. +# +#ExtendedStatus On + +### Section 2: 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# <VirtualHost> definition. These values also provide defaults for +# any <VirtualHost> containers you may define later in the file. +# +# All of these directives may appear inside <VirtualHost> containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# If your ServerType directive (set earlier in the 'Global Environment' +# section) is set to "inetd", the next few directives don't have any +# effect since their settings are defined by the inetd configuration. +# Skip ahead to the ServerAdmin directive. +# + +# +# Port: The port to which the standalone server listens. For +# ports < 1023, you will need httpd to be run as root initially. +# +Port 80 + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# . On SCO (ODT 3) use "User nouser" and "Group nogroup". +# . On HPUX you may not be able to use shared memory as nobody, and the +# suggested workaround is to create a user www and use that user. +# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) +# when the value of (unsigned)Group is above 60000; +# don't use Group "#-1" on these systems! +# +User nobody +Group nobody + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. +# +ServerAdmin root@midas.slackware.lan + +# +# ServerName allows you to set a host name which is sent back to clients for +# your server if it's different than the one the program would get (i.e., use +# "www" instead of the host's real name). +# +# Note: You cannot just invent host names and hope they work. The name you +# define here must be a valid DNS name for your host. If you don't understand +# this, ask your network administrator. +# If your host doesn't have a registered DNS name, enter its IP address here. +# You will have to access it by its address (e.g., http://123.45.67.89/) +# anyway, and this will make redirections work in a sensible way. +# +# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your +# machine always knows itself by this address. If you use Apache strictly for +# local testing and development, you may use 127.0.0.1 as the server name. +# +#ServerName www.example.com + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/var/www/htdocs" + +# +# Each directory to which Apache has access, can be configured with respect +# to which services and features are allowed and/or disabled in that +# directory (and its subdirectories). +# +# First, we configure the "default" to be a very restrictive set of +# permissions. +# +<Directory /> + Options FollowSymLinks + AllowOverride None +</Directory> + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# This should be changed to whatever you set DocumentRoot to. +# +<Directory "/var/www/htdocs"> + +# +# This may also be "None", "All", or any combination of "Indexes", +# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". +# +# Note that "MultiViews" must be named *explicitly* --- "Options All" +# doesn't give it to you. +# + Options Indexes FollowSymLinks MultiViews + +# +# This controls which options the .htaccess files in directories can +# override. Can also be "All", or any combination of "Options", "FileInfo", +# "AuthConfig", and "Limit" +# + AllowOverride None + +# +# Controls who can get stuff from this server. +# + Order allow,deny + Allow from all +</Directory> + +# +# UserDir: The name of the directory which is appended onto a user's home +# directory if a ~user request is received. +# +<IfModule mod_userdir.c> + UserDir public_html +</IfModule> + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# +#<Directory /home/*/public_html> +# AllowOverride FileInfo AuthConfig Limit +# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec +# <Limit GET POST OPTIONS PROPFIND> +# Order allow,deny +# Allow from all +# </Limit> +# <LimitExcept GET POST OPTIONS PROPFIND> +# Order deny,allow +# Deny from all +# </LimitExcept> +#</Directory> + +# +# DirectoryIndex: Name of the file or files to use as a pre-written HTML +# directory index. Separate multiple entries with spaces. +# +<IfModule mod_dir.c> + DirectoryIndex index.html +</IfModule> + +# +# AccessFileName: The name of the file to look for in each directory +# for access control information. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess files from being viewed by +# Web clients. Since .htaccess files often contain authorization +# information, access is disallowed for security reasons. Comment +# these lines out if you want Web visitors to see the contents of +# .htaccess files. If you change the AccessFileName directive above, +# be sure to make the corresponding changes here. +# +# Also, folks tend to use names such as .htpasswd for password +# files, so this will protect those as well. +# +<Files ~ "^\.ht"> + Order allow,deny + Deny from all + Satisfy All +</Files> + +# +# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each +# document that was negotiated on the basis of content. This asks proxy +# servers not to cache the document. Uncommenting the following line disables +# this behavior, and proxies will be allowed to cache the documents. +# +#CacheNegotiatedDocs + +# +# UseCanonicalName: (new for 1.3) With this setting turned on, whenever +# Apache needs to construct a self-referencing URL (a URL that refers back +# to the server the response is coming from) it will use ServerName and +# Port to form a "canonical" name. With this setting off, Apache will +# use the hostname:port that the client supplied, when possible. This +# also affects SERVER_NAME and SERVER_PORT in CGI scripts. +# +UseCanonicalName On + +# +# TypesConfig describes where the mime.types file (or equivalent) is +# to be found. +# +<IfModule mod_mime.c> + TypesConfig /etc/apache/mime.types +</IfModule> + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + +# +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +# mod_mime_magic is not part of the default server (you have to add +# it yourself with a LoadModule [see the DSO paragraph in the 'Global +# Environment' section], or recompile the server and include mod_mime_magic +# as part of the configuration), so it's enclosed in an <IfModule> container. +# This means that the MIMEMagicFile directive will only be processed if the +# module is part of the server. +# +<IfModule mod_mime_magic.c> + MIMEMagicFile /etc/apache/magic +</IfModule> + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a <VirtualHost> +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a <VirtualHost> +# container, that host's errors will be logged there and not here. +# +ErrorLog "| /usr/bin/error-log.sh /var/log/apache/error_log" + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# +LogFormat "%l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# +# The location and format of the access logfile (Common Logfile Format). +# If you do not define any access logfiles within a <VirtualHost> +# container, they will be logged here. Contrariwise, if you *do* +# define per-<VirtualHost> access logfiles, transactions will be +# logged therein and *not* in this file. +# +CustomLog /var/log/apache/access_log common + +# +# If you would like to have agent and referer logfiles, uncomment the +# following directives. +# +#CustomLog /var/log/apache/referer_log referer +#CustomLog /var/log/apache/agent_log agent + +# +# If you prefer a single logfile with access, agent, and referer information +# (Combined Logfile Format) you can use the following directive. +# +#CustomLog /var/log/apache/access_log combined + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (error documents, FTP directory listings, +# mod_status and mod_info output etc., but not CGI generated documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature Off + +# EBCDIC configuration: +# (only for mainframes using the EBCDIC codeset, currently one of: +# Fujitsu-Siemens' BS2000/OSD, IBM's OS/390 and IBM's TPF)!! +# The following default configuration assumes that "text files" +# are stored in EBCDIC (so that you can operate on them using the +# normal POSIX tools like grep and sort) while "binary files" are +# stored with identical octets as on an ASCII machine. +# +# The directives are evaluated in configuration file order, with +# the EBCDICConvert directives applied before EBCDICConvertByType. +# +# If you want to have ASCII HTML documents and EBCDIC HTML documents +# at the same time, you can use the file extension to force +# conversion off for the ASCII documents: +# > AddType text/html .ahtml +# > EBCDICConvert Off=InOut .ahtml +# +# EBCDICConvertByType On=InOut text/* message/* multipart/* +# EBCDICConvertByType On=In application/x-www-form-urlencoded +# EBCDICConvertByType On=InOut application/postscript model/vrml +# EBCDICConvertByType Off=InOut */* + + +# +# Aliases: Add here as many aliases as you need (with no limit). The format is +# Alias fakename realname +# +<IfModule mod_alias.c> + + # + # Note that if you include a trailing / on fakename then the server will + # require it to be present in the URL. So "/icons" isn't aliased in this + # example, only "/icons/". If the fakename is slash-terminated, then the + # realname must also be slash terminated, and if the fakename omits the + # trailing slash, the realname must also omit it. + # + Alias /icons/ "/var/www/icons/" + + <Directory "/var/www/icons"> + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all + </Directory> + + # This Alias will project the on-line documentation tree under /manual/ + # even if you change the DocumentRoot. Comment it if you don't want to + # provide access to the on-line documentation. + # + Alias /manual/ "/var/www/htdocs/manual/" + + <Directory "/var/www/htdocs/manual"> + Options Indexes FollowSymlinks MultiViews + AllowOverride None + Order allow,deny + Allow from all + </Directory> + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the realname directory are treated as applications and + # run by the server when requested rather than as documents sent to the client. + # The same rules about trailing "/" apply to ScriptAlias directives as to + # Alias. + # + ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + # + # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased + # CGI directory exists, if you have that configured. + # + <Directory "/var/www/cgi-bin"> + AllowOverride None + Options None + Order allow,deny + Allow from all + </Directory> + +</IfModule> +# End of aliases. + +# +# Redirect allows you to tell clients about documents which used to exist in +# your server's namespace, but do not anymore. This allows you to tell the +# clients where to look for the relocated document. +# Format: Redirect old-URI new-URL +# + +# +# Directives controlling the display of server-generated directory listings. +# +<IfModule mod_autoindex.c> + + # + # FancyIndexing is whether you want fancy directory indexing or standard + # + IndexOptions FancyIndexing + + # + # AddIcon* directives tell the server which icon to show for different + # files or filename extensions. These are only displayed for + # FancyIndexed directories. + # + AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + + AddIconByType (TXT,/icons/text.gif) text/* + AddIconByType (IMG,/icons/image2.gif) image/* + AddIconByType (SND,/icons/sound2.gif) audio/* + AddIconByType (VID,/icons/movie.gif) video/* + + AddIcon /icons/binary.gif .bin .exe + AddIcon /icons/binhex.gif .hqx + AddIcon /icons/tar.gif .tar + AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv + AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip + AddIcon /icons/a.gif .ps .ai .eps + AddIcon /icons/layout.gif .html .shtml .htm .pdf + AddIcon /icons/text.gif .txt + AddIcon /icons/c.gif .c + AddIcon /icons/p.gif .pl .py + AddIcon /icons/f.gif .for + AddIcon /icons/dvi.gif .dvi + AddIcon /icons/uuencoded.gif .uu + AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl + AddIcon /icons/tex.gif .tex + AddIcon /icons/bomb.gif core + + AddIcon /icons/back.gif .. + AddIcon /icons/hand.right.gif README + AddIcon /icons/folder.gif ^^DIRECTORY^^ + AddIcon /icons/blank.gif ^^BLANKICON^^ + + # + # DefaultIcon is which icon to show for files which do not have an icon + # explicitly set. + # + DefaultIcon /icons/unknown.gif + + # + # AddDescription allows you to place a short description after a file in + # server-generated indexes. These are only displayed for FancyIndexed + # directories. + # Format: AddDescription "description" filename + # + #AddDescription "GZIP compressed document" .gz + #AddDescription "tar archive" .tar + #AddDescription "GZIP compressed tar archive" .tgz + + # + # ReadmeName is the name of the README file the server will look for by + # default, and append to directory listings. + # + # HeaderName is the name of a file which should be prepended to + # directory indexes. + # + ReadmeName README.html + HeaderName HEADER.html + + # + # IndexIgnore is a set of filenames which directory indexing should ignore + # and not include in the listing. Shell-style wildcarding is permitted. + # + IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + +</IfModule> +# End of indexing directives. + +# +# Document types. +# +<IfModule mod_mime.c> + + # + # AddLanguage allows you to specify the language of a document. You can + # then use content negotiation to give a browser a file in a language + # it can understand. + # + # Note 1: The suffix does not have to be the same as the language + # keyword --- those with documents in Polish (whose net-standard + # language code is pl) may wish to use "AddLanguage pl .po" to + # avoid the ambiguity with the common suffix for perl scripts. + # + # Note 2: The example entries below illustrate that in quite + # some cases the two character 'Language' abbreviation is not + # identical to the two character 'Country' code for its country, + # E.g. 'Danmark/dk' versus 'Danish/da'. + # + # Note 3: In the case of 'ltz' we violate the RFC by using a three char + # specifier. But there is 'work in progress' to fix this and get + # the reference data for rfc1766 cleaned up. + # + # Danish (da) - Dutch (nl) - English (en) - Estonian (ee) + # French (fr) - German (de) - Greek-Modern (el) + # Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn) + # Portugese (pt) - Luxembourgeois* (ltz) + # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cs) + # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja) + # Russian (ru) + # + AddLanguage da .dk + AddLanguage nl .nl + AddLanguage en .en + AddLanguage et .ee + AddLanguage fr .fr + AddLanguage de .de + AddLanguage el .el + AddLanguage he .he + AddCharset ISO-8859-8 .iso8859-8 + AddLanguage it .it + AddLanguage ja .ja + AddCharset ISO-2022-JP .jis + AddLanguage kr .kr + AddCharset ISO-2022-KR .iso-kr + AddLanguage nn .nn + AddLanguage no .no + AddLanguage pl .po + AddCharset ISO-8859-2 .iso-pl + AddLanguage pt .pt + AddLanguage pt-br .pt-br + AddLanguage ltz .lu + AddLanguage ca .ca + AddLanguage es .es + AddLanguage sv .sv + AddLanguage cs .cz .cs + AddLanguage ru .ru + AddLanguage zh-TW .zh-tw + AddCharset Big5 .Big5 .big5 + AddCharset WINDOWS-1251 .cp-1251 + AddCharset CP866 .cp866 + AddCharset ISO-8859-5 .iso-ru + AddCharset KOI8-R .koi8-r + AddCharset UCS-2 .ucs2 + AddCharset UCS-4 .ucs4 + AddCharset UTF-8 .utf8 + + # LanguagePriority allows you to give precedence to some languages + # in case of a tie during content negotiation. + # + # Just list the languages in decreasing order of preference. We have + # more or less alphabetized them here. You probably want to change this. + # + <IfModule mod_negotiation.c> + LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw + </IfModule> + + # + # AddType allows you to tweak mime.types without actually editing it, or to + # make certain files to be certain types. + # + AddType application/x-tar .tgz + + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # Despite the name similarity, the following Add* directives have nothing + # to do with the FancyIndexing customization directives above. + # + AddEncoding x-compress .Z + AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + #AddType application/x-compress .Z + #AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers", + # actions unrelated to filetype. These can be either built into the server + # or added with the Action command (see below) + # + # If you want to use server side includes, or CGI outside + # ScriptAliased directories, uncomment the following lines. + # + # To use CGI scripts: + # + #AddHandler cgi-script .cgi + + # + # To use server-parsed HTML files + # + #AddType text/html .shtml + #AddHandler server-parsed .shtml + + # + # Uncomment the following line to enable Apache's send-asis HTTP file + # feature + # + #AddHandler send-as-is asis + + # + # If you wish to use server-parsed imagemap files, use + # + #AddHandler imap-file map + + # + # To enable type maps, you might want to use + # + #AddHandler type-map var + +</IfModule> +# End