mkdir -p './apt/preferences.d'
mkdir -p './bind/dyn'
mkdir -p './bind/zones'
+mkdir -p './binfmt.d'
mkdir -p './ca-certificates/update.d'
mkdir -p './console'
+mkdir -p './dbus-1/session.d'
mkdir -p './dpkg/dpkg.cfg.d'
mkdir -p './fail2ban/fail2ban.d'
mkdir -p './initramfs-tools/conf.d'
mkdir -p './salt/proxy.d'
mkdir -p './security/limits.d'
mkdir -p './security/namespace.d'
+mkdir -p './systemd/network'
+mkdir -p './systemd/ntp-units.d'
+mkdir -p './systemd/user'
+mkdir -p './tmpfiles.d'
mkdir -p './udev/hwdb.d'
maybe chmod 0755 '.'
maybe chmod 0700 '.etckeeper'
maybe chmod 0644 'apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg'
maybe chmod 0755 'apticron'
maybe chmod 0644 'apticron/apticron.conf'
+maybe chgrp 'daemon' 'at.deny'
+maybe chmod 0640 'at.deny'
maybe chmod 0644 'bash.bashrc'
maybe chmod 0644 'bash_completion'
maybe chmod 0755 'bash_completion.d'
maybe chmod 0755 'bind/zones'
maybe chmod 0644 'bind/zones.rfc1918'
maybe chmod 0644 'bindresvport.blacklist'
+maybe chmod 0755 'binfmt.d'
maybe chmod 0755 'byobu'
maybe chmod 0644 'byobu/backend'
maybe chmod 0644 'byobu/socketdir'
maybe chmod 0600 'dbconfig-common/config'
maybe chmod 0600 'dbconfig-common/phpmyadmin.conf'
maybe chmod 0755 'dbus-1'
+maybe chmod 0644 'dbus-1/session.conf'
+maybe chmod 0755 'dbus-1/session.d'
+maybe chmod 0644 'dbus-1/system.conf'
maybe chmod 0755 'dbus-1/system.d'
maybe chmod 0644 'dbus-1/system.d/org.freedesktop.hostname1.conf'
maybe chmod 0644 'dbus-1/system.d/org.freedesktop.locale1.conf'
maybe chmod 0644 'default/bsdmainutils'
maybe chmod 0644 'default/console-setup'
maybe chmod 0644 'default/cron'
+maybe chmod 0644 'default/dbus'
maybe chmod 0644 'default/devpts'
maybe chmod 0644 'default/exim4'
maybe chmod 0644 'default/fail2ban'
maybe chmod 0755 'init.d/acpid'
maybe chmod 0755 'init.d/aiccu'
maybe chmod 0755 'init.d/apache2'
+maybe chmod 0755 'init.d/atd'
maybe chmod 0755 'init.d/bind9'
maybe chmod 0755 'init.d/bootlogs'
maybe chmod 0755 'init.d/bootmisc.sh'
+maybe chmod 0755 'init.d/cgmanager'
+maybe chmod 0755 'init.d/cgproxy'
maybe chmod 0755 'init.d/checkfs.sh'
maybe chmod 0755 'init.d/checkroot-bootclean.sh'
maybe chmod 0755 'init.d/checkroot.sh'
maybe chmod 0755 'init.d/chrony'
maybe chmod 0755 'init.d/console-setup'
maybe chmod 0755 'init.d/cron'
+maybe chmod 0755 'init.d/dbus'
maybe chmod 0755 'init.d/exim4'
maybe chmod 0755 'init.d/fail2ban'
maybe chmod 0755 'init.d/halt'
maybe chmod 0755 'init.d/umountnfs.sh'
maybe chmod 0755 'init.d/umountroot'
maybe chmod 0755 'init.d/urandom'
+maybe chmod 0644 'init/cgmanager.conf'
+maybe chmod 0644 'init/cgproxy.conf'
maybe chmod 0644 'init/network-interface-container.conf'
maybe chmod 0644 'init/network-interface-security.conf'
maybe chmod 0644 'init/network-interface.conf'
maybe chmod 0755 'modprobe.d'
maybe chmod 0644 'modprobe.d/fbdev-blacklist.conf'
maybe chmod 0644 'modules'
+maybe chmod 0755 'modules-load.d'
maybe chmod 0644 'motd.tail'
maybe chmod 0755 'mysql'
maybe chmod 0755 'mysql/conf.d'
maybe chmod 0755 'opt'
maybe chmod 0644 'pam.conf'
maybe chmod 0755 'pam.d'
+maybe chmod 0644 'pam.d/atd'
maybe chmod 0644 'pam.d/chfn'
maybe chmod 0644 'pam.d/chpasswd'
maybe chmod 0644 'pam.d/chsh'
maybe chmod 0644 'systemd/bootchart.conf'
maybe chmod 0644 'systemd/journald.conf'
maybe chmod 0644 'systemd/logind.conf'
+maybe chmod 0755 'systemd/network'
+maybe chmod 0755 'systemd/ntp-units.d'
maybe chmod 0644 'systemd/resolved.conf'
maybe chmod 0755 'systemd/system'
maybe chmod 0644 'systemd/system.conf'
maybe chmod 0755 'systemd/system/sysinit.target.wants'
maybe chmod 0755 'systemd/system/timers.target.wants'
maybe chmod 0644 'systemd/timesyncd.conf'
+maybe chmod 0755 'systemd/user'
maybe chmod 0644 'systemd/user.conf'
maybe chmod 0755 'terminfo'
maybe chmod 0644 'terminfo/README'
