From e75a8e5449e58b672fa776202411ea2755406af4 Mon Sep 17 00:00:00 2001 From: tim-moody Date: Mon, 13 Jan 2025 19:43:02 -0500 Subject: [PATCH] set www_data poweroff false with rename --- roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml | 2 +- roles/www_options/tasks/main.yml | 16 ++++++++-------- roles/www_options/tasks/php-settings.yml | 2 +- ...ache_poweroff.j2 => 020_www_data_poweroff.j2} | 0 vars/default_vars.yml | 4 ++-- vars/local_vars_large.yml | 4 ++-- vars/local_vars_medical.yml | 2 +- vars/local_vars_medium.yml | 4 ++-- vars/local_vars_small.yml | 4 ++-- vars/local_vars_unittest.yml | 4 ++-- 10 files changed, 21 insertions(+), 21 deletions(-) rename roles/www_options/templates/{020_apache_poweroff.j2 => 020_www_data_poweroff.j2} (100%) diff --git a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml index e39bea703..a28c2da61 100644 --- a/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml +++ b/roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml @@ -8,7 +8,7 @@ # apache_interface: 127.0.0.1 # Make this False to disable http://box/common/services/power_off.php button: -# allow_www_data_sudo: True +# allow_www_data_poweroff: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index 2319c58f5..5795ea7e6 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -77,22 +77,22 @@ # COMPARE nginx_high_php_limits further above. -# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_sudo) PRESUMABLY WORK +# 2020-03-08: DOES THE FLAG BELOW (allow_www_data_poweroff) PRESUMABLY WORK # WITH NGINX TOO ? (The single-click poweroff button on IIAB's home # page certainly does still work with NGINX.) -- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template +- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_www_data_poweroff from template template: - src: 020_apache_poweroff.j2 - dest: /etc/sudoers.d/020_apache_poweroff + src: 020_www_data_poweroff.j2 + dest: /etc/sudoers.d/020_www_data_poweroff mode: '0440' - when: allow_www_data_sudo + when: allow_www_data_poweroff -- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff +- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_www_data_poweroff file: - path: /etc/sudoers.d/020_apache_poweroff + path: /etc/sudoers.d/020_www_data_poweroff state: absent - when: not allow_www_data_sudo + when: not allow_www_data_poweroff # 2022-06-30: internet_available var removed diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 184c07b21..23c85d24b 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -207,4 +207,4 @@ # name: php{{ php_version }}-fpm # state: restarted -# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_sudo conditionals below. +# when: matomo_install or moodle_install or nextcloud_install or pbx_install or wordpress_install # 5-STANZA BLOCK ENDS. COMPARE allow_www_data_poweroff conditionals below. diff --git a/roles/www_options/templates/020_apache_poweroff.j2 b/roles/www_options/templates/020_www_data_poweroff.j2 similarity index 100% rename from roles/www_options/templates/020_apache_poweroff.j2 rename to roles/www_options/templates/020_www_data_poweroff.j2 diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4e61819a2..4494cbd72 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -274,7 +274,7 @@ nginx_port: 80 nginx_interface: 0.0.0.0 nginx_conf_dir: /etc/nginx/conf.d nginx_log_dir: /var/log/nginx -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # roles/www_base runs here (mandatory) @@ -341,7 +341,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False apache_service: apache2 apache_user: www-data # Admin Console uses diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index ac2e78128..920cf7ba1 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_medical.yml b/vars/local_vars_medical.yml index 45d6db53f..d997362a4 100644 --- a/vars/local_vars_medical.yml +++ b/vars/local_vars_medical.yml @@ -13,7 +13,7 @@ munin_enabled: True vnstat_install: True vnstat_enabled: True usb_lib_umask0000_for_kolibri: False -allow_www_data_sudo: True +allow_www_data_poweroff: False # By default # kiwix # awstats diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index c12fcb04f..a554dc34b 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 88253e035..8689b3ae9 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -172,7 +172,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -219,7 +219,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 39d8cf05c..30720a49e 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -178,7 +178,7 @@ pi_swap_file_size: 1024 # roles/nginx runs here (mandatory) # roles/www_base runs here (mandatory) -# SEE BELOW: nginx_high_php_limits, allow_www_data_sudo +# SEE BELOW: nginx_high_php_limits, allow_www_data_poweroff # 4-SERVER-OPTIONS @@ -225,7 +225,7 @@ nginx_high_php_limits: False # ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php and set-server-time.php -allow_www_data_sudo: True +allow_www_data_poweroff: False # Toggle iiab-refresh-wiki-docs scraping for offline docs (http://box/info) nodocs: True