of document types. + +# +# Action lets you define media types that will execute a script whenever +# a matching file is called. This eliminates the need for repeated URL +# pathnames for oft-used CGI file processors. +# Format: Action media/type /cgi-script/location +# Format: Action handler-name /cgi-script/location +# + +# +# MetaDir: specifies the name of the directory in which Apache can find +# meta information files. These files contain additional HTTP headers +# to include when sending the document +# +#MetaDir .web + +# +# MetaSuffix: specifies the file name suffix for the file containing the +# meta information. +# +#MetaSuffix .meta + +# +# Customizable error response (Apache style) +# these come in three flavors +# +# 1) plain text +ErrorDocument 500 /missing.html +# n.b. the single leading (") marks it as text, it does not get output +# +# 2) local redirects +ErrorDocument 404 /missing.html +# to redirect to local URL /missing.html +#ErrorDocument 404 /cgi-bin/missing_handler.pl +# N.B.: You can redirect to a script or a document using server-side-includes. +# +# 3) external redirects +ErrorDocument 402 /missing.html +# N.B.: Many of the environment variables associated with the original +# request will *not* be available to such a script. + +# +# Customize behaviour based on the browser +# +<IfModule mod_setenvif.c> + + # + # The following directives modify normal HTTP response behavior. + # The first directive disables keepalive for Netscape 2.x and browsers that + # spoof it. There are known problems with these browser implementations. + # The second directive is for Microsoft Internet Explorer 4.0b2 + # which has a broken HTTP/1.1 implementation and does not properly + # support keepalive when it is used on 301 or 302 (redirect) responses. + # + BrowserMatch "Mozilla/2" nokeepalive + BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 + + # + # The following directive disables HTTP/1.1 responses to browsers which + # are in violation of the HTTP/1.0 spec by not being able to grok a + # basic 1.1 response. + # + BrowserMatch "RealPlayer 4\.0" force-response-1.0 + BrowserMatch "Java/1\.0" force-response-1.0 + BrowserMatch "JDK/1\.0" force-response-1.0 + +</IfModule> +# End of browser customization directives + +# +# Allow server status reports, with the URL of http://servername/server-status +# Change the ".example.com" to match your domain to enable. +# +#<Location /server-status> +# SetHandler server-status +# Order deny,allow +# Deny from all +# Allow from .example.com +#</Location> + +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# Change the ".example.com" to match your domain to enable. +# +#<Location /server-info> +# SetHandler server-info +# Order deny,allow +# Deny from all +# Allow from .example.com +#</Location> + +# +# There have been reports of people trying to abuse an old bug from pre-1.1 +# days. This bug involved a CGI script distributed as a part of Apache. +# By uncommenting these lines you can redirect these attacks to a logging +# script on phf.apache.org. Or, you can record them yourself, using the script +# support/phf_abuse_log.cgi. +# +#<Location /cgi-bin/phf*> +# Deny from all +# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi +#</Location> + +### Section 3: Virtual Hosts +# +# VirtualHost: If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/> +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. + +# +# Use name-based virtual hosting. +# +#NameVirtualHost *:80 + +# +# VirtualHost example: +# Almost any Apache directive may go into a VirtualHost container. +# The first VirtualHost section is used for requests without a known +# server name. +# +#<VirtualHost *:80> +# ServerAdmin webmaster@dummy-host.example.com +# DocumentRoot /www/docs/dummy-host.example.com +# ServerName dummy-host.example.com +# ErrorLog logs/dummy-host.example.com-error_log +# CustomLog logs/dummy-host.example.com-access_log common +#</VirtualHost> + +# By default, all external Apache modules are disabled. To enable a particular +# module for Apache, make sure the necessary packages are installed. Then +# uncomment the appropriate Include line below, save the file, and restart +# Apache. Note that some modules may need additional configuration steps. For +# example, mod_ssl requires a site certificate which you may need to generate. +# +# Lastly, if you remove a module package, be sure to edit this file and comment +# out the appropriate Include line. + +# ==> mod_php configuration settings <== +# +# PACKAGES REQUIRED: openssl-solibs (A series) and/or openssl (N series), +# mysql (AP series), gmp (L series), mhash (L series), +# and apache (N series) +# +#Include /etc/apache/mod_php.conf + +# ==> mod_ssl configuration settings <== +# +# PACKAGES REQUIRED: apache (N series) and openssl (N series) +# +#Include /etc/apache/mod_ssl.conf + +#NameVirtualHost VSERVER_IP + +Include /etc/apache/vhosts diff --git a/templates/vserver/files/etc/apache/php.ini b/templates/vserver/files/etc/apache/php.ini new file mode 100644 index 0000000..e6cddef --- /dev/null +++ b/templates/vserver/files/etc/apache/php.ini @@ -0,0 +1,1122 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; +; This is the recommended, PHP 4-style version of the php.ini-dist file. It +; sets some non standard settings, that make PHP more efficient, more secure, +; and encourage cleaner coding. +; The price is that with these settings, PHP may be incompatible with some +; applications, and sometimes, more difficult to develop with. Using this +; file is warmly recommended for production sites. As all of the changes from +; the standard settings are thoroughly documented, you can go over each one, +; and decide whether you want to use it or not. +; +; For general information about the php.ini file, please consult the php.ini-dist +; file, included in your PHP distribution. +; +; This file is different from the php.ini-dist file in the fact that it features +; different values for several directives, in order to improve performance, while +; possibly breaking compatibility with the standard out-of-the-box behavior of +; PHP 3. Please make sure you read what's different, and modify your scripts +; accordingly, if you decide to use this file instead. +; +; - register_globals = Off [Security, Performance] +; Global variables are no longer registered for input data (POST, GET, cookies, +; environment and other server variables). Instead of using $foo, you must use +; you can use $_REQUEST["foo"] (includes any variable that arrives through the +; request, namely, POST, GET and cookie variables), or use one of the specific +; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending +; on where the input originates. Also, you can look at the +; import_request_variables() function. +; Note that register_globals is going to be depracated (i.e., turned off by +; default) in the next version of PHP, because it often leads to security bugs. +; Read http://php.net/manual/en/security.registerglobals.php for further +; information. +; - display_errors = Off [Security] +; With this directive set to off, errors that occur during the execution of +; scripts will no longer be displayed as a part of the script output, and thus, +; will no longer be exposed to remote users. With some errors, the error message +; content may expose information about your script, web server, or database +; server that may be exploitable for hacking. Production sites should have this +; directive set to off. +; - log_errors = On [Security] +; This directive complements the above one. Any errors that occur during the +; execution of your script will be logged (typically, to your server's error log, +; but can be configured in several ways). Along with setting display_errors to off, +; this setup gives you the ability to fully understand what may have gone wrong, +; without exposing any sensitive information to remote users. +; - output_buffering = 4096 [Performance] +; Set a 4KB output buffer. Enabling output buffering typically results in less +; writes, and sometimes less packets sent on the wire, which can often lead to +; better performance. The gain this directive actually yields greatly depends +; on which Web server you're working with, and what kind of scripts you're using. +; - register_argc_argv = Off [Performance] +; Disables registration of the somewhat redundant $argv and $argc global +; variables. +; - magic_quotes_gpc = Off [Performance] +; Input data is no longer escaped with slashes so that it can be sent into +; SQL databases without further manipulation. Instead, you should use the +; function addslashes() on each input element you wish to send to a database. +; - variables_order = "GPCS" [Performance] +; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access +; environment variables, you can use getenv() instead. +; - error_reporting = E_ALL [Code Cleanliness, Security(?)] +; By default, PHP surpresses errors of type E_NOTICE. These error messages +; are emitted for non-critical errors, but that could be a symptom of a bigger +; problem. Most notably, this will cause error messages about the use +; of uninitialized variables to be displayed. +; - allow_call_time_pass_reference = Off [Code cleanliness] +; It's not possible to decide to force a variable to be passed by reference +; when calling a function. The PHP 4 style to do this is by making the +; function require the relevant argument by reference. + + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +engine = On + +; Allow the <? tag. Otherwise, only <?php and <script> tags are recognized. +; NOTE: Using short tags should be avoided when developing applications or +; libraries that are meant for redistribution, or deployment on PHP +; servers which are not under your control, because short tags may not +; be supported on the target server. For portable, redistributable code, +; be sure not to use short tags. +short_open_tag = On + +; Allow ASP-style <% %> tags. +asp_tags = Off + +; The number of significant digits displayed in floating point numbers. +precision = 14 + +; Enforce year 2000 compliance (will cause problems with non-compliant browsers) +y2k_compliance = On + +; Output buffering allows you to send header lines (including cookies) even +; after you send body content, at the price of slowing PHP's output layer a +; bit. You can enable output buffering during runtime by calling the output +; buffering functions. You can also enable output buffering for all files by +; setting this directive to On. If you wish to limit the size of the buffer +; to a certain size - you can use a maximum number of bytes instead of 'On', as +; a value for this directive (e.g., output_buffering=4096). +output_buffering = 4096 + +; You can redirect all of the output of your scripts to a function. For +; example, if you set output_handler to "mb_output_handler", character +; encoding will be transparently converted to the specified encoding. +; Setting any output handler automatically turns on output buffering. +; Note: People who wrote portable scripts should not depend on this ini +; directive. Instead, explicitly set the output handler using ob_start(). +; Using this ini directive may cause problems unless you know what script +; is doing. +; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" +; and you cannot use both "ob_gzhandler" and "zlib.output_compression". +;output_handler = + +; Transparent output compression using the zlib library +; Valid values for this option are 'off', 'on', or a specific buffer size +; to be used for compression (default is 4KB) +; Note: Resulting chunk size may vary due to nature of compression. PHP +; outputs chunks that are few handreds bytes each as a result of compression. +; If you want larger chunk size for better performence, enable output_buffering +; also. +; Note: output_handler must be empty if this is set 'On' !!!! +; Instead you must use zlib.output_handler. +zlib.output_compression = Off + +; You cannot specify additional output handlers if zlib.output_compression +; is activated here. This setting does the same as output_handler but in +; a different order. +;zlib.output_handler = + +; Implicit flush tells PHP to tell the output layer to flush itself +; automatically after every output block. This is equivalent to calling the +; PHP function flush() after each and every call to print() or echo() and each +; and every HTML block. Turning this option on has serious performance +; implications and is generally recommended for debugging purposes only. +implicit_flush = Off + +; The unserialize callback function will be called (with the undefined class' +; name as parameter), if the unserializer finds an undefined class +; which should be instanciated. +; A warning appears if the specified function is not defined, or if the +; function doesn't include/implement the missing class. +; So only set this entry, if you really want to implement such a +; callback-function. +unserialize_callback_func= + +; When floats & doubles are serialized store serialize_precision significant +; digits after the floating point. The default value ensures that when floats +; are decoded with unserialize, the data will remain the same. +serialize_precision = 100 + +; Whether to enable the ability to force arguments to be passed by reference +; at function call time. This method is deprecated and is likely to be +; unsupported in future versions of PHP/Zend. The encouraged method of +; specifying which arguments should be passed by reference is in the function +; declaration. You're encouraged to try and turn this option Off and make +; sure your scripts work properly with it in order to ensure they will work +; with future versions of the language (you will receive a warning each time +; you use this feature, and the argument will be passed by value instead of by +; reference). +allow_call_time_pass_reference = Off + +; +; Safe Mode +; +safe_mode = Off + +; By default, Safe Mode does a UID compare check when +; opening files. If you want to relax this to a GID compare, +; then turn on safe_mode_gid. +safe_mode_gid = Off + +; When safe_mode is on, UID/GID checks are bypassed when +; including files from this directory and its subdirectories. +; (directory must also be in include_path or full path must +; be used when including) +safe_mode_include_dir = + +; When safe_mode is on, only executables located in the safe_mode_exec_dir +; will be allowed to be executed via the exec family of functions. +safe_mode_exec_dir = + +; Setting certain environment variables may be a potential security breach. +; This directive contains a comma-delimited list of prefixes. In Safe Mode, +; the user may only alter environment variables whose names begin with the +; prefixes supplied here. By default, users will only be able to set +; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). +; +; Note: If this directive is empty, PHP will let the user modify ANY +; environment variable! +safe_mode_allowed_env_vars = PHP_ + +; This directive contains a comma-delimited list of environment variables that +; the end user won't be able to change using putenv(). These variables will be +; protected even if safe_mode_allowed_env_vars is set to allow to change them. +safe_mode_protected_env_vars = LD_LIBRARY_PATH + +; open_basedir, if set, limits all file operations to the defined directory +; and below. This directive makes most sense if used in a per-directory +; or per-virtualhost web server configuration file. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +;open_basedir = + +; This directive allows you to disable certain functions for security reasons. +; It receives a comma-delimited list of function names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +disable_functions = + +; This directive allows you to disable certain classes for security reasons. +; It receives a comma-delimited list of class names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +disable_classes = + +; Colors for Syntax Highlighting mode. Anything that's acceptable in +; <font color="??????"