maybe chmod 0644 'timezone'
+maybe chmod 0755 'tmpfiles.d'
maybe chmod 0644 'ucf.conf'
maybe chmod 0755 'udev'
maybe chmod 0755 'udev/hwdb.d'
maybe chmod 0644 'vim/vimrc.local'
maybe chmod 0644 'vim/vimrc.tiny'
maybe chmod 0644 'wgetrc'
+maybe chmod 0755 'xdg'
+maybe chmod 0755 'xdg/systemd'
maybe chmod 0755 'xml'
maybe chmod 0644 'xml/catalog'
maybe chmod 0644 'xml/xml-core.xml'
--- /dev/null
+alias
+backup
+bin
+daemon
+ftp
+games
+gnats
+guest
+irc
+lp
+mail
+man
+nobody
+operator
+proxy
+qmaild
+qmaill
+qmailp
+qmailq
+qmailr
+qmails
+sync
+sys
+www-data
--- /dev/null
+<!-- This configuration file controls the per-user-login-session message bus.
+ Add a session-local.conf and edit that rather than changing this
+ file directly. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <!-- Our well-known bus type, don't change this -->
+ <type>session</type>
+
+ <!-- If we fork, keep the user's original umask to avoid affecting
+ the behavior of child processes. -->
+ <keep_umask/>
+
+ <listen>unix:tmpdir=/tmp</listen>
+
+ <!-- On Unix systems, the most secure authentication mechanism is
+ EXTERNAL, which uses credential-passing over Unix sockets.
+
+ This authentication mechanism is not available on Windows,
+ is not suitable for use with the tcp: or nonce-tcp: transports,
+ and will not work on obscure flavours of Unix that do not have
+ a supported credentials-passing mechanism. On those platforms/transports,
+ comment out the <auth> element to allow fallback to DBUS_COOKIE_SHA1. -->
+ <auth>EXTERNAL</auth>
+
+ <standard_session_servicedirs />
+
+ <policy context="default">
+ <!-- Allow everything to be sent -->
+ <allow send_destination="*" eavesdrop="true"/>
+ <!-- Allow everything to be received -->
+ <allow eavesdrop="true"/>
+ <!-- Allow anyone to own anything -->
+ <allow own="*"/>
+ </policy>
+
+ <!-- Config files are placed here that among other things,
+ further restrict the above policy for specific services. -->
+ <includedir>session.d</includedir>
+
+ <!-- This is included last so local configuration can override what's
+ in this standard file -->
+ <include ignore_missing="yes">session-local.conf</include>
+
+ <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
+ <!-- For the session bus, override the default relatively-low limits
+ with essentially infinite limits, since the bus is just running
+ as the user anyway, using up bus resources is not something we need
+ to worry about. In some cases, we do set the limits lower than
+ "all available memory" if exceeding the limit is almost certainly a bug,
+ having the bus enforce a limit is nicer than a huge memory leak. But the
+ intent is that these limits should never be hit. -->
+
+ <!-- the memory limits are 1G instead of say 4G because they can't exceed 32-bit signed int max -->
+ <limit name="max_incoming_bytes">1000000000</limit>
+ <limit name="max_incoming_unix_fds">250000000</limit>
+ <limit name="max_outgoing_bytes">1000000000</limit>
+ <limit name="max_outgoing_unix_fds">250000000</limit>
+ <limit name="max_message_size">1000000000</limit>
+ <!-- We do not override max_message_unix_fds here since the in-kernel
+ limit is also relatively low -->
+ <limit name="service_start_timeout">120000</limit>
+ <limit name="auth_timeout">240000</limit>
+ <limit name="pending_fd_timeout">150000</limit>
+ <limit name="max_completed_connections">100000</limit>
+ <limit name="max_incomplete_connections">10000</limit>
+ <limit name="max_connections_per_user">100000</limit>
+ <limit name="max_pending_service_starts">10000</limit>
+ <limit name="max_names_per_connection">50000</limit>
+ <limit name="max_match_rules_per_connection">50000</limit>
+ <limit name="max_replies_per_connection">50000</limit>
+
+</busconfig>
--- /dev/null
+<!-- This configuration file controls the systemwide message bus.
