#!/bin/sh # # Configure BMC ProactiveNet Server to run as nonroot either from root or another nonroot # if [ -x /usr/bin/nawk ] ; then AWK=/usr/bin/nawk else AWK=/usr/bin/awk fi UNAME=/bin/uname CRONTAB=/usr/bin/crontab SED=/bin/sed ED=/bin/ed USRID=`/usr/bin/id | cut -d" " -f1 | $SED -e 's/uid=\(.*\)(\(.*\))/\1/'` HTTPCONF=/usr/pw/apache/conf/httpd.conf HTTPSCONF=/usr/pw/apache/conf/extra/httpd-ssl.conf BPPMWSPROPERTIES=/usr/pw/custom/conf/bppmws.properties STRREPLACE="selfHostBPPMAPIPort=" get_port() { PROTO=$1 OUT_PORT=$2 loop=true while [ "$loop" = "true" ] do if [ "$PROTO" = "HTTPS" ]; then if [ `$UNAME` = "Linux" ] ; then echo -e "Please enter the port number for $PROTO:[4430]\c" else echo "Please enter the port number for $PROTO:[4430]\c" fi else if [ `$UNAME` = "Linux" ] ; then echo -e "Please enter the port number for $PROTO:[9000]\c" else echo "Please enter the port number for $PROTO:[9000]\c" fi fi read ans PORT=$ans if [ "$PORT" = "" ]; then if [ "$PROTO" = "HTTPS" ]; then PORT=4430 else PORT=9000 fi fi echo $PORT | grep "^[0-9][0-9]*$" > /dev/null && NUM="yes" || NUM="no" /bin/netstat -an | /bin/grep "*.$PORT " 2>/dev/null 1>&2 if [ $? -eq 0 ] ; then echo "Port $PORT is already in use ... Please try again" elif [ "$PORT" = "8080" ]; then echo "Port 8080 is reserved ... Please try again" elif [ "$NUM" = "no" ]; then echo "Invalid port number ... Please try again" else loop=false fi done eval $OUT_PORT=$PORT } update_crontab() { OLDVISUAL=$VISUAL VISUAL=$ED export VISUAL OLDEDITOR=$EDITOR EDITOR=$ED export EDITOR if [ `$UNAME` = "Linux" ] ; then CRONARG="-u" cronfile=/var/spool/cron/$OLDUSER else CRONARG="" cronfile=/var/spool/cron/crontabs/$OLDUSER fi copies=0 [ -f $cronfile ] && copies=`$CRONTAB -l $CRONARG $OLDUSER | $AWK /begin_pronto/ | wc -l | $AWK '{print $1}'` while [ $copies -gt 0 ] do $CRONTAB -e $CRONARG $OLDUSER < /usr/pw/pronto/tmp/hrjob.log 2>&1 30 3 * * 1-6 /usr/pw/pronto/bin/dailyjobs hosts > /usr/pw/pronto/tmp/dajob\$\$.log 2>&1 30 4 * * 0 /usr/pw/pronto/bin/weeklyjobs hosts > /usr/pw/pronto/tmp/wkjob\$\$.log 2>&1 30 5 * * 0 /usr/pw/pronto/bin/pw database archive /usr/pw/dbarchive > /usr/pw/pronto/tmp/dbarchive\$\$.log 2>&1 0,15,30,45 * * * * /usr/pw/pronto/bin/check_pronetprocs > /usr/pw/pronto/tmp/check_pronetprocs.log 2>&1 ## end_pronto -- DO NOT DELETE THIS LINE ! . w q EOF else $CRONTAB -e $CRONARG $NRUSER < /usr/pw/pronto/tmp/hrjob.log 2>&1 30 3 * * 1-6 /usr/pw/pronto/bin/dailyjobs hosts > /usr/pw/pronto/tmp/dajob\$\$.log 2>&1 30 4 * * 0 /usr/pw/pronto/bin/weeklyjobs hosts > /usr/pw/pronto/tmp/wkjob\$\$.log 2>&1 0,15,30,45 * * * * /usr/pw/pronto/bin/check_pronetprocs > /usr/pw/pronto/tmp/check_pronetprocs.log 2>&1 ## end_pronto -- DO NOT DELETE THIS LINE ! . w q EOF fi VISUAL=$OLDVISUAL export VISUAL EDITOR=$OLDEDITOR export EDITOR } update_selfHostBPPMAPIPort() { if [ -e ${BPPMWSPROPERTIES} ]; then STR=`grep "bppmwsGatewayProtocol" ${BPPMWSPROPERTIES} | $AWK -F'=' '{print $2}'` if [ -z $STR ]; then echo "Entry for property [bppmwsGatewayProtocol] not found in file [${BPPMWSPROPERTIES}]." echo "Please veify and do manual changes in property file [${BPPMWSPROPERTIES}]." return 1 fi if [ "$STR" != "http" -a "$STR" != "https" ]; then echo "Invalid BPPMWS Gateway Protocol Specified=[${STR}], can not modify property [selfHostBPPMAPIPort] at location [${BPPMWSPROPERTIES}]." echo "Please veify and do manual changes in property file [${BPPMWSPROPERTIES}]." return 1 fi OLDPORT=`grep "selfHostBPPMAPIPort" ${BPPMWSPROPERTIES} | $AWK -F'=' '{print $2}'` STRTOBEREPLACE="${STRREPLACE}${OLDPORT}" if [ "http" = "$STR" ]; then /bin/mv -f $BPPMWSPROPERTIES $BPPMWSPROPERTIES.Backup STRREPLACE="${STRREPLACE}${HTTPPORT}" $SED -e 's/'"$STRTOBEREPLACE"'/'"$STRREPLACE"'/' $BPPMWSPROPERTIES.Backup > $BPPMWSPROPERTIES elif [ "https" = "$STR" ]; then /bin/mv -f $BPPMWSPROPERTIES $BPPMWSPROPERTIES.Backup STRREPLACE="${STRREPLACE}${HTTPSPORT}" $SED -e 's/'"$STRTOBEREPLACE"'/'"$STRREPLACE"'/' $BPPMWSPROPERTIES.Backup > $BPPMWSPROPERTIES fi UPDATEDPORTNUM=`grep "selfHostBPPMAPIPort" ${BPPMWSPROPERTIES} | $AWK -F'=' '{print $2}'` if [ -z "$UPDATEDPORTNUM" -o -z "$OLDPORT" ]; then echo "Entry for property [selfHostBPPMAPIPort] not found in file [${BPPMWSPROPERTIES}]." echo "Please veify and do manual changes in property file [${BPPMWSPROPERTIES}]." return 1 fi if [ "http" = "$STR" -a $UPDATEDPORTNUM != $HTTPPORT ]; then echo "HTTP port was not updated, please manually change [${UPDATEDPORTNUM}] to [${HTTPPORT}] in file [${BPPMWSPROPERTIES}]" return 1 elif [ "http" = "$STR" ]; then echo "$STR port was updated successfully from [${OLDPORT}] to [${HTTPPORT}] for property [selfHostBPPMAPIPort] in file [${BPPMWSPROPERTIES}]" fi if [ "https" = "$STR" -a $UPDATEDPORTNUM != $HTTPSPORT ]; then echo "HTTPS port was not updated, please manually change [${UPDATEDPORTNUM}] to [${HTTPSPORT}] file in [${BPPMWSPROPERTIES}]" return 1 elif [ "https" = "$STR" ]; then echo "$STR port was updated successfully from [${OLDPORT}] to [${HTTPSPORT}] for property [selfHostBPPMAPIPort] in file [${BPPMWSPROPERTIES}]" fi else echo "Can not proceed to change property [selfHostBPPMAPIPort] as poperty file [${BPPMWSPROPERTIES}] does not exists!!" fi return 0 } # # # MAIN # # if [ $# -lt 1 ] ; then echo "Usage: $0 nonroot_user_name" exit else NRUSER=$1 fi # check validity of the non root user /usr/bin/id $NRUSER 1> /dev/null 2>&1 if [ $? -eq 1 ]; then echo "User name: \"$NRUSER\" is not valid, try again ..." exit 0 fi # filter out 'pronet' as the non root user if [ $NRUSER = 'pronet' ]; then echo "User name: \"$NRUSER\" is a reserved word, please choose a different user ..." exit 0 fi PWFILE=/usr/pw/pronto/bin/pw if [ -x $PWFILE ]; then OLDUSER=`/bin/ls -l $PWFILE | $AWK '{print $3}'` else OLDUSER="root" fi if [ $USRID != 0 ]; then echo "Need root privilege to run this tool ..." exit 0 fi if [ "root" = $NRUSER ]; then echo "Converting BMC ProactiveNet Server to run as root is currently not supported by this tool." echo "This may be done by manual procedure, contact BMC ProactiveNet support for further detail." echo "" echo "Here is a decent workaround: upgrade BMC ProactiveNet Server to the same release by root." echo "(after the upgrade, BMC ProactiveNet Server will be running as root)" exit 0 fi if [ $OLDUSER = $NRUSER ]; then echo "BMC ProactiveNet Server is already running as $NRUSER ..." exit 0 fi echo "This is a one way conversion to make BMC ProactiveServer run as non root." echo "Some files will be changed during this conversion." if [ $OLDUSER = "root" ]; then echo "Since apache web server will be started by user $NRUSER," echo "you have to enter two ports (>1024) for http and https later." echo "" echo "After conversion, local agent will not be able to run Ping monitor and Traceroute monitor." echo "In addition, if any remote agent tunnels through BMC ProactiveNet apache web server," echo "the URL port in custom/conf/pronet.conf for that agent has to be modified." fi echo "" echo "It is advised that no hourly or daily job is running during the conversion" if [ `$UNAME` = "Linux" ] ; then echo -e "Do you want to continue (y/n)[default is 'y']?\c" else echo "Do you want to continue (y/n)[default is 'y']?\c" fi read ans case $ans in [yY]*|"" ) break ;; [nN]* ) echo "Exiting..." exit 1 break ;; * ) break ;; esac if [ $OLDUSER = "root" ]; then # get port numbers get_port "HTTP" HTTPPORT get_port "HTTPS" HTTPSPORT echo "" echo "HTTP port will be using $HTTPPORT, and" echo "HTTPS port will be using $HTTPSPORT" echo "" echo "Please use the following URL to log into the BMC ProactiveNet web interface:" echo "http://`hostname`:$HTTPPORT" echo "" fi echo "Stopping BMC ProactiveNet Server, please wait..." su $OLDUSER -c "/usr/pronto/bin/pwstartup stop" sleep 2; /bin/rm -f /tmp/reload.sql /bin/rm -f /tmp/_Server_*.dbg /bin/rm -f /tmp/clserrmsg* /bin/rm -f /tmp/setup.log /bin/rm -fr /tmp/pw* /bin/rm -f /tmp/gw*.log /bin/rm -f /tmp/np*.log /bin/rm -f /tmp/dbarchive.log /bin/rm -f /tmp/startdwhouse.log /bin/rm -f /tmp/proactivenet_server_*.log /bin/rm -f /tmp/proactivenet_server_*.log.old /bin/rm -f /tmp/dbarchive.log.old /bin/rm -f /tmp/jsrv_up_chk.log if [ $OLDUSER = "root" ]; then echo "" echo "Trying update apache configuration files ..." # back up old conf file /bin/mv -f $HTTPCONF $HTTPCONF.$OLDUSER $SED -e 's/80/'"$HTTPPORT"'/' \ -e '/^User nobody/s/.*/\#User nobody/' \ -e '/^Group nobody/s/.*/\#Group nobody/' \ -e 's/ServerAdmin '"$OLDUSER"'/ServerAdmin '"$NRUSER"'/' \ $HTTPCONF.$OLDUSER > $HTTPCONF /bin/mv -f $HTTPSCONF $HTTPSCONF.$OLDUSER $SED -e 's/443/'"$HTTPSPORT"'/' \ -e 's/ServerAdmin '"$OLDUSER"'/ServerAdmin '"$NRUSER"'/' \ $HTTPSCONF.$OLDUSER > $HTTPSCONF #$SED -e 's/80/'"$HTTPPORT"'/' \ # -e 's/443/'"$HTTPSPORT"'/' \ # -e 's/ServerAdmin '"$OLDUSER"'/ServerAdmin '"$NRUSER"'/' \ # $HTTPCONF.$OLDUSER > $HTTPCONF echo "Done updating apache configuration files." echo "" TMPHTTP=`/bin/grep "^Listen" $HTTPCONF | $AWK '{print $2}' ` TMPHTTS=`/bin/grep "^/\1/'` if [ $TMPHTTP != $HTTPPORT ]; then echo "HTTP port was not updated, please manually change all $TMPHTTP to $HTTPPORT in file $HTTPCONF" echo "" fi if [ $TMPHTTS != $HTTPSPORT ]; then echo "HTTPS port was not updated, please manually change all $TMPHTTS to $HTTPSPORT file in $HTTPSCONF" echo "" fi #Updating property selfHostBPPMAPIPort in /usr/pw/custom/conf/bppmws.properties echo "" update_selfHostBPPMAPIPort echo "" fi if [ -f "/usr/pw/etc/hosts/admin_user" ] ; then DEFAULT_EMAIL=`/bin/cat /usr/pw/etc/hosts/admin_user` echo "Old administrator email address is $DEFAULT_EMAIL" echo "Please enter the new email address responsible for this product . " if [ `$UNAME` = "Linux" ] ; then echo -e "[FORMAT: user@domain]:\c" else echo "[FORMAT: user@domain]:\c" fi read ans EMAIL=$ans if [ "$EMAIL" != "" ]; then /bin/rm -f /usr/pw/etc/hosts/admin_user echo $EMAIL > /usr/pw/etc/hosts/admin_user fi fi if [ `$UNAME` = "Linux" ] ; then /bin/rm -f /etc/rc.d/rc0.d/K09BMCProactiveNet /bin/rm -f /etc/rc.d/rc1.d/K09BMCProactiveNet /bin/rm -f /etc/rc.d/rc3.d/K09BMCProactiveNet /bin/rm -f /etc/rc.d/rc5.d/K09BMCProactiveNet /bin/rm -f /etc/rc.d/rc3.d/S81BMCProactiveNet /bin/rm -f /etc/rc.d/rc5.d/S81BMCProactiveNet /bin/rm -f /etc/init.d/BMCProactiveNet if [ $OLDUSER = "root" ]; then # Set the ulimit to 4096 for the new user ULIMIT=`su $NRUSER -c "ulimit -n"` if [ $ULIMIT -lt 4096 ] ; then echo "$NRUSER hard nofile 4096" >> /etc/security/limits.conf echo "$NRUSER soft nofile 4096" >> /etc/security/limits.conf fi # Increase the soft limit for Red Hat Linux. RHEL imposes a 1024 # process limit for non root user which is not enough for BPPM. NPROC=`su $NRUSER -c "ulimit -u"` if [ $NPROC != "unlimited" ] ; then echo "$NRUSER soft nproc unlimited" >> /etc/security/limits.conf fi fi echo "#!/bin/sh" > /etc/init.d/BMCProactiveNet echo "su $NRUSER -c \"/usr/pw/pronto/bin/pwstartup \$1 &\" " >> /etc/init.d/BMCProactiveNet ln -s /etc/init.d/BMCProactiveNet /etc/rc.d/rc0.d/K09BMCProactiveNet ln -s /etc/init.d/BMCProactiveNet /etc/rc.d/rc1.d/K09BMCProactiveNet ln -s /etc/init.d/BMCProactiveNet /etc/rc.d/rc3.d/K09BMCProactiveNet ln -s /etc/init.d/BMCProactiveNet /etc/rc.d/rc5.d/K09BMCProactiveNet ln -s /etc/init.d/BMCProactiveNet /etc/rc.d/rc3.d/S81BMCProactiveNet ln -s /etc/init.d/BMCProactiveNet /etc/rc.d/rc5.d/S81BMCProactiveNet chmod 755 /etc/init.d/BMCProactiveNet else # Solaris /bin/rm -f /etc/rc3.d/S80pronto /bin/rm -f /etc/rc3.d/S81pronto /bin/rm -f /etc/rc0.d/K09pronto /bin/rm -f /etc/rc1.d/K09pronto echo "#/sbin/sh" > /etc/rc3.d/S81pronto echo "su $NRUSER -c \"/usr/pw/pronto/bin/pwstartup \$1\" " >> /etc/rc3.d/S81pronto cp -f /etc/rc3.d/S81pronto /etc/rc0.d/K09pronto cp -f /etc/rc3.d/S81pronto /etc/rc1.d/K09pronto chmod 744 /etc/rc3.d/S81pronto /etc/rc0.d/K09pronto /etc/rc1.d/K09pronto fi #QMOO1637533- Changing permission of resource dir and its sub directories to provide access for non-root user chmod 770 /usr/pw/pronto/conf/resources chmod 770 /usr/pw/pronto/conf/resources/en_US chmod 770 /usr/pw/pronto/conf/resources/ja_JP chmod 770 /usr/pw/pronto/conf/resources/zh_CN chown -Rf $NRUSER /usr/pw chown -Rf $NRUSER /usr/pronto chown -Rf $NRUSER /usr/pw/* chown -Rf $NRUSER $BPPM_SERVER_HOME chmod -Rf 755 /usr/pw/server/etc #chown -Rf nobody /usr/pw/etc #chown -Rf nobody /usr/pw/tomcat #chmod 6755 /usr/pw/tomcat/bin/startup.sh #chown -Rf nobody /usr/pw/tomcat/bin/jspc.sh #chmod 6755 /usr/pw/tomcat/bin/jspc.sh update_crontab # we are done, now restart the server echo "Starting BMC ProactiveNet Server, please wait..." su $NRUSER -c "/usr/pronto/bin/pwstartup start"