> would work. +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.bg = #FFFFFF +;highlight.default = #0000BB +;highlight.html = #000000 + + +; +; Misc +; +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +expose_php = On + + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +max_execution_time = 30 ; Maximum execution time of each script, in seconds +max_input_time = 60 ; Maximum amount of time each script may spend parsing request data +memory_limit = 8M ; Maximum amount of memory a script may consume (8MB) + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; error_reporting is a bit-field. Or each number up to get desired error +; reporting level +; E_ALL - All errors and warnings +; E_ERROR - fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it's automatically initialized to an +; empty string) +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; +; Examples: +; +; - Show all errors, except for notices +; +;error_reporting = E_ALL & ~E_NOTICE +; +; - Show only errors +; +;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR +; +; - Show all errors +; +error_reporting = E_ALL + +; Print out errors (as a part of the output). For production web sites, +; you're strongly encouraged to turn this feature off, and use error logging +; instead (see below). Keeping display_errors enabled on a production web site +; may reveal security information to end users, such as file paths on your Web +; server, your database schema or other information. +display_errors = Off + +; Even when display_errors is on, errors that occur during PHP's startup +; sequence are not displayed. It's strongly recommended to keep +; display_startup_errors off, except for when debugging. +display_startup_errors = Off + +; Log errors into a log file (server-specific log, stderr, or error_log (below)) +; As stated above, you're strongly advised to use error logging in place of +; error displaying on production web sites. +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line until ignore_repeated_source is set true. +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; sourcelines. +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This has only effect in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +report_memleaks = On + +; Store the last error/warning message in $php_errormsg (boolean). +track_errors = Off + +; Disable the inclusion of HTML tags in error messages. +;html_errors = Off + +; If html_errors is set On PHP produces clickable error messages that direct +; to a page describing the error or function causing the error in detail. +; You can download a copy of the PHP manual from http://www.php.net/docs.php +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. +;docref_root = "/phpmanual/" +;docref_ext = .html + +; String to output before an error message. +;error_prepend_string = "<font color=ff0000>" + +; String to output after an error message. +;error_append_string = "</font>" + +; Log errors to specified file. +;error_log = filename + +; Log errors to syslog (Event Log on NT, not valid in Windows 95). +;error_log = syslog + + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; +; +; Note - track_vars is ALWAYS enabled as of PHP 4.0.3 + +; The separator used in PHP generated URLs to separate arguments. +; Default is "&". +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; Default is "&". +; NOTE: Every character in this directive is considered as separator! +;arg_separator.input = ";&" + +; This directive describes the order in which PHP registers GET, POST, Cookie, +; Environment and Built-in variables (G, P, C, E & S respectively, often +; referred to as EGPCS or GPC). Registration is done from left to right, newer +; values override older values. +variables_order = "GPCS" + +; Whether or not to register the EGPCS variables as global variables. You may +; want to turn this off if you don't want to clutter your scripts' global scope +; with user data. This makes most sense when coupled with track_vars - in which +; case you can access all of the GPC variables through the $HTTP_*_VARS[], +; variables. +; +; You should do your best to write your scripts so that they do not require +; register_globals to be on; Using form variables as globals can easily lead +; to possible security problems, if the code is not very well thought of. +register_globals = Off + +; This directive tells PHP whether to declare the argv&argc variables (that +; would contain the GET information). If you don't use these variables, you +; should turn it off for increased performance. +register_argc_argv = Off + +; Maximum size of POST data that PHP will accept. +post_max_size = 8M + +; This directive is deprecated. Use variables_order instead. +gpc_order = "GPC" + +; Magic quotes +; + +; Magic quotes for incoming GET/POST/Cookie data. +magic_quotes_gpc = Off + +; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. +magic_quotes_runtime = Off + +; Use Sybase-style magic quotes (escape ' with '' instead of \'). +magic_quotes_sybase = Off + +; Automatically add files before or after any PHP document. +auto_prepend_file = +auto_append_file = + +; As of 4.0b4, PHP always outputs a character encoding by default in +; the Content-type: header. To disable sending of the charset, simply +; set it to be empty. +; +; PHP's built-in default is text/html +default_mimetype = "text/html" +;default_charset = "iso-8859-1" + +; Always populate the $HTTP_RAW_POST_DATA variable. +;always_populate_raw_post_data = On + + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/php/includes" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +doc_root = + +; The directory under which PHP opens the script using /~usernamem used only +; if nonempty. +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; extension_dir = "./" +extension_dir = "/usr/lib/php/extensions/" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +enable_dl = On + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. +; cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; cgi.redirect_status_env = ; + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is zero. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; cgi.fix_pathinfo=1 + +; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; fastcgi.impersonate = 1; + +; Disable logging through FastCGI connection +; fastcgi.log = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +; is supported by Apache. When this option is set to 1 PHP will send +; RFC2616 compliant header. +; Default is zero. +;cgi.rfc2616_headers = 0 + + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +upload_max_filesize = 10M + + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +allow_url_fopen = On + +; Define the anonymous ftp password (your email address) +;from="john@doe.com" + +; Define the user agent for php to send +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; auto_detect_line_endings = Off + + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; +; +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename.extension +; +; For example, on Windows: +; +; extension=msql.dll +; +; ... or under UNIX: +; +; extension=msql.so +; +; Note that it should be the name of the module only; no directory information +; needs to go here. Specify the location of the extension with the +; extension_dir directive above. +; +; Load the MySQL module by default. Comment this out if you don't use MySQL. +extension=mysql.so + +; Load the gettext extension by default. Comment this out if you don't have the +; gettext shared library installed. +extension=gettext.so + +;Windows Extensions +;Note that MySQL and ODBC support is now built in, so no dll is needed for it. +; +;extension=php_mbstring.dll +;extension=php_bz2.dll +;extension=php_cpdf.dll +;extension=php_crack.dll +;extension=php_curl.dll +;extension=php_db.dll +;extension=php_dba.dll +;extension=php_dbase.dll +;extension=php_dbx.dll +;extension=php_domxml.dll +;extension=php_exif.dll +;extension=php_fdf.dll +;extension=php_filepro.dll +;extension=php_gd2.dll +;extension=php_gettext.dll +;extension=php_hyperwave.dll +;extension=php_iconv.dll +;extension=php_ifx.dll +;extension=php_iisfunc.dll +;extension=php_imap.dll +;extension=php_interbase.dll +;extension=php_java.dll +;extension=php_ldap.dll +;extension=php_mcrypt.dll +;extension=php_mhash.dll +;extension=php_mime_magic.dll +;extension=php_ming.dll +;extension=php_mssql.dll +;extension=php_msql.dll +;extension=php_oci8.dll +;extension=php_openssl.dll +;extension=php_oracle.dll +;extension=php_pdf.dll +;extension=php_pgsql.dll +;extension=php_printer.dll +;extension=php_shmop.dll +;extension=php_snmp.dll +;extension=php_sockets.dll +;extension=php_sybase_ct.dll +;extension=php_w32api.dll +;extension=php_xmlrpc.dll +;extension=php_xslt.dll +;extension=php_yaz.dll +;extension=php_zip.dll + + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[Syslog] +; Whether or not to define the various syslog variables (e.g. $LOG_PID, +; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In +; runtime, you can define these variables by calling define_syslog_variables(). +define_syslog_variables = Off + +[mail function] +; For Win32 only. +SMTP = localhost +smtp_port = 25 + +; For Win32 only. +;sendmail_from = me@example.com + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +;sendmail_path = + +[Java] +;java.class.path = .\php_java.jar +;java.home = c:\jdk +;java.library = c:\jdk\jre\bin\hotspot\jvm.dll +;java.library.path = .\ + +[SQL] +sql.safe_mode = Off + +[ODBC] +;odbc.default_db = Not yet implemented +;odbc.default_user = Not yet implemented +;odbc.default_pw = Not yet implemented + +; Allow or prevent persistent links. +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of uodbc.defaultlrl and uodbc.defaultbinmode +odbc.defaultbinmode = 1 + +[MySQL] +; Allow or prevent persistent links. +mysql.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +mysql.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +mysql.max_links = -1 + +; Default port number for mysql_connect(). If unset, mysql_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +mysql.default_port = + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +mysql.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +mysql.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +mysql.default_user = + +; Default password for mysql_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +mysql.default_password = + +; Maximum time (in seconds) for connect timeout. -1 means no limit +mysql.connect_timeout = 60 + +; Trace mode. When trace_mode is active (=On), warnings for table/index scans and +; SQL-Errors will be displayed. +mysql.trace_mode = Off + +[mSQL] +; Allow or prevent persistent links. +msql.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +msql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +msql.max_links = -1 + +[PostgresSQL] +; Allow or prevent persistent links. +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Noitce message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +pgsql.log_notice = 0 + +[Sybase] +; Allow or prevent persistent links. +sybase.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +sybase.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +sybase.max_links = -1 + +;sybase.interface_file = "/usr/sybase/interfaces" + +; Minimum error severity to display. +sybase.min_error_severity = 10 + +; Minimum message severity to display. +sybase.min_message_severity = 10 + +; Compatability mode with old versions of PHP 3.0. +; If on, this will cause PHP to automatically assign types to results according +; to their Sybase type, instead of treating them all as strings. This +; compatibility mode will probably not stay around forever, so try applying +; whatever necessary changes to your code, and turn it off. +sybase.compatability_mode = Off + +[Sybase-CT] +; Allow or prevent persistent links. +sybct.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +sybct.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +sybct.max_links = -1 + +; Minimum server message severity to display. +sybct.min_server_severity = 10 + +; Minimum client message severity to display. +sybct.min_client_severity = 10 + +[dbx] +; returned column names can be converted for compatibility reasons +; possible values for dbx.colnames_case are +; "unchanged" (default, if not set) +; "lowercase" +; "uppercase" +; the recommended default is either upper- or lowercase, but +; unchanged is currently set for backwards compatibility +dbx.colnames_case = "lowercase" + +[bcmath] +; Number of decimal digits for all bcmath functions. +bcmath.scale = 0 + +[browscap] +;browscap = extra/browscap.ini + +[Informix] +; Default host for ifx_connect() (doesn't apply in safe mode). +ifx.default_host = + +; Default user for ifx_connect() (doesn't apply in safe mode). +ifx.default_user = + +; Default password for ifx_connect() (doesn't apply in safe mode). +ifx.default_password = + +; Allow or prevent persistent links. +ifx.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +ifx.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +ifx.max_links = -1 + +; If on, select statements return the contents of a text blob instead of its id. +ifx.textasvarchar = 0 + +; If on, select statements return the contents of a byte blob instead of its id. +ifx.byteasvarchar = 0 + +; Trailing blanks are stripped from fixed-length char columns. May help the +; life of Informix SE users. +ifx.charasvarchar = 0 + +; If on, the contents of text and byte blobs are dumped to a file instead of +; keeping them in memory. +ifx.blobinfile = 0 + +; NULL's are returned as empty strings, unless this is set to 1. In that case, +; NULL's are returned as string 'NULL'. +ifx.nullformat = 0 + +[Session] +; Handler used to store/retrieve data. +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +;session.save_path = /tmp + +; Whether to use cookies. +session.use_cookies = 1 + +; This option enables administrators to make their users invulnerable to +; attacks which involve passing session ids in URLs; defaults to 0. +; session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +session.name = PHPSESSID + +; Initialize session on request startup. +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +session.cookie_path = / + +; The domain for which the cookie is valid. +session.cookie_domain = + +; Handler used to serialize data. php is the standard serializer of PHP. +session.serialize_handler = php + +; Define the probability that the 'garbage collection' process is started +; on every session initialization. +; The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts +; on each request. + +session.gc_probability = 1 +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +session.gc_maxlifetime = 1440 + +; PHP 4.2 and less have an undocumented feature/bug that allows you to +; to initialize a session variable in the global scope, albeit register_globals +; is disabled. PHP 4.3 and later will warn you, if this feature is used. +; You can disable the feature and the warning separately. At this time, +; the warning is only displayed, if bug_compat_42 is enabled. + +session.bug_compat_42 = 0 +session.bug_compat_warn = 1 + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +session.referer_check = + +; How many bytes to read from the file. +session.entropy_length = 0 + +; Specified here to create the session id. +session.entropy_file = + +;session.entropy_length = 16 + +;session.entropy_file = /dev/urandom + +; Set to {nocache,private,public,} to determine HTTP caching aspects. +; or leave this empty to avoid sending anti-caching headers. +session.cache_limiter = nocache + +; Document expires after n minutes. +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publically accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +session.use_trans_sid = 0 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +; form/fieldset are special; if you include them here, the rewriter will +; add a hidden <input> field with the info which is otherwise appended +; to URLs. If you want XHTML conformity, remove the form entry. +; Note that all valid entries require a "=", even if no value follows. +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +[MSSQL] +; Allow or prevent persistent links. +mssql.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +mssql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +mssql.max_links = -1 + +; Minimum error severity to display. +mssql.min_error_severity = 10 + +; Minimum message severity to display. +mssql.min_message_severity = 10 + +; Compatability mode with old versions of PHP 3.0. +mssql.compatability_mode = Off + +; Connect timeout +;mssql.connect_timeout = 5 + +; Query timeout +;mssql.timeout = 60 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textlimit = 4096 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textsize = 4096 + +; Limits the number of records in each batch. 0 = all records in one batch. +;mssql.batchsize = 0 + +; Specify how datetime and datetim4 columns are returned +; On => Returns data converted to SQL server settings +; Off => Returns values as YYYY-MM-DD hh:mm:ss +;mssql.datetimeconvert = On + +; Use NT authentication when connecting to the server +mssql.secure_connection = Off + +; Specify max number of processes. Default = 25 +;mssql.max_procs = 25 + +[Assertion] +; Assert(expr); active by default. +;assert.active = On + +; Issue a PHP warning for each failed assertion. +;assert.warning = On + +; Don't bail out by default. +;assert.bail = Off + +; User-function to be called if an assertion fails. +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +;assert.quiet_eval = 0 + +[Ingres II] +; Allow or prevent persistent links. +ingres.