+ Add a system-local.conf and edit that rather than changing this
+ file directly. -->
+
+<!-- Note that there are any number of ways you can hose yourself
+ security-wise by screwing up this file; in particular, you
+ probably don't want to listen on any more addresses, add any more
+ auth mechanisms, run as a different user, etc. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+ <!-- Our well-known bus type, do not change this -->
+ <type>system</type>
+
+ <!-- Run as special user -->
+ <user>messagebus</user>
+
+ <!-- Fork into daemon mode -->
+ <fork/>
+
+ <!-- We use system service launching using a helper -->
+ <standard_system_servicedirs/>
+
+ <!-- This is a setuid helper that is used to launch system services -->
+ <servicehelper>/usr/lib/dbus-1.0/dbus-daemon-launch-helper</servicehelper>
+
+ <!-- Write a pid file -->
+ <pidfile>/var/run/dbus/pid</pidfile>
+
+ <!-- Enable logging to syslog -->
+ <syslog/>
+
+ <!-- Only allow socket-credentials-based authentication -->
+ <auth>EXTERNAL</auth>
+
+ <!-- Only listen on a local socket. (abstract=/path/to/socket
+ means use abstract namespace, don't really create filesystem
+ file; only Linux supports this. Use path=/whatever on other
+ systems.) -->
+ <listen>unix:path=/var/run/dbus/system_bus_socket</listen>
+
+ <policy context="default">
+ <!-- All users can connect to system bus -->
+ <allow user="*"/>
+
+ <!-- Holes must be punched in service configuration files for
+ name ownership and sending method calls -->
+ <deny own="*"/>
+ <deny send_type="method_call"/>
+
+ <!-- Signals and reply messages (method returns, errors) are allowed
+ by default -->
+ <allow send_type="signal"/>
+ <allow send_requested_reply="true" send_type="method_return"/>
+ <allow send_requested_reply="true" send_type="error"/>
+
+ <!-- All messages may be received by default -->
+ <allow receive_type="method_call"/>
+ <allow receive_type="method_return"/>
+ <allow receive_type="error"/>
+ <allow receive_type="signal"/>
+
+ <!-- Allow anyone to talk to the message bus -->
+ <allow send_destination="org.freedesktop.DBus"/>
+ <!-- But disallow some specific bus services -->
+ <deny send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus"
+ send_member="UpdateActivationEnvironment"/>
+ <deny send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.systemd1.Activator"/>
+ </policy>
+
+ <!-- Only systemd, which runs as root, may report activation failures. -->
+ <policy user="root">
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.systemd1.Activator"/>
+ </policy>
+
+ <!-- Config files are placed here that among other things, punch
+ holes in the above policy for specific services. -->
+ <includedir>system.d</includedir>
+
+ <!-- This is included last so local configuration can override what's
+ in this standard file -->
+ <include ignore_missing="yes">system-local.conf</include>
+
+ <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
+</busconfig>
--- /dev/null
+# This is a configuration file for /etc/init.d/dbus; it allows you to
+# perform common modifications to the behavior of the dbus daemon
+# startup without editing the init script (and thus getting prompted
+# by dpkg on upgrades). We all love dpkg prompts.
+
+# Parameters to pass to dbus.
+PARAMS=""
bind:x:999:
ulog:x:115:
postgres:x:116:
+messagebus:x:117:
ssh:x:109:
Debian-exim:x:110:
mlocate:x:111:repo
-ssl-cert:x:112:
+ssl-cert:x:112:postgres
postfix:x:113:
postdrop:x:114:
bind:x:999:
bind:!::
ulog:!::
postgres:!::
+messagebus:!::
ssh:!::
Debian-exim:!::
mlocate:!::repo
-ssl-cert:!::
+ssl-cert:!::postgres
postfix:!::
postdrop:!::
bind:!::
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: atd
+# Required-Start: $syslog $time $remote_fs
+# Required-Stop: $syslog $time $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Deferred execution scheduler
+# Description: Debian init script for the atd deferred executions
+# scheduler
+### END INIT INFO
+#
+# Author: Ryan Murray <rmurray@debian.org>
+#
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DAEMON=/usr/sbin/atd
+PIDFILE=/var/run/atd.pid
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting deferred execution scheduler" "atd"
+ start_daemon -p $PIDFILE $DAEMON
+ log_end_msg $?