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +ingres.max_persistent = -1 + +; Maximum number of links, including persistents. -1 means no limit. +ingres.max_links = -1 + +; Default database (format: [node_id::]dbname[/srv_class]). +ingres.default_database = + +; Default user. +ingres.default_user = + +; Default password. +ingres.default_password = + +[Verisign Payflow Pro] +; Default Payflow Pro server. +pfpro.defaulthost = "test-payflow.verisign.com" + +; Default port to connect to. +pfpro.defaultport = 443 + +; Default timeout in seconds. +pfpro.defaulttimeout = 30 + +; Default proxy IP address (if required). +;pfpro.proxyaddress = + +; Default proxy port. +;pfpro.proxyport = + +; Default proxy logon. +;pfpro.proxylogon = + +; Default proxy password. +;pfpro.proxypassword = + +[com] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +;com.typelib_file = +; allow Distributed-COM calls +;com.allow_dcom = true +; autoregister constants of a components typlib on com_load() +;com.autoregister_typelib = true +; register constants casesensitive +;com.autoregister_casesensitive = false +; show warnings on duplicate constat registrations +;com.autoregister_verbose = true + +[Printer] +;printer.default_printer = "" + +[mbstring] +; language for internal character representation. +;mbstring.language = Japanese + +; internal/script encoding. +; Some encoding cannot work as internal encoding. +; (e.g. SJIS, BIG5, ISO-2022-*) +;mbstring.internal_encoding = EUC-JP + +; http input encoding. +;mbstring.http_input = auto + +; http output encoding. mb_output_handler must be +; registered as output buffer to function +;mbstring.http_output = SJIS + +; enable automatic encoding translation accoding to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; auto means +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +;mbstring.substitute_character = none; + +; overload(replace) single byte functions by mbstring functions. +; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), +; etc. Possible values are 0,1,2,4 or combination of them. +; For example, 7 for overload everything. +; 0: No overload +; 1: Overload mail() function +; 2: Overload str*() functions +; 4: Overload ereg*() functions +;mbstring.func_overload = 0 + +[FrontBase] +;fbsql.allow_persistent = On +;fbsql.autocommit = On +;fbsql.default_database = +;fbsql.default_database_password = +;fbsql.default_host = +;fbsql.default_password = +;fbsql.default_user = "_SYSTEM" +;fbsql.generate_warnings = Off +;fbsql.max_connections = 128 +;fbsql.max_links = 128 +;fbsql.max_persistent = -1 +;fbsql.max_results = 128 +;fbsql.batchSize = 1000 + +[Crack] +; Modify the setting below to match the directory location of the cracklib +; dictionary files. Include the base filename, but not the file extension. +; crack.default_dictionary = "c:\php\lib\cracklib_dict" + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +;exif.encode_unicode = ISO-8859-15 +;exif.decode_unicode_motorola = UCS-2BE +;exif.decode_unicode_intel = UCS-2LE +;exif.encode_jis = +;exif.decode_jis_motorola = JIS +;exif.decode_jis_intel = JIS + +; Local Variables: +; tab-width: 4 +; End: diff --git a/templates/vserver/files/etc/apache/vhosts b/templates/vserver/files/etc/apache/vhosts new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/templates/vserver/files/etc/apache/vhosts diff --git a/templates/vserver/files/etc/hosts b/templates/vserver/files/etc/hosts new file mode 100644 index 0000000..6e33147 --- /dev/null +++ b/templates/vserver/files/etc/hosts @@ -0,0 +1,21 @@ +# +# hosts This file describes a number of hostname-to-address +# mappings for the TCP/IP subsystem. It is mostly +# used at boot time, when no name servers are running. +# On small systems, this file can be used instead of a +# "named" name server. Just add the names, addresses +# and any aliases to this file... +# +# By the way, Arnt Gulbrandsen <agulbra@nvg.unit.no> says that 127.0.0.1 +# should NEVER be named with the name of the machine. It causes problems +# for some (stupid) programs, irc and reputedly talk. :^) +# + +# For loopbacking. +127.0.0.1 localhost +# This next entry is technically wrong, but good enough to get TCP/IP apps +# to quit complaining that they can't verify the hostname on a loopback-only +# Linux box. +127.0.0.1 darkstar.example.net darkstar + +# End of hosts. diff --git a/templates/vserver/files/etc/logrotate.d/apache b/templates/vserver/files/etc/logrotate.d/apache new file mode 100644 index 0000000..f31fbe2 --- /dev/null +++ b/templates/vserver/files/etc/logrotate.d/apache @@ -0,0 +1,11 @@ +/var/log/apache/access_log /var/log/apache/error_log { + monthly + nomail + compress + create 0664 root root + rotate 12 + postrotate + /etc/rc.d/rc.httpd restart > /dev/null + endscript +} + diff --git a/templates/vserver/files/etc/profile b/templates/vserver/files/etc/profile new file mode 100644 index 0000000..563594a --- /dev/null +++ b/templates/vserver/files/etc/profile @@ -0,0 +1,87 @@ +# /etc/profile: This file contains system-wide defaults used by +# all Bourne (and related) shells. + +# Set the values for some environment variables: +export MINICOM="-c on" +export MANPATH=/usr/local/man:/usr/man:/usr/X11R6/man +export HOSTNAME="`cat /etc/HOSTNAME`" +export LESSOPEN="|lesspipe.sh %s" +export LESS="-M" + +# If the user doesn't have a .inputrc, use the one in /etc. +if [ ! -r "$HOME/.inputrc" ]; then + export INPUTRC=/etc/inputrc +fi + +# Set the default system $PATH: +PATH="/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games" + +# For root users, ensure that /usr/local/sbin, /usr/sbin, and /sbin are in +# the $PATH. Some means of connection don't add these by default (sshd comes +# to mind). +if [ "`id -u`" = "0" ]; then + echo $PATH | grep /usr/local/sbin 1> /dev/null 2> /dev/null + if [ ! $? = 0 ]; then + PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH + fi +fi + +# I had problems using 'eval tset' instead of 'TERM=', but you might want to +# try it anyway. I think with the right /etc/termcap it would work great. +# eval `tset -sQ "$TERM"` +if [ "$TERM" = "" -o "$TERM" = "unknown" ]; then + TERM=linux +fi + +# Set ksh93 visual editing mode: +if [ "$SHELL" = "/bin/ksh" ]; then + VISUAL=emacs +# VISUAL=gmacs +# VISUAL=vi +fi + +# Set a default shell prompt: +#PS1='`hostname`:`pwd`# ' +if [ "$SHELL" = "/bin/pdksh" ]; then + PS1='! $ ' +elif [ "$SHELL" = "/bin/ksh" ]; then + PS1='! ${PWD/#$HOME/~}$ ' +elif [ "$SHELL" = "/bin/zsh" ]; then + PS1='%n@%m:%~%# ' +elif [ "$SHELL" = "/bin/ash" ]; then + PS1='$ ' +else + PS1='\u@\h:\w\$ ' +fi +PS2='> ' +export PATH DISPLAY LESS TERM PS1 PS2 + +# Default umask. A umask of 022 prevents new files from being created group +# and world writable. +umask 022 + +# Set up the LS_COLORS and LS_OPTIONS environment variables for color ls: +if [ "$SHELL" = "/bin/zsh" ]; then + eval `dircolors -z` +elif [ "$SHELL" = "/bin/ash" ]; then + eval `dircolors -s` +else + eval `dircolors -b` +fi + +# Append any additional sh scripts found in /etc/profile.d/: +for profile_script in /etc/profile.d/*.sh ; do + if [ -x $profile_script ]; then + . $profile_script + fi +done +unset profile_script + +# For non-root users, add the current directory to the search path: +if [ ! "`id -u`" = "0" ]; then + PATH="$PATH:." +fi + +# firewall: +export FTP_PASSIVE=1 + diff --git a/templates/vserver/files/etc/rc.d/rc b/templates/vserver/files/etc/rc.d/rc new file mode 100755 index 0000000..eefbcc5 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc @@ -0,0 +1,11 @@ +#!/bin/bash + +if [ "$1" == "3" ]; then + /etc/rc.d/rc.M +elif [ "$1" == "6" ]; then + /etc/rc.d/rc.6 +else + echo "Invalid level." + exit 1 +fi + diff --git a/templates/vserver/files/etc/rc.d/rc.0 b/templates/vserver/files/etc/rc.d/rc.0 new file mode 100755 index 0000000..bfec90a --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.0 @@ -0,0 +1,110 @@ +#! /bin/sh +# +# rc.6 This file is executed by init when it goes into runlevel +# 0 (halt) or runlevel 6 (reboot). It kills all processes, +# unmounts file systems and then either halts or reboots. +# +# Version: @(#)/etc/rc.d/rc.6 2.47 Sat Jan 13 13:37:26 PST 2001 +# +# Author: Miquel van Smoorenburg <miquels@drinkel.nl.mugnet.org> +# Modified by: Patrick J. Volkerding, <volkerdi@slackware.com> +# + +# Set the path. +PATH=/sbin:/etc:/bin:/usr/bin + +# If there are SystemV init scripts for this runlevel, run them. +if [ -x /etc/rc.d/rc.sysvinit ]; then + . /etc/rc.d/rc.sysvinit +fi + +# Set linefeed mode to avoid staircase effect. +stty onlcr + +echo "Running shutdown script $0:" + +# Find out how we were called. +case "$0" in + *0) + command="halt" + ;; + *6) + command=reboot + ;; + *) + echo "$0: call me as \"rc.0\" or \"rc.6\" please!" + exit 1 + ;; +esac + +# Stop the Apache web server: +if [ -x /etc/rc.d/rc.httpd ]; then + /etc/rc.d/rc.httpd stop +fi + +# Stop the MySQL database: +if [ -r /var/run/mysql/mysql.pid ]; then + . /etc/rc.d/rc.mysqld stop +fi + +# Stop the Samba server: +if [ -x /etc/rc.d/rc.samba ]; then + . /etc/rc.d/rc.samba stop +fi + +# Try to kill dhcpcd so the DHCP leases can be returned: +killall -15 dhcpcd 1> /dev/null 2> /dev/null + +# Try to shut down pppd: +PS="$(ps ax)" +if echo "$PS" | grep -q -w pppd ; then + if [ -x /usr/sbin/ppp-off ]; then + /usr/sbin/ppp-off + fi +fi + +# Turn off process accounting: +if [ -x /sbin/accton -a -r /var/log/pacct ]; then + echo "Turning off process accounting." + /sbin/accton +fi + +# Kill all processes. +# INIT is supposed to handle this entirely now, but this didn't always +# work correctly without this second pass at killing off the processes. +# Since INIT already notified the user that processes were being killed, +# we'll avoid echoing this info this time around. +if [ "$1" != "fast" ]; then # shutdown did not already kill all processes + killall5 -15 + sleep 5 + killall5 -9 +fi + +# Carry a random seed between reboots. +echo "Saving random seed from /dev/urandom in /etc/random-seed." +# Use the pool size from /proc, or 512 bytes: +if [ -r /proc/sys/kernel/random/poolsize ]; then + dd if=/dev/urandom of=/etc/random-seed count=1 bs=$(cat /proc/sys/kernel/random/poolsize) 2> /dev/null +else + dd if=/dev/urandom of=/etc/random-seed count=1 bs=512 2> /dev/null +fi +chmod 600 /etc/random-seed + +# Before unmounting file systems write a reboot or halt record to wtmp. +$command -w + +# Clear /var/lock/subsys. +if [ -d /var/lock/subsys ]; then + rm -f /var/lock/subsys/* +fi + +# This never hurts: +sync + +# sleep 1 fixes problems with some hard drives that don't +# otherwise finish syncing before reboot or poweroff +sleep 1 + +# This is to ensure all processes have completed on SMP machines: +wait + diff --git a/templates/vserver/files/etc/rc.d/rc.4 b/templates/vserver/files/etc/rc.d/rc.4 new file mode 100644 index 0000000..b972052 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.4 @@ -0,0 +1,256 @@ +#!/bin/sh +# +# rc.M This file is executed by init(8) when the system is being +# initialized for one of the "multi user" run levels (i.e. +# levels 1 through 6). It usually does mounting of file +# systems et al. +# +# Version: @(#)/etc/rc.d/rc.M 2.23 Wed Feb 26 19:20:58 PST 2003 +# +# Author: Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org> +# Heavily modified by Patrick Volkerding <volkerdi@slackware.com> +# + +# Tell the viewers what's going to happen. +echo "Going multiuser..." + +# Screen blanks after 15 minutes idle time, and powers down in one hour +# if the kernel supports APM or ACPI power management: +#/bin/setterm -blank 15 -powersave powerdown -powerdown 60 + +# Set the hostname. +#if [ -r /etc/HOSTNAME ]; then +# /bin/hostname $(cat /etc/HOSTNAME | cut -f1 -d .) +#else + # fall back on this old default: +# echo "darkstar.example.net" > /etc/HOSTNAME +# /bin/hostname darkstar +#fi + +# Save the contents of 'dmesg': +#/bin/dmesg -s 65536 > /var/log/dmesg + +# Start the system logger. +if [ -x /etc/rc.d/rc.syslog -a -x /usr/sbin/syslogd -a -d /var/log ]; then + . /etc/rc.d/rc.syslog start +fi + +# Initialize PCMCIA devices: +# +# NOTE: This used to be started near the top of rc.S so that PCMCIA devices +# could be fsck'ed along with the other drives. This had some unfortunate +# side effects, however, since root isn't yet read-write, and /var might not +# even be mounted the .pid files can't be correctly written in /var/run and +# the pcmcia system can't be correctly shut down. If you want some PCMCIA +# partition to be mounted at boot (or when the card is inserted) then add +# the appropriate lines to /etc/pcmcia/scsi.opts. +# +if [ -x /etc/rc.d/rc.pcmcia ] ; then + . /etc/rc.d/rc.pcmcia start + # The cards might need a little extra time here to initialize. + if [ -r /var/run/cardmgr.pid ]; then + sleep 5 + fi +fi + +# Initialize the networking hardware. If your network driver is a module +# and you haven't loaded it manually, this will be deferred until after +# the hotplug system loads the module below. +#if [ -x /etc/rc.d/rc.inet1 ]; then +# . /etc/rc.d/rc.inet1 +#fi + +# Initialize the hotplugging subsystem for Cardbus, IEEE1394, PCI, and USB devices: +if [ -x /etc/rc.d/rc.hotplug -a -r /proc/modules ]; then + # Don't run hotplug if 'nohotplug' was given at boot. + if ! grep nohotplug /proc/cmdline 1> /dev/null 2> /dev/null ; then + echo "Activating hardware detection: /etc/rc.d/rc.hotplug start" + . /etc/rc.d/rc.hotplug start + fi +fi + +# Start networking daemons: +if [ -x /etc/rc.d/rc.inet2 ]; then + . /etc/rc.d/rc.inet2 +fi + +# Remove stale locks and junk files (must be done after mount -a!) +/bin/rm -f /var/lock/* /var/spool/uucp/LCK..* /tmp/.X*lock /tmp/core /core 2> /dev/null + +# Remove stale hunt sockets so the game can start. +if [ -r /tmp/hunt -o -r /tmp/hunt.stats ]; then + echo "Removing your stale hunt sockets from /tmp." + /bin/rm -f /tmp/hunt* +fi + +# Ensure basic filesystem permissions sanity. +chmod 755 / 2> /dev/null +chmod 1777 /tmp /var/tmp + +# Update all the shared library links: +if [ -x /sbin/ldconfig ]; then + echo "Updating shared library links: /sbin/ldconfig" + /sbin/ldconfig +fi + +# Update the X font indexes: +if [ -x /usr/X11R6/bin/fc-cache ]; then + echo "Updating X font indexes: /usr/X11R6/bin/fc-cache" + /usr/X11R6/bin/fc-cache +fi + +# Start the print spooling system. This will usually be LPRng (lpd) or CUPS. +if [ -x /etc/rc.d/rc.cups ]; then + # Start CUPS: + /etc/rc.d/rc.cups start +elif [ -x /etc/rc.d/rc.lprng ]; then + # Start LPRng (lpd): + . /etc/rc.d/rc.lprng start +fi + +# Start netatalk. (a file/print server for Macs using Appletalk) +if [ -x /etc/rc.d/rc.atalk ]; then + /etc/rc.d/rc.atalk +fi + +# Start smartd, which monitors the status of S.M.A.R.T. compatible +# hard drives and reports any problems. Note some devices (which aren't +# smart, I guess ;) will hang if probed by smartd, so it's commented out +# by default. +#if [ -x /usr/sbin/smartd ]; then +# /usr/sbin/smartd +#fi + +# Monitor the UPS with genpowerd. +# To use this, uncomment this section and edit your settings in +# /etc/genpowerd.conf (serial device, UPS type, etc). For more information, +# see "man genpowerd" or the extensive documentation in the +# /usr/doc/genpower-1.0.3 directory. +# You'll also need to configure a similar block in /etc/rc.d/rc.6 if you want +# support for stopping the UPS's inverter after the machine halts. +#if [ -x /sbin/genpowerd ]; then +# echo "Starting genpowerd daemon..." +# /sbin/genpowerd +#fi + +# Turn on process accounting. To enable process accounting, make sure the +# option for BSD process accounting is enabled in your kernel, and then +# create the file /var/log/pacct (touch /var/log/pacct). By default, process +# accounting is not enabled (since /var/log/pacct does not exist). This is +# because the log file can get VERY large. +if [ -x /sbin/accton -a -r /var/log/pacct ]; then + /sbin/accton /var/log/pacct + chmod 640 /var/log/pacct + echo "Process accounting turned on." +fi + +# Start crond (Dillon's crond): +# If you want cron to actually log activity to /var/log/cron, then change +# -l10 to -l8 to increase the logging level. +if [ -x /usr/sbin/crond ]; then + /usr/sbin/crond -l10 >>/var/log/cron 2>&1 +fi + +# Start atd (manages jobs scheduled with 'at'): +if [ -x /usr/sbin/atd ]; then + /usr/sbin/atd -b 15 -l 1 +fi + +# Slackware-Mini-Quota-HOWTO: +# To really activate quotas, you'll need to add 'usrquota' and/or 'grpquota' to +# the appropriate partitions as listed in /etc/fstab. Here's an example: +# +# /dev/hda2 /home ext3 defaults,usrquota 1 1 +# +# You'll then need to setup initial quota files at the top of the partitions +# to support quota, like this: +# touch /home/aquota.user /home/aquota.group +# chmod 600 /home/aquota.user /home/aquota.group +# +# Then, reboot to activate the system. +# To edit user quotas, use 'edquota'. See 'man edquota'. Also, the +# official Quota Mini-HOWTO has lots of useful information. That can be found +# here: /usr/doc/Linux-HOWTOs/Quota + +# Check quotas and then turn quota system on: +if grep -q quota /etc/fstab ; then + if [ -x /sbin/quotacheck ]; then + echo "Checking filesystem quotas: /sbin/quotacheck -avugm" + /sbin/quotacheck -avugm + fi + if [ -x /sbin/quotaon ]; then + echo "Activating filesystem quotas: /sbin/quotaon -avug" + /sbin/quotaon -avug + fi +fi + +# Start the sendmail daemon: +if [ -x /etc/rc.d/rc.sendmail ]; then + . /etc/rc.d/rc.sendmail start +fi + +# Start the APM daemon if APM is enabled in the kernel: +if [ -x /usr/sbin/apmd ]; then + if cat /proc/apm 1> /dev/null 2> /dev/null ; then + echo "Starting APM daemon: /usr/sbin/apmd" + /usr/sbin/apmd + fi +fi + +# Start the ACPI (Advanced Configuration and Power Interface) daemon: +if [ -x /etc/rc.d/rc.acpid ]; then + . /etc/rc.d/rc.acpid start +fi + +# Load ALSA (sound) defaults: +if [ -x /etc/rc.d/rc.alsa ]; then + . /etc/rc.d/rc.alsa +fi + +# Load a custom screen font if the user has an rc.font script. +if [ -x /etc/rc.d/rc.font ]; then + . /etc/rc.d/rc.font +fi + +# Load a custom keymap if the user has an rc.keymap script. +if [ -x /etc/rc.d/rc.keymap ]; then + . /etc/rc.d/rc.keymap +fi + +# Initialize HP Officejet support: +if [ -x /etc/rc.d/rc.hpoj ]; then + . /etc/rc.d/rc.hpoj start +fi + +# Start the MySQL database: +if [ -x /etc/rc.d/rc.mysqld ]; then + . /etc/rc.d/rc.mysqld start +fi + +# Start Apache web server: +if [ -x /etc/rc.d/rc.httpd ]; then + . /etc/rc.d/rc.httpd start +fi + +# Start Samba (a file/print server for Win95/NT machines). +# Samba can be started in /etc/inetd.conf instead. +if [ -x /etc/rc.d/rc.samba ]; then + . /etc/rc.d/rc.samba start +fi + +# Start the GPM mouse server: +if [ -x /etc/rc.d/rc.gpm ]; then + . /etc/rc.d/rc.gpm start +fi + +# If there are SystemV init scripts for this runlevel, run them. +if [ -x /etc/rc.d/rc.sysvinit ]; then + . /etc/rc.d/rc.sysvinit +fi + +# Start the local setup procedure. +if [ -x /etc/rc.d/rc.local ]; then + . /etc/rc.d/rc.local +fi + +# All done. diff --git a/templates/vserver/files/etc/rc.d/rc.6 b/templates/vserver/files/etc/rc.d/rc.6 new file mode 100755 index 0000000..bfec90a --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.6 @@ -0,0 +1,110 @@ +#! /bin/sh +# +# rc.6 This file is executed by init when it goes into runlevel +# 0 (halt) or runlevel 6 (reboot). It kills all processes, +# unmounts file systems and then either halts or reboots. +# +# Version: @(#)/etc/rc.d/rc.6 2.47 Sat Jan 13 13:37:26 PST 2001 +# +# Author: Miquel van Smoorenburg <miquels@drinkel.nl.mugnet.org> +# Modified by: Patrick J. Volkerding, <volkerdi@slackware.com> +# + +# Set the path. +PATH=/sbin:/etc:/bin:/usr/bin + +# If there are SystemV init scripts for this runlevel, run them. +if [ -x /etc/rc.d/rc.sysvinit ]; then + . /etc/rc.d/rc.sysvinit +fi + +# Set linefeed mode to avoid staircase effect. +stty onlcr + +echo "Running shutdown script $0:" + +# Find out how we were called. +case "$0" in + *0) + command="halt" + ;; + *6) + command=reboot + ;; + *) + echo "$0: call me as \"rc.0\" or \"rc.6\" please!" + exit 1 + ;; +esac + +# Stop the Apache web server: +if [ -x /etc/rc.d/rc.httpd ]; then + /etc/rc.d/rc.httpd stop +fi + +# Stop the MySQL database: +if [ -r /var/run/mysql/mysql.pid ]; then + . /etc/rc.d/rc.mysqld stop +fi + +# Stop the Samba server: +if [ -x /etc/rc.d/rc.samba ]; then + . /etc/rc.d/rc.samba stop +fi + +# Try to kill dhcpcd so the DHCP leases can be returned: +killall -15 dhcpcd 1> /dev/null 2> /dev/null + +# Try to shut down pppd: +PS="$(ps ax)" +if echo "$PS" | grep -q -w pppd ; then + if [ -x /usr/sbin/ppp-off ]; then + /usr/sbin/ppp-off + fi +fi + +# Turn off process accounting: +if [ -x /sbin/accton -a -r /var/log/pacct ]; then + echo "Turning off process accounting." + /sbin/accton +fi + +# Kill all processes. +# INIT is supposed to handle this entirely now, but this didn't always +# work correctly without this second pass at killing off the processes. +# Since INIT already notified the user that processes were being killed, +# we'll avoid echoing this info this time around. +if [ "$1" != "fast" ]; then # shutdown did not already kill all processes + killall5 -15 + sleep 5 + killall5 -9 +fi + +# Carry a random seed between reboots. +echo "Saving random seed from /dev/urandom in /etc/random-seed." +# Use the pool size from /proc, or 512 bytes: +if [ -r /proc/sys/kernel/random/poolsize ]; then + dd if=/dev/urandom of=/etc/random-seed count=1 bs=$(cat /proc/sys/kernel/random/poolsize) 2> /dev/null +else + dd if=/dev/urandom of=/etc/random-seed count=1 bs=512 2> /dev/null +fi +chmod 600 /etc/random-seed + +# Before unmounting file systems write a reboot or halt record to wtmp. +$command -w + +# Clear /var/lock/subsys. +if [ -d /var/lock/subsys ]; then + rm -f /var/lock/subsys/* +fi + +# This never hurts: +sync + +# sleep 1 fixes problems with some hard drives that don't +# otherwise finish syncing before reboot or poweroff +sleep 1 + +# This is to ensure all processes have completed on SMP machines: +wait + diff --git a/templates/vserver/files/etc/rc.d/rc.K b/templates/vserver/files/etc/rc.d/rc.K new file mode 100755 index 0000000..00a1501 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.K @@ -0,0 +1,88 @@ +#! /bin/sh +# +# rc.K This file is executed by init when it goes into runlevel +# 1, which is the administrative state. It kills all +# daemons and then puts the system into single user mode. +# Note that the file systems are kept mounted. +# +# Version: @(#)/etc/rc.d/rc.K 3.1415 Sat Jan 13 13:37:26 PST 2001 +# +# Author: Miquel van Smoorenburg <miquels@drinkel.nl.mugnet.org> +# Modified by: Patrick J. Volkerding <volkerdi@slackware.com> +# + +# Set the path. +PATH=/sbin:/bin:/usr/bin:/usr/sbin + +# If there are SystemV init scripts for this runlevel, run them. +if [ -x /etc/rc.d/rc.sysvinit ]; then + . /etc/rc.d/rc.sysvinit +fi + +# Try to turn off quota: +if grep -q quota /etc/fstab ; then + if [ -x /sbin/quotaoff ]; then + echo "Turning off filesystem quotas." + /sbin/quotaoff -a + fi +fi + +# Try to turn off accounting: +if [ -x /sbin/accton -a -r /var/log/pacct ]; then + echo "Turning off accounting." + /sbin/accton +fi + +# Stop the Apache web server: +if [ -x /etc/rc.d/rc.httpd ]; then + /etc/rc.d/rc.httpd stop +fi + +# Stop the Samba server: +if [ -x /etc/rc.d/rc.samba ]; then + . /etc/rc.d/rc.samba stop +fi + +# Shut down the NFS server: +if [ -x /etc/rc.d/rc.nfsd ]; then + /etc/rc.d/rc.nfsd stop +fi + +# Shut down PCMCIA devices: +if [ -x /etc/rc.d/rc.pcmcia ] ; then + . /etc/rc.d/rc.pcmcia stop + # The cards might need a little extra time here to initialize. + sleep 5 +fi + +# Kill all processes. +echo +echo "Sending all processes the SIGHUP signal." +killall5 -1 +echo -n "Waiting for processes to hang up" +for loop in 0 1 2 3 4 5 ; do + sleep 1 + echo -n "." +done +echo +echo "Sending all processes the SIGTERM signal." +killall5 -15 +echo -n "Waiting for processes to terminate" +for loop in 0 1 2 3 4 5 ; do + sleep 1 + echo -n "." +done +echo +echo "Sending all processes the SIGKILL signal." +killall5 -9 +echo -n "Waiting for processes to exit" +for loop in 0 1 2 3 4 5 ; do + sleep 1 + echo -n "." +done +echo + +# Now go to the single user level +echo "Going to single user mode..." +telinit -t 1 1 + diff --git a/templates/vserver/files/etc/rc.d/rc.M b/templates/vserver/files/etc/rc.d/rc.M new file mode 100755 index 0000000..0cb3343 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.M @@ -0,0 +1,256 @@ +#!/bin/sh +# +# rc.M This file is executed by init(8) when the system is being +# initialized for one of the "multi user" run levels (i.e. +# levels 1 through 6). It usually does mounting of file +# systems et al. +# +# Version: @(#)/etc/rc.d/rc.M 2.23 Wed Feb 26 19:20:58 PST 2003 +# +# Author: Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org> +# Heavily modified by Patrick Volkerding <volkerdi@slackware.com> +# + +# Tell the viewers what's going to happen. +echo "Going multiuser..." + +# Screen blanks after 15 minutes idle time, and powers down in one hour +# if the kernel supports APM or ACPI power management: +#/bin/setterm -blank 15 -powersave powerdown -powerdown 60 + +# Set the hostname. +#if [ -r /etc/HOSTNAME ]; then +# /bin/hostname $(cat /etc/HOSTNAME | cut -f1 -d .) +#else + # fall back on this old default: +# echo "darkstar.example.net" > /etc/HOSTNAME +# /bin/hostname darkstar +#fi + +# Save the contents of 'dmesg': +#/bin/dmesg -s 65536 > /var/log/dmesg + +# Start the system logger. +if [ -x /etc/rc.d/rc.syslog -a -x /usr/sbin/syslogd -a -d /var/log ]; then + . /etc/rc.d/rc.syslog start +fi + +# Initialize PCMCIA devices: +# +# NOTE: This used to be started near the top of rc.S so that PCMCIA devices +# could be fsck'ed along with the other drives. This had some unfortunate +# side effects, however, since root isn't yet read-write, and /var might not +# even be mounted the .pid files can't be correctly written in /var/run and +# the pcmcia system can't be correctly shut down. If you want some PCMCIA +# partition to be mounted at boot (or when the card is inserted) then add +# the appropriate lines to /etc/pcmcia/scsi.opts. +# +if [ -x /etc/rc.d/rc.pcmcia ] ; then + . /etc/rc.d/rc.pcmcia start + # The cards might need a little extra time here to initialize. + if [ -r /var/run/cardmgr.pid ]; then + sleep 5 + fi +fi + +# Initialize the networking hardware. If your network driver is a module +# and you haven't loaded it manually, this will be deferred until after +# the hotplug system loads the module below. +#if [ -x /etc/rc.d/rc.inet1 ]; then +# . /etc/rc.d/rc.inet1 +#fi + +# Initialize the hotplugging subsystem for Cardbus, IEEE1394, PCI, and USB devices: +if [ -x /etc/rc.d/rc.hotplug -a -r /proc/modules ]; then + # Don't run hotplug if 'nohotplug' was given at boot. + if ! grep nohotplug /proc/cmdline 1> /dev/null 2> /dev/null ; then + echo "Activating hardware detection: /etc/rc.d/rc.hotplug start" + . /etc/rc.d/rc.hotplug start + fi +fi + +# Start networking daemons: +if [ -x /etc/rc.d/rc.inet2 ]; then + . /etc/rc.d/rc.inet2 +fi + +# Remove stale locks and junk files (must be done after mount -a!) +/bin/rm -f /var/lock/* /var/spool/uucp/LCK..* /tmp/.X*lock /tmp/core /core 2> /dev/null + +# Remove stale hunt sockets so the game can start. +if [ -r /tmp/hunt -o -r /tmp/hunt.stats ]; then + echo "Removing your stale hunt sockets from /tmp." + /bin/rm -f /tmp/hunt* +fi + +# Ensure basic filesystem permissions sanity. +chmod 755 / 2> /dev/null +chmod 1777 /tmp /var/tmp + +# Update all the shared library links: +if [ -x /sbin/ldconfig ]; then + echo "Updating shared library links: /sbin/ldconfig" + /sbin/ldconfig +fi + +# Update the X font indexes: +if [ -x /usr/X11R6/bin/fc-cache ]; then + echo "Updating X font indexes: /usr/X11R6/bin/fc-cache" + /usr/X11R6/bin/fc-cache +fi + +# Start the print spooling system. This will usually be LPRng (lpd) or CUPS. +if [ -x /etc/rc.d/rc.cups ]; then + # Start CUPS: + /etc/rc.d/rc.cups start +elif [ -x /etc/rc.d/rc.lprng ]; then + # Start LPRng (lpd): + . /etc/rc.d/rc.lprng start +fi + +# Start netatalk. (a file/print server for Macs using Appletalk) +if [ -x /etc/rc.d/rc.atalk ]; then + /etc/rc.d/rc.atalk +fi + +# Start smartd, which monitors the status of S.M.A.R.T. compatible +# hard drives and reports any problems. Note some devices (which aren't +# smart, I guess ;) will hang if probed by smartd, so it's commented out +# by default. +#if [ -x /usr/sbin/smartd ]; then +# /usr/sbin/smartd +#fi + +# Monitor the UPS with genpowerd. +# To use this, uncomment this section and edit your settings in +# /etc/genpowerd.conf (serial device, UPS type, etc). For more information, +# see "man genpowerd" or the extensive documentation in the +# /usr/doc/genpower-1.0.3 directory. +# You'll also need to configure a similar block in /etc/rc.d/rc.6 if you want +# support for stopping the UPS's inverter after the machine halts. +#if [ -x /sbin/genpowerd ]; then +# echo "Starting genpowerd daemon..." +# /sbin/genpowerd +#fi + +# Turn on process accounting. To enable process accounting, make sure the +# option for BSD process accounting is enabled in your kernel, and then +# create the file /var/log/pacct (touch /var/log/pacct). By default, process +# accounting is not enabled (since /var/log/pacct does not exist). This is +# because the log file can get VERY large. +if [ -x /sbin/accton -a -r /var/log/pacct ]; then + /sbin/accton /var/log/pacct + chmod 640 /var/log/pacct + echo "Process accounting turned on." +fi + +# Start crond (Dillon's crond): +# If you want cron to actually log activity to /var/log/cron, then change +# -l10 to -l8 to increase the logging level. +if [ -x /usr/sbin/crond ]; then + /usr/sbin/crond -l10 >>/var/log/cron 2>&1 +fi + +# Start atd (manages jobs scheduled with 'at'): +if [ -x /usr/sbin/atd ]; then + /usr/sbin/atd -b 15 -l 1 +fi + +# Slackware-Mini-Quota-HOWTO: +# To really activate quotas, you'll need to add 'usrquota' and/or 'grpquota' to +# the appropriate partitions as listed in /etc/fstab. Here's an example: +# +# /dev/hda2 /home ext3 defaults,usrquota 1 1 +# +# You'll then need to setup initial quota files at the top of the partitions +# to support quota, like this: +# touch /home/aquota.user /home/aquota.group +# chmod 600 /home/aquota.user /home/aquota.group +# +# Then, reboot to activate the system. +# To edit user quotas, use 'edquota'. See 'man edquota'. Also, the +# official Quota Mini-HOWTO has lots of useful information. That can be found +# here: /usr/doc/Linux-HOWTOs/Quota + +# Check quotas and then turn quota system on: +if grep -q quota /etc/fstab ; then + if [ -x /sbin/quotacheck ]; then + echo "Checking filesystem quotas: /sbin/quotacheck -avugm" + /sbin/quotacheck -avugm + fi + if [ -x /sbin/quotaon ]; then + echo "Activating filesystem quotas: /sbin/quotaon -avug" + /sbin/quotaon -avug + fi +fi + +# Start the sendmail daemon: +if [ -x /etc/rc.d/rc.sendmail ]; then + . /etc/rc.d/rc.sendmail start +fi + +# Start the APM daemon if APM is enabled in the kernel: +if [ -x /usr/sbin/apmd ]; then + if cat /proc/apm 1> /dev/null 2> /dev/null ; then + echo "Starting APM daemon: /usr/sbin/apmd" + /usr/sbin/apmd + fi +fi + +# Start the ACPI (Advanced Configuration and Power Interface) daemon: +if [ -x /etc/rc.d/rc.acpid ]; then + . /etc/rc.d/rc.acpid start +fi + +# Load ALSA (sound) defaults: +if [ -x /etc/rc.d/rc.alsa ]; then + . /etc/rc.d/rc.alsa +fi + +# Load a custom screen font if the user has an rc.font script. +if [ -x /etc/rc.d/rc.font ]; then + . /etc/rc.d/rc.font +fi + +# Load a custom keymap if the user has an rc.keymap script. +if [ -x /etc/rc.d/rc.keymap ]; then + . /etc/rc.d/rc.keymap +fi + +# Initialize HP Officejet support: +if [ -x /etc/rc.d/rc.hpoj ]; then + . /etc/rc.d/rc.hpoj start +fi + +# Start the MySQL database: +if [ -x /etc/rc.d/rc.mysqld ]; then + . /etc/rc.d/rc.mysqld start +fi + +# Start Apache web server: +if [ -x /etc/rc.d/rc.httpd ]; then + . /etc/rc.d/rc.httpd start +fi + +# Start Samba (a file/print server for Win95/NT machines). +# Samba can be started in /etc/inetd.conf instead. +if [ -x /etc/rc.d/rc.samba ]; then + . /etc/rc.d/rc.samba start +fi + +# Start the GPM mouse server: +if [ -x /etc/rc.d/rc.gpm ]; then + . /etc/rc.d/rc.gpm start +fi + +# If there are SystemV init scripts for this runlevel, run them. +if [ -x /etc/rc.d/rc.sysvinit ]; then + . /etc/rc.d/rc.sysvinit +fi + +# Start the local setup procedure. +if [ -x /etc/rc.d/rc.local ]; then + . /etc/rc.d/rc.local +fi + +# All done. diff --git a/templates/vserver/files/etc/rc.d/rc.S b/templates/vserver/files/etc/rc.d/rc.S new file mode 100755 index 0000000..05c75b4 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.S @@ -0,0 +1,294 @@ +#!/bin/sh +# +# /etc/rc.d/rc.S: System initialization script. +# +# Mostly written by: Patrick J. Volkerding, <volkerdi@slackware.com> +# + +PATH=/sbin:/usr/sbin:/bin:/usr/bin + +# Mount /proc right away: +/sbin/mount -v proc /proc -n -t proc + +# If 'nohotplug' was given at boot, or rc.hotplug has been turned off +# (is not executable), then shut off hotplugging in the kernel now. +# Turning off hotplug is *not* recommended, and will break some things. +if [ -w /proc/sys/kernel/hotplug ]; then + if grep -w nohotplug /proc/cmdline 1> /dev/null 2> /dev/null ; then + echo "/dev/null" > /proc/sys/kernel/hotplug + elif [ ! -x /etc/rc.d/rc.hotplug ]; then + echo "/dev/null" > /proc/sys/kernel/hotplug + fi +fi + +# Start devfsd if necessary. On newer kernels, udev should be used instead. +if [ -x /etc/rc.d/rc.devfsd ]; then + /etc/rc.d/rc.devfsd start +fi + +# Mount sysfs next, if the kernel supports it: +if [ -d /sys ]; then + if cat /proc/filesystems | grep -w sysfs 1> /dev/null 2> /dev/null ; then + if ! cat /proc/mounts | grep -w sysfs 1> /dev/null 2> /dev/null ; then + /sbin/mount -v sysfs /sys -n -t sysfs + fi + fi +fi + +# Initialize udev to manage /dev entries for 2.6.x kernels: +if [ -x /etc/rc.d/rc.udev ]; then + if ! grep -w nohotplug /proc/cmdline 1> /dev/null 2> /dev/null ; then + /etc/rc.d/rc.udev + fi +fi + +# Enable swapping: +/sbin/swapon -a + +# Test to see if the root partition is read-only, like it ought to be. +READWRITE=no +if touch /fsrwtestfile 2>/dev/null; then + rm -f /fsrwtestfile + READWRITE=yes +else + echo "Testing root filesystem status: read-only filesystem" +fi + +# See if a forced filesystem check was requested at shutdown: +if [ -r /etc/forcefsck ]; then + FORCEFSCK="-f" +fi + +# Check the root filesystem: +if [ ! $READWRITE = yes ]; then + RETVAL=0 + if [ ! -r /etc/fastboot ]; then + echo "Checking root filesystem:" + /sbin/fsck $FORCEFSCK -C -a / + RETVAL=$? + fi + # An error code of 2 or higher will require a reboot. + if [ $RETVAL -ge 2 ]; then + # An error code equal to or greater than 4 means that some errors + # could not be corrected. This requires manual attention, so we + # offer a chance to try to fix the problem in single-user mode: + if [ $RETVAL -ge 4 ]; then + echo + echo "***********************************************************" + echo "*** An error occurred during the root filesystem check. ***" + echo "*** You will now be given a chance to log into the ***" + echo "*** system in single-user mode to fix the problem. ***" + echo "*** ***" + echo "*** If you are using the ext2 filesystem, running ***" + echo "*** 'e2fsck -v -y <partition>' might help. ***" + echo "***********************************************************" + echo + echo "Once you exit the single-user shell, the system will reboot." + echo + PS1="(Repair filesystem) \#"; export PS1 + sulogin + else # With an error code of 2 or 3, reboot the machine automatically: + echo + echo "***********************************" + echo "*** The filesystem was changed. ***" + echo "*** The system will now reboot. ***" + echo "***********************************" + echo + fi + echo "Unmounting file systems." + /sbin/umount -a -r + /sbin/mount -n -o remount,ro / + echo "Rebooting system." + sleep 2 + reboot -f + fi + # Remount the root filesystem in read-write mode + echo "Remounting root device with read-write enabled." + /sbin/mount -w -v -n -o remount / + if [ $? -gt 0 ] ; then + echo + echo "Attempt to remount root device as read-write failed! This is going to" + echo "cause serious problems." + echo + echo "If you're using the UMSDOS filesystem, you **MUST** mount the root partition" + echo "read-write! You can make sure the root filesystem is getting mounted " + echo "read-write with the 'rw' flag to Loadlin:" + echo + echo "loadlin vmlinuz root=/dev/hda1 rw (replace /dev/hda1 with your root device)" + echo + echo "Normal bootdisks can be made to mount a system read-write with the rdev command:" + echo + echo "rdev -R /dev/fd0 0" + echo + echo "You can also get into your system by using a boot disk with a command like this" + echo "on the LILO prompt line: (change the root partition name as needed)" + echo + echo "LILO: mount root=/dev/hda1 rw" + echo + echo "Please press ENTER to continue, then reboot and use one of the above methods to" + echo -n "get into your machine and start looking for the problem. " + read junk; + fi +else + echo "Testing root filesystem status: read-write filesystem" + if cat /etc/fstab | grep ' / ' | grep umsdos 1> /dev/null 2> /dev/null ; then + ROOTTYPE="umsdos" + fi + if [ ! "$ROOTTYPE" = "umsdos" ]; then # no warn for UMSDOS + echo + echo "*** ERROR: Root partition has already been mounted read-write. Cannot check!" + echo + echo "For filesystem checking to work properly, your system must initially mount" + echo "the root partition as read only. Please modify your kernel with 'rdev' so that" + echo "it does this. If you're booting with LILO, add a line:" + echo + echo " read-only" + echo + echo "to the Linux section in your /etc/lilo.conf and type 'lilo' to reinstall it." + echo + echo "If you boot from a kernel on a floppy disk, put it in the drive and type:" + echo " rdev -R /dev/fd0 1" + echo + echo "If you boot from a bootdisk, or with Loadlin, you can add the 'ro' flag." + echo + echo "This will fix the problem *AND* eliminate this annoying message. :^)" + echo + echo -n "Press ENTER to continue. " + read junk; + fi +fi # Done checking root filesystem + +# Any /etc/mtab that exists here is old, so we delete it to start over: +/bin/rm -f /etc/mtab* +# Remounting the / partition will initialize the new /etc/mtab: +/sbin/mount -w -o remount / + +# Fix /etc/mtab to list sys and proc if they were not yet entered in +# /etc/mtab because / was still mounted read-only: +if [ -d /proc/sys ]; then + /sbin/mount -f proc /proc -t proc +fi +if [ -d /sys/bus ]; then + /sbin/mount -f sysfs /sys -t sysfs +fi + +# Set the system time from the hardware clock using hwclock --hctosys. +if [ -x /sbin/hwclock ]; then + if grep "^UTC" /etc/hardwareclock 1> /dev/null 2> /dev/null ; then + echo "Setting system time from the hardware clock (UTC)." + /sbin/hwclock --utc --hctosys + else + echo "Setting system time from the hardware clock (localtime)." + /sbin/hwclock --localtime --hctosys + fi +fi + +# Configure ISA Plug-and-Play devices: +if [ -r /etc/isapnp.conf ]; then + if [ -x /sbin/isapnp ]; then + /sbin/isapnp /etc/isapnp.conf + fi +fi + +# This loads any kernel modules that are needed. These might be required to +# use your ethernet card, sound card, or other optional hardware. +if [ -x /etc/rc.d/rc.modules -a -r /proc/modules ]; then + . /etc/rc.d/rc.modules +fi + +# Configure runtime kernel parameters: +if [ -x /sbin/sysctl -a -r /etc/sysctl.conf ]; then + /sbin/sysctl -e -p /etc/sysctl.conf +fi + +# Initialize the Logical Volume Manager. +# This won't start unless we find /etc/lvmtab (LVM1) or +# /etc/lvm/backup/ (LVM2). This is created by /sbin/vgscan, so to +# use LVM you must run /sbin/vgscan yourself the first time (and +# create some VGs and LVs). +if [ -r /etc/lvmtab -o -d /etc/lvm/backup ]; then + echo "Initializing LVM (Logical Volume Manager):" + # Check for device-mapper support. + if ! cat /proc/devices | grep -w device-mapper 1> /dev/null 2> /dev/null ; then + # If device-mapper exists as a module, try to load it. + if [ -r /lib/modules/$(cat /proc/sys/kernel/osrelease)/kernel/drivers/md/dm-mod.ko ]; then + insmod /lib/modules/$(cat /proc/sys/kernel/osrelease)/kernel/drivers/md/dm-mod.ko + fi + fi + # Scan for new volume groups: + /sbin/vgscan 2> /dev/null + if [ $? = 0 ]; then + # This needs a moment to register. + sleep 10 + # Make volume groups available to the kernel. + # This should also make logical volumes available. + /sbin/vgchange -ay + # Enable swapping again in case any LVs are used for swap. Ignore previous error. :-) + /sbin/swapon -a + fi +fi + +# Check all the non-root filesystems: +if [ ! -r /etc/fastboot ]; then + echo "Checking non-root filesystems:" + /sbin/fsck $FORCEFSCK -C -R -A -a +fi + +# mount non-root file systems in fstab (but not NFS or SMB +# because TCP/IP is not yet configured, and not proc because +# that has already been mounted): +/sbin/mount -a -v -t nonfs,nosmbfs,noproc + +# Clean up some temporary files: +( cd /var/log/setup/tmp && rm -rf * ) +/bin/rm -f /var/run/utmp /var/run/*pid /etc/nologin /var/run/lpd* \ + /var/run/ppp* /etc/dhcpc/*.pid /etc/forcefsck /etc/fastboot + +# Attempt to umount and remove any leftover /initrd: +if [ -d /initrd ]; then + /sbin/umount /initrd 2> /dev/null + rmdir /initrd 2> /dev/null + blockdev --flushbufs /dev/ram0 2> /dev/null +fi + +# Create a fresh utmp file: +touch /var/run/utmp +chown root.utmp /var/run/utmp +chmod 664 /var/run/utmp + +if [ "$ROOTTYPE" = "umsdos" ]; then # we need to update any files added in DOS: + echo "Synchronizing UMSDOS directory structure:" + echo " /sbin/umssync -r99 -v- /" + /sbin/umssync -r99 -v- / +fi + +# Setup the /etc/motd to reflect the current kernel level: +# THIS WIPES ANY CHANGES YOU MAKE TO /ETC/MOTD WITH EACH BOOT. +# COMMENT THIS OUT IF YOU WANT TO MAKE A CUSTOM VERSION. +echo "$(/bin/uname -sr)." > /etc/motd + +# If there are SystemV init scripts for this runlevel, run them. +if [ -x /etc/rc.d/rc.sysvinit ]; then + . /etc/rc.d/rc.sysvinit +fi + +# Run serial port setup script: +# (CAREFUL! This can make some systems hang if the rc.serial script isn't +# set up correctly. If this happens, you may have to edit the file from a +# boot disk) +# +# . /etc/rc.d/rc.serial + +# Carry an entropy pool between reboots to improve randomness. +if [ -f /etc/random-seed ]; then + echo "Using /etc/random-seed to initialize /dev/urandom." + cat /etc/random-seed > /dev/urandom +fi +# Use the pool size from /proc, or 512 bytes: +if [ -r /proc/sys/kernel/random/poolsize ]; then + dd if=/dev/urandom of=/etc/random-seed count=1 bs=$(cat /proc/sys/kernel/random/poolsize) 2> /dev/null +else + dd if=/dev/urandom of=/etc/random-seed count=1 bs=512 2> /dev/null +fi +chmod 600 /etc/random-seed + diff --git a/templates/vserver/files/etc/rc.d/rc.httpd b/templates/vserver/files/etc/rc.d/rc.httpd new file mode 100644 index 0000000..00b8837 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.httpd @@ -0,0 +1,21 @@ +#!/bin/sh +# +# /etc/rc.d/rc.httpd +# +# Start/stop/restart the Apache web server. +# +# To make Apache start automatically at boot, make this +# file executable: chmod 755 /etc/rc.d/rc.httpd +# + +case "$1" in + 'start') + /usr/sbin/apachectl start ;; + 'stop') + /usr/sbin/apachectl stop ;; + 'restart') + /usr/sbin/apachectl restart ;; + *) + echo "usage $0 start|stop|restart" ;; +esac + diff --git a/templates/vserver/files/etc/rc.d/rc.inet2 b/templates/vserver/files/etc/rc.d/rc.inet2 new file mode 100755 index 0000000..db56589 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.inet2 @@ -0,0 +1,129 @@ +#!/bin/sh +# +# rc.inet2 This shell script boots up the entire network system. +# Note, that when this script is used to also fire +# up any important remote NFS disks (like the /usr +# directory), care must be taken to actually +# have all the needed binaries online _now_ ... +# +# Uncomment or comment out sections depending on which +# services your site requires. +# +# Author: Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org> +# Modified for Slackware by Patrick Volkerding <volkerdi@slackware.com> + + +# At this point, we are ready to talk to The World... + + +# Mount remote (NFS) filesystems: +if cat /etc/fstab | grep -v '^#' | grep -w nfs 1> /dev/null 2> /dev/null ; then + # Start the RPC portmapper if we find NFS volumes defined in /etc/fstab, + # since it will need to be running in order to mount them. If portmap + # is not running, attempting to mount an NFS partition will cause mount + # to hang. Keep this in mind if you plan to mount unlisted partitions... + if [ -x /etc/rc.d/rc.portmap ]; then + . /etc/rc.d/rc.portmap start + else + # Warn about a possible NFS problem. It's also possible to mount NFS partitions + # without rpc.portmap by using '-o nolock' (not a good idea in most cases). + echo "WARNING: NFS partitions found in /etc/fstab, but /etc/rc.d/rc.portmap is" + echo " not executable. If you do not run portmap, NFS partitions will" + echo " not mount properly. To start rpc.portmap at boot, change the" + echo " permissions on /etc/rc.d/rc.portmap: chmod 755 /etc/rc.d/rc.portmap" + sleep 10 + fi + echo "Mounting remote (NFS) file systems: /sbin/mount -a -t nfs" + /sbin/mount -a -t nfs # This may be our /usr runtime! + # Show the mounted volumes: + /sbin/mount -v -t nfs +fi + +# Load the RPC portmapper if /etc/rc.d/rc.portmap is executable. +# This might be needed to mount NFS partitions that are not listed in /etc/fstab. +if [ -x /etc/rc.d/rc.portmap ]; then + . /etc/rc.d/rc.portmap start +fi + +# Mount remote (SMB) filesystems: +if cat /etc/fstab | grep -v '^#' | grep -w smbfs 1> /dev/null 2> /dev/null ; then + echo "Mounting remote (SMB) file systems: /sbin/mount -a -t smbfs" + /sbin/mount -a -t smbfs + # Show the mounted volumes: + /sbin/mount -v -t smbfs +fi + +# Start the system logger if it is not already running (maybe because /usr +# is on a network partition). +if [ -x /etc/rc.d/rc.syslog -a -d /var/log -a ! -r /var/run/syslogd.pid ]; then + . /etc/rc.d/rc.syslog start +fi + +# If there is a firewall script, run it before enabling packet forwarding. +# See the HOWTOs on http://www.netfilter.org/ for documentation on +# setting up a firewall or NAT on Linux. In some cases this might need to +# be moved past the section below dealing with IP packet forwarding. +if [ -x /etc/rc.d/rc.firewall ]; then + /etc/rc.d/rc.firewall start +fi + +# Turn on IPv4 packet forwarding support. +if [ -x /etc/rc.d/rc.ip_forward ]; then + . /etc/rc.d/rc.ip_forward start +fi + +# Start the inetd server: +if [ -x /etc/rc.d/rc.inetd ]; then + /etc/rc.d/rc.inetd start +fi + +# Start the OpenSSH SSH daemon: +if [ -x /etc/rc.d/rc.sshd ]; then + echo "Starting OpenSSH SSH daemon: /usr/sbin/sshd" + /etc/rc.d/rc.sshd start +fi + +# Start the BIND name server daemon: +if [ -x /etc/rc.d/rc.bind ]; then + /etc/rc.d/rc.bind start +fi + +# Start NIS (the Network Information Service): +if [ -x /etc/rc.d/rc.yp ]; then + . /etc/rc.d/rc.yp start +fi + +# Start the NFS server. Note that for this to work correctly, you'll +# need to load the knfsd module for kernel NFS server support. +# You'll also need to set up some shares in /etc/exports, and be sure +# that /etc/rc.d/rc.portmap is executable. +# Starting the NFS server: +if [ -x /etc/rc.d/rc.nfsd ]; then + /etc/rc.d/rc.nfsd start +fi + +# Stuff you won't need follows. ;-) + +# # Start the network routing daemon: +# if [ -x /usr/sbin/routed ]; then +# echo "Starting network routing daemon: /usr/sbin/routed" +# /usr/sbin/routed -g -s +# fi + +# # Start the system status server: +# if [ -x /usr/sbin/rwhod ]; then +# echo "Starting system status server: /usr/sbin/rwhod" +# /usr/sbin/rwhod +# fi + +# # Fire up the PC-NFS daemon(s). This is a primarily obsolete system, and may +# # not be very secure. It's not at all needed for normal NFS server support. +# # You probably should not run this. +# if [ -x /usr/sbin/rpc.pcnfsd ]; then +# echo "Starting PC-NFS daemons: /usr/sbin/rpc.pcnfsd /usr/sbin/rpc.bwnfsd" +# /usr/sbin/rpc.pcnfsd /var/spool/lpd +# fi +# if [ -x /usr/sbin/rpc.bwnfsd ]; then +# /usr/sbin/rpc.bwnfsd /var/spool/lpd +# fi + diff --git a/templates/vserver/files/etc/rc.d/rc.inetd b/templates/vserver/files/etc/rc.d/rc.inetd new file mode 100644 index 0000000..9fe1419 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.inetd @@ -0,0 +1,36 @@ +#!/bin/sh +# Start/stop/restart inetd, the BSD Internet super-daemon. + +# Start inetd: +inetd_start() { + if [ -x /usr/sbin/inetd ]; then + echo "Starting Internet super-server daemon: /usr/sbin/inetd" + /usr/sbin/inetd + fi +} + +# Stop inetd: +inetd_stop() { + killall inetd +} + +# Restart inetd: +inetd_restart() { + inetd_stop + sleep 1 + inetd_start +} + +case "$1" in +'start') + inetd_start + ;; +'stop') + inetd_stop + ;; +'restart') + inetd_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/templates/vserver/files/etc/rc.d/rc.ip_forward b/templates/vserver/files/etc/rc.d/rc.ip_forward new file mode 100644 index 0000000..52bd2fe --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.ip_forward @@ -0,0 +1,64 @@ +#!/bin/sh +# /etc/rc.d/rc.ip_forward: start/stop IP packet forwarding +# +# If you intend to run your Linux box as a router, i.e. as a +# computer that forwards and redistributes network packets, you +# will need to enable IP packet forwarding in your kernel. +# +# To activate IP packet forwarding at boot time, make this +# script executable: chmod 755 /etc/rc.d/rc.ip_forward +# +# To disable IP packet forwarding at boot time, make this +# script non-executable: chmod 644 /etc/rc.d/rc.ip_forward + +# Start IP packet forwarding: +ip_forward_start() { + if [ -f /proc/sys/net/ipv4/ip_forward ]; then + echo "Activating IPv4 packet forwarding." + echo 1 > /proc/sys/net/ipv4/ip_forward + fi + # When using IPv4 packet forwarding, you will also get the + # rp_filter, which automatically rejects incoming packets if the + # routing table entry for their source address doesn't match the + # network interface they're arriving on. This has security + # advantages because it prevents the so-called IP spoofing, + # however it can pose problems if you use asymmetric routing + # (packets from you to a host take a different path than packets + # from that host to you) or if you operate a non-routing host + # which has several IP addresses on different interfaces. To + # turn rp_filter off, uncomment the lines below: + #if [ -r /proc/sys/net/ipv4/conf/all/rp_filter ]; then + # echo "Disabling rp_filter." + # echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter + #fi +} + +# Stop IP packet forwarding: +ip_forward_stop() { + if [ -f /proc/sys/net/ipv4/ip_forward ]; then + echo "Disabling IPv4 packet forwarding." + echo 0 > /proc/sys/net/ipv4/ip_forward + fi +} + +# Restart IP packet forwarding: +ip_forward_restart() { + ip_forward_stop + sleep 1 + ip_forward_start +} + +case "$1" in +'start') + ip_forward_start + ;; +'stop') + ip_forward_stop + ;; +'restart') + ip_forward_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac + diff --git a/templates/vserver/files/etc/rc.d/rc.local b/templates/vserver/files/etc/rc.d/rc.local new file mode 100755 index 0000000..3cf2076 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.local @@ -0,0 +1,5 @@ +#!