+ ;;
+ stop)
+ log_daemon_msg "Stopping deferred execution scheduler" "atd"
+ killproc -p $PIDFILE $DAEMON
+ log_end_msg $?
+ ;;
+ force-reload|restart)
+ $0 stop
+ $0 start
+ ;;
+ status)
+ status_of_proc -p $PIDFILE $DAEMON atd && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: /etc/init.d/atd {start|stop|restart|force-reload|status}"
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: cgmanager
+# Required-Start: mountkernfs
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Cgroup manager daemon
+# Description:
+# The cgroup manager accepts cgroup administration requests
+# over dbus, honoring privilege by root users in mapped user
+# namespaces over the non-root mapped uids. This allows safe
+# nesting of lxc containers by unprivileged users.
+### END INIT INFO
+
+# Do NOT "set -e"
+
+PATH=/sbin:/bin
+
+DAEMON=/sbin/cgmanager
+NAME=cgmanager
+DESC="cgroup management daemon"
+
+BASEOPTS="--daemon -m name=systemd"
+
+test -x $DAEMON || exit 0
+
+PIDFILE=/run/$NAME.pid
+
+if [ -f /etc/default/cgmanager ]; then
+ # get cgmanager_opts if specified
+ . /etc/default/cgmanager
+fi
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+DAEMON_ARGS="$BASEOPTS $cgmanager_opts $cgm_extra_mounts"
+
+do_stop()
+{
+ # If the cgmanager stops, the proxy must stop
+ /etc/init.d/cgproxy stop >/dev/null 2>&1 || true
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+
+ # Kill any existing cgproxy
+ /etc/init.d/cgproxy stop >/dev/null 2>&1 || true
+ # check whether to start cgproxy or cgmanager
+ if /sbin/cgproxy --check-master; then
+ NESTED=yes /etc/init.d/cgproxy start || true && { exit 0; }
+ fi
+
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS \
+ || return $?
+ # Todo - once the compiled cgm is installed we could use it here to ping
+ # cgmanager as our test for readiness.
+ sleep 1
+}
+
+case "$1" in
+ restart|force-reload)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: cgproxy
+# Required-Start: cgmanager
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Cgroup manager daemon
+# Description:
+# The cgroup manager accepts cgroup administration requests
+# over dbus, honoring privilege by root users in mapped user
+# namespaces over the non-root mapped uids. This allows safe
+# nesting of lxc containers by unprivileged users.
+### END INIT INFO
+
+# Do NOT "set -e"
+
+PATH=/sbin:/bin
+
+DAEMON=/sbin/cgproxy
+NAME=cgproxy
+DESC="cgroup management proxy daemon"
+
+BASEOPTS="--daemon"
+
+test -x $DAEMON || exit 0
+
+PIDFILE=/run/$NAME.pid
+
+if [ -f /etc/default/cgmanager ]; then
+ # get cgmanager_opts if specified
+ . /etc/default/cgmanager
+fi
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+DAEMON_ARGS="$BASEOPTS $cgmanager_opts"
+
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+
+ # cgproxy should only run on container unless on older kernel
+ if [ -e /proc/self/ns/pid ] && [ "$NESTED" != "yes" ]; then
+ log_end_msg 0
+ exit 0
+ fi
+
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS \
+ || return $?
+ # Todo - once the compiled cgm is installed we could use it here to ping
+ # cgmanager as our test for readiness.
+ sleep 1
+}
+
+case "$1" in
+ restart|force-reload)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: dbus
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: D-Bus systemwide message bus
+# Description: D-Bus is a simple interprocess messaging system, used
+# for sending messages between applications.
+### END INIT INFO
+# -*- coding: utf-8 -*-
+# Debian init.d script for D-BUS
+# Copyright © 2003 Colin Walters <walters@debian.org>
+# Copyright © 2005 Sjoerd Simons <sjoerd@debian.org>
+
+set -e
+
+DAEMON=/usr/bin/dbus-daemon
+UUIDGEN=/usr/bin/dbus-uuidgen
+UUIDGEN_OPTS=--ensure
+NAME=dbus
+DAEMONUSER=messagebus
+PIDDIR=/var/run/dbus
+PIDFILE=$PIDDIR/pid
+DESC="system message bus"
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+# Source defaults file; edit that file to configure this script.