/bin/sh +# +# /etc/rc.d/rc.local: Local system initialization script. +# +# Put any local setup commands in here: diff --git a/templates/vserver/files/etc/rc.d/rc.mysqld b/templates/vserver/files/etc/rc.d/rc.mysqld new file mode 100644 index 0000000..239e2e6 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.mysqld @@ -0,0 +1,80 @@ +#!/bin/sh +# Start/stop/restart mysqld. +# +# Copyright 2003 Patrick J. Volkerding, Concord, CA +# Copyright 2003 Slackware Linux, Inc., Concord, CA +# +# This program comes with NO WARRANTY, to the extent permitted by law. +# You may redistribute copies of this program under the terms of the +# GNU General Public License. + +# To start MySQL automatically at boot, be sure this script is executable: +# chmod 755 /etc/rc.d/rc.mysqld + +# Before you can run MySQL, you must have a database. To install an initial +# database, do this as root: +# +# su - mysql +# mysql_install_db +# +# Note that step one is becoming the mysql user. It's important to do this +# before making any changes to the database, or mysqld won't be able to write +# to it later (this can be fixed with 'chown -R mysql.mysql /var/lib/mysql'). + +# To disallow outside connections to the database (if you don't need them, this +# is recommended to increase security), uncomment the next line: +#SKIP="--skip-networking" + +# Start mysqld: +mysqld_start() { + if [ -x /usr/bin/mysqld_safe ]; then + # If there is an old PID file (no mysqld running), clean it up: + if [ -r /var/run/mysql/mysql.pid ]; then + if ! ps ax | grep mysqld 1> /dev/null 2> /dev/null ; then + echo "Cleaning up old /var/run/mysql/mysql.pid." + rm -f /var/run/mysql/mysql.pid + fi + fi + /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var/run/mysql/mysql.pid $SKIP & + fi +} + +# Stop mysqld: +mysqld_stop() { + # If there is no PID file, ignore this request... + if [ -r /var/run/mysql/mysql.pid ]; then + killall mysqld + # Wait at least one minute for it to exit, as we don't know how big the DB is... + for second in 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 \ + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 60 ; do + if [ ! -r /var/run/mysql/mysql.pid ]; then + break; + fi + sleep 1 + done + if [ "$second" = "60" ]; then + echo "WARNING: Gave up waiting for mysqld to exit!" + sleep 15 + fi + fi +} + +# Restart mysqld: +mysqld_restart() { + mysqld_stop + mysqld_start +} + +case "$1" in +'start') + mysqld_start + ;; +'stop') + mysqld_stop + ;; +'restart') + mysqld_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/templates/vserver/files/etc/rc.d/rc.postfix b/templates/vserver/files/etc/rc.d/rc.postfix new file mode 100644 index 0000000..bc32367 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.postfix @@ -0,0 +1,45 @@ +#!/bin/sh +# +## Slackware init script for postfix +## 20030828 Manolis Tzanidakis +# + +postfix_start() { + if [ -x /usr/sbin/postfix ]; then + echo -n "Starting postfix MTA: " + echo "/usr/sbin/postfix start" + /usr/sbin/postfix start 2>/dev/null + fi +} + +postfix_stop() { + /usr/sbin/postfix stop 2>/dev/null +} + +postfix_restart() { + sh $0 stop + sleep 1 + sh $0 start +} + +postfix_reload() { + /usr/sbin/postfix reload 2>/dev/null +} + +case "$1" in + 'start') + postfix_start + ;; + 'stop') + postfix_stop + ;; + 'restart') + postfix_restart + ;; + 'reload') + postfix_reload + ;; + *) + echo "usage $0 start|stop|restart|reload" +esac + diff --git a/templates/vserver/files/etc/rc.d/rc.sendmail b/templates/vserver/files/etc/rc.d/rc.sendmail new file mode 100644 index 0000000..1a31c52 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.sendmail @@ -0,0 +1,38 @@ +#!/bin/sh +# Start/stop/restart sendmail. + +# Start sendmail: +sendmail_start() { + if [ -x /usr/sbin/sendmail ]; then + echo "Starting sendmail MTA daemon: /usr/sbin/sendmail -L sm-mta -bd -q25m" + /usr/sbin/sendmail -L sm-mta -bd -q25m + echo "Starting sendmail MSP queue runner: /usr/sbin/sendmail -L sm-msp-queue -Ac -q25m" + /usr/sbin/sendmail -L sm-msp-queue -Ac -q25m + fi +} + +# Stop sendmail: +sendmail_stop() { + killall sendmail +} + +# Restart sendmail: +sendmail_restart() { + sendmail_stop + sleep 1 + sendmail_start +} + +case "$1" in +'start') + sendmail_start + ;; +'stop') + sendmail_stop + ;; +'restart') + sendmail_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/templates/vserver/files/etc/rc.d/rc.serial b/templates/vserver/files/etc/rc.d/rc.serial new file mode 100755 index 0000000..5f31c01 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.serial @@ -0,0 +1,132 @@ +# +# /etc/rc.serial +# Initializes the serial ports on your system +# +# chkconfig: 2345 50 75 +# description: This initializes the settings of the serial port +# +# FILE_VERSION: 19981128 +# +# Distributed with setserial and the serial driver. We need to use the +# FILE_VERSION field to assure that we don't overwrite a newer rc.serial +# file with a newer one. +# +# XXXX For now, the autosave feature doesn't work if you are +# using the multiport feature; it doesn't save the multiport configuration +# (for now). Autosave also doesn't work for the hayes devices. +# + +RCLOCKFILE=/var/lock/subsys/serial +DIRS="/lib/modules/`uname -r`/misc /lib/modules /usr/lib/modules ." +PATH=/bin:/sbin:/usr/bin +DRIVER=serial +DRIVER_NAME=serial +MODULE_REGEXP="serial\b" + +ALLDEVS="/dev/ttyS?" +if /bin/ls /dev/ttyS?? >& /dev/null ; then + ALLDEVS="$ALLDEVS /dev/ttyS??" +fi + +SETSERIAL="" +if test -x /bin/setserial ; then + SETSERIAL=/bin/setserial +elif test -x /sbin/setserial ; then + SETSERIAL=/sbin/setserial +fi + +# +# See if the serial driver is loaded +# +LOADED="" +if test -f /proc/devices; then + if grep -q " ttyS$" /proc/devices ; then + LOADED="yes" + else + LOADED="no" + fi +fi + +# +# Find the serial driver +# +for i in $DIRS +do + if test -z "$MODULE" -a -f $i/$DRIVER.o ; then + MODULE=$i/$DRIVER.o + fi +done + +if ! test -f /proc/modules ; then + MODULE="" +fi + +# +# Handle System V init conventions... +# +case $1 in +start) + action="start"; + ;; +stop) + action="stop"; + ;; +*) + action="start"; +esac + +if test $action = stop ; then + if test -n ${SETSERIAL} -a "$LOADED" != "no" -a \ + `head -1 /etc/serial.conf`X = "###AUTOSAVE###X" ; then + echo -n "Saving state of serial devices... " + grep "^#" /etc/serial.conf > /etc/.serial.conf.new + ${SETSERIAL} -G -g ${ALLDEVS} >> /etc/.serial.conf.new + mv /etc/serial.conf /etc/.serial.conf.old + mv /etc/.serial.conf.new /etc/serial.conf + echo "done." + fi + if test -n "$MODULE" ; then + module=`grep $MODULE_REGEXP /proc/modules | awk '{print $1}'` + if test -z "$module" ; then + echo "The $DRIVER_NAME driver is not loaded." + rm -f ${RCLOCKFILE} + exit 0 + fi + if rmmod $module ; then :; else + echo "The $DRIVER_NAME driver could NOT be unloaded." + exit 1; + fi + echo "The $DRIVER_NAME driver has been unloaded." + fi + rm -f ${RCLOCKFILE} + exit 0 +fi + +# +# If not stop, it must be a start.... +# + +if test -n "$MODULE" -a "$LOADED" != "yes" ; then + if insmod -f $MODULE $DRIVER_ARG ; then + true + else + echo "Couldn't load $DRIVER_NAME driver." + exit 1 + fi +fi + +if test -f /etc/serial.conf ; then + if test -n ${SETSERIAL} ; then + grep -v ^# < /etc/serial.conf | while read device args + do + if [ ! "$device" = "" -a ! "$args" = "" ]; then + ${SETSERIAL} -z $device $args + fi + done + fi +else + echo "###AUTOSAVE###" > /etc/serial.conf +fi + +touch ${RCLOCKFILE} +${SETSERIAL} -bg ${ALLDEVS} diff --git a/templates/vserver/files/etc/rc.d/rc.sshd b/templates/vserver/files/etc/rc.d/rc.sshd new file mode 100755 index 0000000..a3707e3 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.sshd @@ -0,0 +1,50 @@ +#!/bin/sh +# Start/stop/restart the secure shell server: + +sshd_start() { + # Create host keys if needed. + if [ ! -r /etc/ssh/ssh_host_key ]; then + /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' + fi + if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then + /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' + fi + if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then + /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' + fi + /usr/sbin/sshd +} + +sshd_stop() { + killall sshd +} + +sshd_restart() { + if [ -r /var/run/sshd.pid ]; then + echo "WARNING: killing listener process only. To kill every sshd process, you must" + echo " use 'rc.sshd stop'. 'rc.sshd restart' kills only the parent sshd to" + echo " allow an admin logged in through sshd to use 'rc.sshd restart' without" + echo " being cut off. If sshd has been upgraded, new connections will now" + echo " use the new version, which should be a safe enough approach." + kill `cat /var/run/sshd.pid` + else + killall sshd + fi + sleep 1 + sshd_start +} + +case "$1" in +'start') + sshd_start + ;; +'stop') + sshd_stop + ;; +'restart') + sshd_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac + diff --git a/templates/vserver/files/etc/rc.d/rc.syslog b/templates/vserver/files/etc/rc.d/rc.syslog new file mode 100755 index 0000000..a005fb7 --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.syslog @@ -0,0 +1,42 @@ +#!/bin/sh +# Start/stop/restart the system logging daemons. +# +# Written for Slackware Linux by Patrick J. Volkerding <volkerdi@slackware.com>. + +syslogd_start() { + if [ -x /usr/sbin/syslogd -a -x /usr/sbin/klogd ]; then + echo -n "Starting sysklogd daemons: " + echo -n "/usr/sbin/syslogd " + /usr/sbin/syslogd + sleep 1 # prevent syslogd/klogd race condition on SMP kernels + echo "/usr/sbin/klogd -c 3 -x" + # '-c 3' = display level 'error' or higher messages on console + # '-x' = turn off broken EIP translation + /usr/sbin/klogd -c 3 -x + fi +} + +syslogd_stop() { + killall syslogd 2> /dev/null + killall klogd 2> /dev/null +} + +syslogd_restart() { + syslogd_stop + sleep 1 + syslogd_start +} + +case "$1" in +'start') + syslogd_start + ;; +'stop') + syslogd_stop + ;; +'restart') + syslogd_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/templates/vserver/files/etc/rc.d/rc.sysvinit b/templates/vserver/files/etc/rc.d/rc.sysvinit new file mode 100755 index 0000000..916e59e --- /dev/null +++ b/templates/vserver/files/etc/rc.d/rc.sysvinit @@ -0,0 +1,58 @@ +#!/bin/sh +# +# rc.sysvinit This file provides basic compatibility with SystemV style +# startup scripts. The SystemV style init system places +# start/stop scripts for each runlevel into directories such as +# /etc/rc.d/rc3.d/ (for runlevel 3) instead of starting them +# from /etc/rc.d/rc.M. This makes for a lot more init scripts, +# and a more complicated execution path to follow through if +# something goes wrong. For this reason, Slackware has always +# used the traditional BSD style init script layout. +# +# However, many binary packages exist that install SystemV +# init scripts. With rc.sysvinit in place, most well-written +# startup scripts will work. This is primarily intended to +# support commercial software, though, and probably shouldn't +# be considered bug free. +# +# Written by Patrick Volkerding <volkerdi@slackware.com>, 1999 +# from an example by Miquel van Smoorenburg <miquels@cistron.nl>. + +# Run an init script: +startup() { + case "$1" in + *.sh) + sh "$@" + ;; + *) + "$@" + ;; + esac +} + +# Set onlcr to avoid staircase effect. +stty onlcr 0>&1 + +if [ "$runlevel" = "" ]; then + runlevel=$RUNLEVEL + export runlevel + prevlevel=$PREVLEVEL + export prevlevel +fi + +# Run kill scripts in the previous runlevel if not "none" +if [ ! "$prevlevel" = "N" ]; then + for script in /etc/rc.d/rc$prevlevel.d/K* ; do + if [ -x $script ]; then + startup $script stop + fi + done +fi + +# Now do the startup scripts: +for script in /etc/rc.d/rc$runlevel.d/S* ; do + if [ -x $script ]; then + startup $script start + fi +done + diff --git a/templates/vserver/files/etc/rssh.conf b/templates/vserver/files/etc/rssh.conf new file mode 100644 index 0000000..a74acc6 --- /dev/null +++ b/templates/vserver/files/etc/rssh.conf @@ -0,0 +1,48 @@ +# This is the default rssh config file + +# set the log facility. "LOG_USER" and "user" are equivalent. +logfacility = LOG_USER + +# Leave these all commented out to make the default action for rssh to lock +# users out completely... + +allowscp +allowsftp +#allowcvs +#allowrdist +#allowrsync + +# set the default umask +umask = 022 + +# If you want to chroot users, use this to set the directory where the root of +# the chroot jail will be located. +# +# if you DO NOT want to chroot users, LEAVE THIS COMMENTED OUT. +# You can quote anywhere, but quotes not required unless path contains a +# space... as in this example. + +chrootpath = "/var/users" + +########################################## +# EXAMPLES of configuring per-user options + +#user=rudy:077:00010: # the path can simply be left out to not chroot +#user=rudy:077:00010 # the ending colon is optional + +#spaces in the path must be quoted... +#user=rudy:011:00001:"/usr/local/chroot dir" # scp with chroot +#user=rudy:011:00010:"/usr/local/chroot dir" # sftp with chroot +#user=rudy:011:00011:"/usr/local/chroot dir" # both with chroot +#user=rudy:011:00100: # cvs, with no chroot +#user=rudy:011:01000: # rdist, with no chroot +#user=rudy:011:10000: # rsync, with no chroot +#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted +#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak! +#user=rudy:'011:00001:/usr/local/chroot' # single quotes too + +# Spaces before or after the '=' are fine, but spaces in chrootpath need +# quotes. +#user = "rudy:011:00001:/usr/local/chroot dir" +#user = "rudy:011:00001:/usr/local/chroot dir" # neither do comments at line end + diff --git a/templates/vserver/files/etc/ssh/sshd_config b/templates/vserver/files/etc/ssh/sshd_config new file mode 100644 index 0000000..a161fec --- /dev/null +++ b/templates/vserver/files/etc/ssh/sshd_config @@ -0,0 +1,103 @@ +# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#Protocol 2,1 +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 768 + +# Logging +#obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication mechanism. +# Depending on your PAM configuration, this may bypass the setting of +# PasswordAuthentication, PermitEmptyPasswords, and +# "PermitRootLogin without-password". If you just want the PAM account and +# session checks to run without PAM authentication, then enable this but set +# ChallengeResponseAuthentication=no +#UsePAM no + +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression yes +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 + +# no default banner path +#Banner /some/path + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server diff --git a/templates/vserver/files/var/www/htdocs/missing.html b/templates/vserver/files/var/www/htdocs/missing.html new file mode 100644 index 0000000..2762324 --- /dev/null +++ b/templates/vserver/files/var/www/htdocs/missing.html @@ -0,0 +1,12 @@ +<html> +<head> +<title>404 - Not Found</title> +</head> +<body> + <center> + <pre> + File not found. + </pre> + </center> +</body> +</html> diff --git a/templates/vserver/files/var/www/missing.html b/templates/vserver/files/var/www/missing.html new file mode 100644 index 0000000..b2eec17 --- /dev/null +++ b/templates/vserver/files/var/www/missing.html @@ -0,0 +1,12 @@ +<html> +<head> +<title>404 - Not Found</title> +</head> +<body> + <center> + <pre> + O endereço que você requisitou não pôde ser encontrado :( + </pre> + </center> +</body> +</html> diff --git a/templates/vserver/packages b/templates/vserver/packages new file mode 100644 index 0000000..0cd1f69 --- /dev/null +++ b/templates/vserver/packages @@ -0,0 +1,250 @@ +# This is a Slackware Installation Tagfile. +# +# This one comes from disk: A1 (Base Linux series) +# and a backup copy called "tagfile.org" can be found on the same disk. You +# should never edit the "tagfile.org" copy, only the one called "tagfile". Use +# the "tagfile.org" only if you want to restore original installation defaults +# by copying it over the top of "tagfile". +# +# It is used to automate software installation. +# There are two labels that you can use: ADD and SKP. +# +# If the PROMPT option is used during installation, this file will be checked +# to determine the installation default. First, all the lines beginning with +# <package_name>: +# will be extracted. Then, the last line in the extracted segment will be +# checked for the flags ADD, REC, OPT and SKP. +# +# If ADD is found, then a priority of [required] will be displayed, and the +# package will be automatically installed. +# +# If SKP is found, then a priority of [skip] will be displayed, and +# the package will be automatically skipped. +# +# All other packages will be prompted for. There are two optional flags you +# can use to change the package priority level shown when the user is +# prompted: REC and OPT. If REC is found, the priority shown will be +# [recommended], while if OPT is found, the user sees priority [optional]. +# +# If no flags are found for a given package, the user is shown priority +# [unknown], and is prompted for whether the package should be installed. +# +# If you mess this file up beyond recognition, just restore from "tagfile.org" +# +# +aaa_base: ADD +aaa_elflibs: ADD +bash: ADD +bin: ADD +bzip2: ADD +coreutils: ADD +cxxlibs: ADD +dcron: ADD +elvis: ADD +etc: ADD +findutils: ADD +gawk: ADD +gettext: REC +grep: ADD +gzip: ADD +infozip: ADD +less: ADD +logrotate: ADD +openssl-solibs: ADD +pkgtools: ADD +procps: ADD +sed: ADD +shadow: ADD +slocate: ADD +sysklogd: ADD +sysvinit: ADD +tar: ADD +util-linux: ADD +# This is a Slackware Installation Tagfile. +# +# This one comes from disk: AP1 (Applications series) +# and a backup copy called "tagfile.org" can be found on the same disk. You +# should never edit the "tagfile.org" copy, only the one called "tagfile". Use +# the "tagfile.org" only if you want to restore original installation defaults +# by copying it over the top of "tagfile". +# +# It is used to automate software installation. +# There are two labels that you can use: ADD and SKP. +# +# If the PROMPT option is used during installation, this file will be checked +# to determine the installation default. First, all the lines beginning with +# <package_name>: +# will be extracted. Then, the last line in the extracted segment will be +# checked for the flags ADD, REC, OPT and SKP. +# +# If ADD is found, then a priority of [required] will be displayed, and the +# package will be automatically installed. +# +# If SKP is found, then a priority of [skip] will be displayed, and +# the package will be automatically skipped. +# +# All other packages will be prompted for. There are two optional flags you +# can use to change the package priority level shown when the user is +# prompted: REC and OPT. If REC is found, the priority shown will be +# [recommended], while if OPT is found, the user sees priority [optional]. +# +# If no flags are found for a given package, the user is shown priority +# [unknown], and is prompted for whether the package should be installed. +# +# If you mess this file up beyond recognition, just restore from "tagfile.org" +# +# +bc: OPT +diffutils: REC +jed: OPT +joe: OPT +jove: OPT +lsof: OPT +mysql: OPT +sudo: OPT +glibc: REC +# Tagfile for emacs series +# This is a Slackware Installation Tagfile. +# +# This one comes from disk: F1 (Frequently Asked Questions) +# and a backup copy called "tagfile.org" can be found on the same disk. You +# should never edit the "tagfile.org" copy, only the one called "tagfile". Use +# the "tagfile.org" only if you want to restore original installation defaults +# by copying it over the top of "tagfile". +# +# It is used to automate software installation. +# There are two labels that you can use: ADD and SKP. +# +# If the PROMPT option is used during installation, this file will be checked +# to determine the installation default. First, all the lines beginning with +# <package_name>: +# will be extracted. Then, the last line in the extracted segment will be +# checked for the flags ADD, REC, OPT and SKP. +# +# If ADD is found, then a priority of [required] will be displayed, and the +# package will be automatically installed. +# +# If SKP is found, then a priority of [skip] will be displayed, and +# the package will be automatically skipped. +# +# All other packages will be prompted for. There are two optional flags you +# can use to change the package priority level shown when the user is +# prompted: REC and OPT. If REC is found, the priority shown will be +# [recommended], while if OPT is found, the user sees priority [optional]. +# +# If no flags are found for a given package, the user is shown priority +# [unknown], and is prompted for whether the package should be installed. +# +# If you mess this file up beyond recognition, just restore from "tagfile.org" +# +# +libidn: REC +libxml2: REC +mhash: REC +# This is a Slackware Installation Tagfile. +# +# This one comes from the N (Network/UUCP/Mail/News) series. +# It is used to automate software installation. +# There are two labels that you can use: ADD and SKP. +# +# If the PROMPT option is used during installation, this file will be checked +# to determine the installation default. First, all the lines beginning with +# <package_name>: +# will be extracted. Then, the last line in the extracted segment will be +# checked for the flags ADD, REC, OPT and SKP. +# +# If ADD is found, then a priority of [required] will be displayed, and the +# package will be automatically installed. +# +# If SKP is found, then a priority of [skip] will be displayed, and +# the package will be automatically skipped. +# +# All other packages will be prompted for. There are two optional flags you +# can use to change the package priority level shown when the user is +# prompted: REC and OPT. If REC is found, the priority shown will be +# [recommended], while if OPT is found, the user sees priority [optional]. +# +# If no flags are found for a given package, the user is shown priority +# [unknown], and is prompted for whether the package should be installed. +# +# +apache: OPT +curl: OPT +gnupg: OPT +inetd: REC +lftp: OPT +lynx: OPT +mod_ssl: OPT +mailx: REC +openssh: REC +openssl: REC +php: OPT +rsync: OPT +stunnel: OPT +tcpip: REC +wget: OPT +# This is a Slackware Installation Tagfile. +# +# This one comes from disk: TCL1 (Tcl/Tk series) +# and a backup copy called "tagfile.org" can be found on the same disk. You +# should never edit the "tagfile.org" copy, only the one called "tagfile". Use +# the "tagfile.org" only if you want to restore original installation defaults +# by copying it over the top of "tagfile". +# +# It is used to automate software installation. +# There are two labels that you can use: ADD and SKP. +# +# If the PROMPT option is used during installation, this file will be checked +# to determine the installation default. First, all the lines beginning with +# <package_name>: +# will be extracted. Then, the last line in the extracted segment will be +# checked for the flags ADD, REC, OPT and SKP. +# +# If ADD is found, then a priority of [required] will be displayed, and the +# package will be automatically installed. +# +# If SKP is found, then a priority of [skip] will be displayed, and +# the package will be automatically skipped. +# +# All other packages will be prompted for. There are two optional flags you +# can use to change the package priority level shown when the user is +# prompted: REC and OPT. If REC is found, the priority shown will be +# [recommended], while if OPT is found, the user sees priority [optional]. +# +# If no flags are found for a given package, the user is shown priority +# [unknown], and is prompted for whether the package should be installed. +# +# If you mess this file up beyond recognition, just restore from "tagfile.org" +# +# +# This is a Slackware Installation Tagfile. +# +# This one comes from disk: Y1 (Yaaaaaahhoooo? Games and Amusements). +# +# It is used to automate software installation. +# There are two labels that you can use: ADD and SKP. +# +# If the PROMPT option is used during installation, this file will be checked +# to determine the installation default. First, all the lines beginning with +# <package_name>: +# will be extracted. Then, the last line in the extracted segment will be +# checked for the flags ADD, REC, OPT and SKP. +# +# If ADD is found, then a priority of [required] will be displayed, and the +# package will be automatically installed. +# +# If SKP is found, then a priority of [skip] will be displayed, and +# the package will be automatically skipped. +# +# All other packages will be prompted for. There are two optional flags you +# can use to change the package priority level shown when the user is +# prompted: REC and OPT. If REC is found, the priority shown will be +# [recommended], while if OPT is found, the user sees priority [optional]. +# +# If no flags are found for a given package, the user is shown priority +# [unknown], and is prompted for whether the package should be installed. +# extra +# libsafe +# contrib +simplepkg +ssmtp diff --git a/templates/vserver/perms b/templates/vserver/perms new file mode 100644 index 0000000..0c136ed --- /dev/null +++ b/templates/vserver/perms @@ -0,0 +1,37 @@ +./etc;0;0;755 +./etc/apache;0;0;755 +./etc/apache/httpd.conf;0;0;644 +./etc/apache/php.ini;0;0;644 +./etc/apache/vhosts;0;0;644 +./etc/logrotate.d;0;0;755 +./etc/logrotate.d/apache;0;0;644 +./etc/rc.d;0;0;755 +./etc/rc.d/rc.httpd;0;0;644 +./etc/rc.d/rc;0;0;755 +./etc/rc.d/rc.0;0;0;755 +./etc/rc.d/rc.4;0;0;644 +./etc/rc.d/rc.6;0;0;755 +./etc/rc.d/rc.K;0;0;755 +./etc/rc.d/rc.M;0;0;755 +./etc/rc.d/rc.S;0;0;755 +./etc/rc.d/rc.ip_forward;0;0;644 +./etc/rc.d/rc.inet2;0;0;755 +./etc/rc.d/rc.inetd;0;0;644 +./etc/rc.d/rc.mysqld;0;0;644 +./etc/rc.d/rc.local;0;0;755 +./etc/rc.d/rc.postfix;0;0;644 +./etc/rc.d/rc.sendmail;0;0;644 +./etc/rc.d/rc.serial;0;0;755 +./etc/rc.d/rc.sshd;0;0;755 +./etc/rc.d/rc.syslog;0;0;755 +./etc/rc.d/rc.sysvinit;0;0;755 +./etc/ssh;0;0;755 +./etc/ssh/sshd_config;0;0;644 +./etc/rssh.conf;0;0;644 +./etc/hosts;0;0;644 +./etc/profile;0;0;644 +./var;0;0;755 +./var/www;0;0;755 +./var/www/htdocs;0;0;755 +./var/www/htdocs/missing.html;0;0;644 +./var/www/missing.html;0;0;644 diff --git a/templates/vserver/scripts/GPG-KEY b/templates/vserver/scripts/GPG-KEY new file mode 100644 index 0000000..fd23e95 --- /dev/null +++ b/templates/vserver/scripts/GPG-KEY @@ -0,0 +1,88 @@ +security@slackware.com public key + +Type bits/keyID Date User ID +pub 1024D/40102233 2003-02-26 Slackware Linux Project <security@slackware.com> +sub 1024g/4E523569 2003-02-26 [expires: 2012-12-21] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.2.1 (GNU/Linux) + +mQGiBD5dIFQRBADB31WinbXdaGk/8RNkpnZclu1w3Xmd5ItACDLB2FhOhArw35EA +MOYzxI0gRtDNWN4pn9n74q4HbFzyRWElThWRtBTYLEpImzrk7HYVCjMxjw5A0fTr +88aiHOth5aS0vPAoq+3TYn6JDSipf2bR03G2JVwgj3Iu066pX4naivNm8wCgldHG +F3y9vT3UPYh3QFgEUlCalt0D/3n6NopRYy0hMN6BPu+NarXwv6NQ9g0GV5FNjEEr +igkrD/htqCyWAUl8zyCKKUFZZx4UGBRZ5guCdNzwgYH3yn3aVMhJYQ6tcSlLsj3f +JIz4LAZ3+rI77rbn7gHHdp7CSAuV+QHv3aNanUD/KGz5SPSvF4w+5qRM4PfPNT1h +LMV8BACzxiyX7vzeE4ZxNYvcuCtv0mvEHl9yD66NFA35RvXaO0QiRVYeoUa5JOQZ +gwq+fIB0zgsEYDhXFkC1hM/QL4NccMRk8C09nFn4eiz4dAEnwKt4rLCJKhkLl1DW +TSoXHe/dOXaLnFyLzB1J8hEYmUvw3SwPt//wMqDiVBLeZfFcdLQwU2xhY2t3YXJl +IExpbnV4IFByb2plY3QgPHNlY3VyaXR5QHNsYWNrd2FyZS5jb20+iF8EExECAB8F +Aj5dIFQFCRJ3owAECwcDAgMVAgMDFgIBAh4BAheAAAoJEGpEY8BAECIzee0An3My +boalJ5nLePD0HCzMuf8Ix8gPAJ9lnU1wqNVGza0t89ACTurDoppQ2rkBDQQ+XSBV +EAQA3VYlpPyRKdOKoM6t1SwNG0YgVFSvxy/eiratBf7misDBsJeH86Pf8H9OfVHO +cqscLiC+iqvDgqeTUX9vASjlnvcoS/3H5TDPlxiifIDggqd2euNtJ8+lyXRBV6yP +sBIA6zki9cR4zphe48hKpSsDfj7uL5sfyc2UmKKboSu3x7cAAwUD/1jmoLQs9bIt +bTosoy+5+Uzrl0ShRlv+iZV8RPzAMFuRJNxUJkUmmThowtXRaPKFI9AVd+pP44aA +J+zxCPtS2isiW20AxubJoBPpXcVatJWi4sG+TM5Z5VRoLg7tIDNVWsyHGXPAhIG2 +Y8Z1kyWwb4P8A/W2b1ZCqS7Fx4yEhTikiEwEGBECAAwFAj5dIFUFCRJ3owAACgkQ +akRjwEAQIjM1uwCdE7V4mPCqdby/nV699NxKX0iW/OsAniaVhEip8Ptff74Sv4JV +tb+Sth2l +=H5uu +-----END PGP PUBLIC KEY BLOCK----- + +slamd64 public key + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.2.6 (GNU/Linux) + +mQGiBELKSBYRBACiElxGMXqxUwdsQBKPngV6/k0Q5AYT34+WLL0B7XRR9kOotCfc +PTLCP5qLM9etpzKhbMbgWGpaBrA/3KEPOJ7JVhk6JcLgjoi0QsMusaI4BGnmrxkw +3mh9xPwc+jPgiYOljbZhNG6FMQtrdlKYV+BmwS8mt/YBymShghtlgdHJjwCg/PAG +YJDsfoG1ebuwcjYlsGoD2x0EAJX7UnTdxxESvmIuk172MunZqw+o8+o/W684z13/ +wOkcVqvuAcd0ejuY0z09GFfyhtig8E55UcKNyVC50+3aJUXlt9//HnENHZo+OEN1 +ezbOXUcJIw8xkU551qaxubqWXtKYEJP9z/khVPe4N0JW2vWOcAFYhuOEx1ylaNrX +gUY4BACDpn+pntq0ooZqkSPT4v1ibOQg/3xh2F1PgsnOahMRrXbVEdL9ItsVnHM/ +ygHBjLhkEMd612nVVSw1BYMBAwQbsYB8Lgn1QxXl0ISBYR1RYW1LvyaJM6A6TDL+ +EdWp+iTtlKOe/VD+oCfHmMONoucZJM2AtK1vXTX3x4Wb4MgVdLQoRnJlZGVyaWNr +IEVtbW90dCA8bWFpbEBmcmVkZW1tb3R0LmNvLnVrPohkBBMRAgAkBQJCykgWAhsD +BQkDwmcABgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEAd5Da1T/acLGfIAoOqIHrg4 +r2pq/tKi9VifOJS1xg4LAKDpi0I0pzsdDJ2owxCQ88MkoSDKgohMBBARAgAMBQJD +Ed/tBYMDes8pAAoJEFgpV1AFAIOLprQAnRDVVmDPnzVNOWrZ8D55gG2bOwkxAKCl +dGThnu0aQ0IEL7MgUETGtk4hS4iiBBABAgAMBQJDEdpDBYMDetTTAAoJEJugaRW/ +hasxqCwEAKczPTgOrRXXTs4piB14DayJQVgoqVgiNfKzd5qVuvQgYebQrMu7hi5U +0q/n6TbQpjmMDZKxhXhEY1gs32mtzKKDrerTpF+pJAgQVvBLZS2mF4HbVnU74GvL +2UKJtEtgb9u+i1Efd4Q8GIJUzLLJifURQWTk1e3B9qGApKXpWJlviEwEEBECAAwF +AkMR75MFgwN6v4MACgkQTqjEwhXvPN1j7gCbBXZs9MM6YXGI/yTlEhiXyTECxm8A +nj6O1XszSa5kaD7CvnRFzNkm5O5MiEwEEBECAAwFAkMR79UFgwN6v0EACgkQoLYC +8AehV8eLBQCgv8WEdBtFjTh3Wl06WK5dKCw0nHsAn0IIHRbJC5jO4NWrIpupBMnz +3fBsiEwEExECAAwFAkMR9ggFgwN6uQ4ACgkQR+ny47i1wzAfZQCfRACyfYBxs+tu +6OzpLP2DGjEaa1UAnj4MVMH32f/34oN6o9dPKPT8HXWziEwEExECAAwFAkMR9vcF +gwN6uB8ACgkQB0u7y43syeIaogCfVy7lqRjRDbttJs1u1g3FekdbJ1kAnRo726tA +u8Xf+JWD3OrmMo0Uup3giEwEEBECAAwFAkMR+qgFgwN6tG4ACgkQfWXW5We1ioQk +tgCePGa3NpcfEWb8drmO95Mp1C+FaBIAoNEqA89xUvTIpqooucTzFxgAupVgiEwE +EBECAAwFAkMSF+UFgwN6lzEACgkQ/lREvmcCFhscDQCgnMxf4Nmu3B41GWupTWxb +9b+te5sAoIiTZHzOSKtqN4cJ2i22iP/vZPt4iEwEEBECAAwFAkMULeAFgwN4gTYA +CgkQsxZ93p+gHn6bcACgwY/5ZpvvEK+eycM5XNQhVI6w4j8An0JoXlFaGStIzUmW +42obaW6CG4WViEYEExECAAYFAkMUZuAACgkQGnR+RTDgudhG1QCeJelEhnX/3JeW +S5BaM7640suSeLQAnA2RDMH4zIJLI4MWEXBAvaA0lSr7iEwEEBECAAwFAkMUP8gF +gwN4b04ACgkQM/XwBW70U1iAOwCgmah/GnZikIhyeFr6KsKpsmZCQTQAn3Vs7JZm +w4qBLiI+RXxw7vIJlI4AiEwEEBECAAwFAkMUZ9EFgwN4R0UACgkQ72KcVAmwbhAC +FACgiNqao9mzAWZBjIY7iiqz34gbK/QAn34F1bLAb0sHKiSUcFkVi/uZ8R0viEwE +EBECAAwFAkMWFj8FgwN2mNcACgkQn3j4POjENGF+UgCeM+mEKW5+MjNN17QCAvZi +cBVJEHMAn14YyvdSIwBBFUNPWYOw7GwYyAhHiEwEEBECAAwFAkMXW0cFgwN1U88A +CgkQTxqZjtpq5iG4PwCfe2ymOYh5t+bEZGGCtJg3sWJ5hHYAmQGS+jGWcTMlXSe+ +65o/aPfLUkMQuQINBELKSCgQCADjG+pX7C0sRIkX1QQ6lFW3IrajWypXtd4jO1TA +dlLFES7OxF202V15+TRtL9NO34x7u6RPTnF7wi/i2U1dqM9ZjrFcTJA17Y7+OLH+ +yw64/5OJapUi48qI7hnLRTPykz0c+b92pUt1X/BIWmf301jbZ0AbFZV4yvm1OUH4 +wrGLLFeATjiBWTcJarRiR89DzQ/Cm+c791WXdIhEvv5Vp4/d8HzGZhEUVKTCoA3e +Z8ZIdJoy/d7FYfyeg836UDXEqr598n2p9DxMwkRj5oHINB64CrQuKr7zDdP8Zv2g +vKkjeS4mN+07saWK3UTY5ADByNVHSu+P0LZYPhxjze7KOVjHAAUTCACa5ohR/7/N +x2M2OB9VPAwQPjAFNst6fPotcFLDy5Q/jlbBcDNf1OdzgkE/06z7iPGRmIJL6flz +QZH+hYwDqjulVVtPQXiZMVGvlfC9YIAdJX/1Ca2L9mL4c4IBQbFNkSlgkLaPTwUJ +BD2PnA+q+ERy39UANhIR/LVGltK1krDds8CwbxMSYNFvFgf4dmh6GzI5ioByDoTM +8ShfS2GjAekviNVLsGC5UWKuQl/XVaC/j7CTAT7WbikfXWI2uonFBx47vjf2UaPa +E0HnAVwDY0cAZeaObpDKvyogsf8H4CzK9JCKtW9aTUpKurEpyHfcKqB07GMLC/+Q +QiA3bFmrSaTRiE8EGBECAA8FAkLKSCgCGwwFCQPCZwAACgkQB3kNrVP9pwsejwCg +gaQm6lU/H7ja0EUaJJFZnRoqRvAAnRK8CC4PIr/ZYDjd+aeS3R31FjGr +=D1wm +-----END PGP PUBLIC KEY BLOCK----- diff --git a/templates/vserver/scripts/devices.tar.gz b/templates/vserver/scripts/devices.tar.gz Binary files differnew file mode 100644 index 0000000..dc4aea6 --- /dev/null +++ b/templates/vserver/scripts/devices.tar.gz diff --git a/templates/vserver/scripts/vserver.sh b/templates/vserver/scripts/vserver.sh new file mode 100644 index 0000000..e9d68a9 --- /dev/null +++ b/templates/vserver/scripts/vserver.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# +# vserver template script +# + +BASE="/etc/simplepkg/templates/vserver/vserver.s" +DEVICES="$BASE/devices.tar.gz" +GPGKEY="$BASE/GPG-KEY" + +if [ -z "$2" ]; then + echo "usage: `basename $0` <jail-root> <jail-name>" + exit 1 +elif [ ! -d "$1/$2" ]; then + echo "folder $1/$2 does not exist" + exit 1 +fi + +echo "creating /etc/vservers/$2..." +mv $1/$2 $1/$2.old +vserver $2 build -m skeleton --force &> /dev/null +result="$?" +rm -rf $1/$2 && mv $1/$2.old $1/$2 + +if [ "$result" != "0" ]; then + mkdir -p /etc/vservers/$2/apps/init +fi + +echo sysv > /etc/vservers/$2/apps/init/style +echo 3 > /etc/vservers/$2/apps/init/runlevel.start +echo 6 > /etc/vservers/$2/apps/init/runlevel.stop + +cp /etc/resolv.conf $1/$2/etc/ +cp /etc/localtime $1/$2/etc/ +echo /dev/hdv1 / ext2 defaults 1 1 > $1/$2/etc/fstab +echo /dev/hdv1 / ext2 rw 0 0 > $1/$2/etc/mtab + +echo "creating devices and dependencies..." +if [ -f "$DEVICES" ]; then + cd $1/$2/ + tar zxvf $DEVICES + chroot $1/$2/ sbin/ldconfig +else + echo error: device template $DEVICES not found +fi + +if [ -f "$GPGKEY" ]; then + echo "importing slack gpg pubkey" + mkdir $1/$2/root/.gnupg + gpg --homedir $1/$2/root/.gnupg --import $GPGKEY +fi + +# todo: add rebootmgr +echo "done; now config your vserver at /etc/vservers/$2" +echo "then, set all desired iptables rules and other stuff and then start $server vserver" +echo "dont forget to change root's password with the command "vserver $2 exec passwd"" |