+PARAMS=""
+if [ -e /etc/default/dbus ]; then
+ . /etc/default/dbus
+fi
+
+create_machineid() {
+ # Create machine-id file
+ if [ -x $UUIDGEN ]; then
+ $UUIDGEN $UUIDGEN_OPTS
+ fi
+}
+
+start_it_up()
+{
+ if [ ! -d $PIDDIR ]; then
+ mkdir -p $PIDDIR
+ chown $DAEMONUSER $PIDDIR
+ chgrp $DAEMONUSER $PIDDIR
+ fi
+
+ if ! mountpoint -q /proc/ ; then
+ log_failure_msg "Can't start $DESC - /proc is not mounted"
+ return
+ fi
+
+ if [ -e $PIDFILE ]; then
+ if $0 status > /dev/null ; then
+ log_success_msg "$DESC already started; not starting."
+ return
+ else
+ log_success_msg "Removing stale PID file $PIDFILE."
+ rm -f $PIDFILE
+ fi
+ fi
+
+ create_machineid
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+ start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ --exec $DAEMON -- --system $PARAMS
+ log_end_msg $?
+}
+
+shut_it_down()
+{
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ start-stop-daemon --stop --retry 5 --quiet --oknodo --pidfile $PIDFILE \
+ --user $DAEMONUSER
+ # We no longer include these arguments so that start-stop-daemon
+ # can do its job even given that we may have been upgraded.
+ # We rely on the pidfile being sanely managed
+ # --exec $DAEMON -- --system $PARAMS
+ log_end_msg $?
+ rm -f $PIDFILE
+}
+
+reload_it()
+{
+ create_machineid
+ log_action_begin_msg "Reloading $DESC config"
+ dbus-send --print-reply --system --type=method_call \
+ --dest=org.freedesktop.DBus \
+ / org.freedesktop.DBus.ReloadConfig > /dev/null
+ # hopefully this is enough time for dbus to reload it's config file.
+ log_action_end_msg $?
+}
+
+case "$1" in
+ start)
+ start_it_up
+ ;;
+ stop)
+ shut_it_down
+ ;;
+ reload|force-reload)
+ reload_it
+ ;;
+ restart)
+ shut_it_down
+ start_it_up
+ ;;
+ status)
+ status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|status}" >&2
+ exit 2
+ ;;
+esac
+
--- /dev/null
+description "cgroup management daemon"
+author "Serge Hallyn <serge.hallyn@ubuntu.com>"
+
+respawn
+expect stop
+
+# in trusty /sys/fs/cgroup will be mounted for us.
+# prior to saucy, we would need to start on mounted
+# MOUNTPOINT=/sys, and mount /sys/fs/cgroup ourselves
+start on mounted MOUNTPOINT=/sys/fs/cgroup or virtual-filesystems or starting dbus
+stop on runlevel [06]
+
+# to get debug output into /var/log/upstart/cgmanager.log, create/edit
+# /etc/default/cgmanager and set cgmanager_opts="--debug"
+env cgmanager_opts=""
+
+# unbound subsystems cgmanager should mount. If you need to add more,
+# make the list comma-separated, for instance:
+# env cgm_extra_mounts="-m name=systemd,name=yyy"
+env cgm_extra_mounts="-m name=systemd"
+
+pre-start script
+ # Kill any existing cgproxy. This is required to allow proper
+ # respawning of cgmanager.
+ stop cgproxy >/dev/null 2>&1 || true
+
+ # check whether we should start a cgproxy or a cgmanager
+ if cgproxy --check-master; then
+ start cgproxy NESTED=yes || true && { stop; exit 0; }
+ fi
+end script
+
+script
+ [ -r /etc/default/cgmanager ] && . /etc/default/cgmanager
+
+ exec /sbin/cgmanager --sigstop $cgmanager_opts $cgm_extra_mounts
+end script
+
+post-start script
+ initctl notify-cgroup-manager-address "unix:path=/sys/fs/cgroup/cgmanager/sock" || true
+end script
--- /dev/null
+description "cgroup management proxy"
+author "Serge Hallyn <serge.hallyn@ubuntu.com>"
+
+respawn
+expect stop
+emits cgmanager-ready
+
+# in trusty /sys/fs/cgroup will be mounted for us.
+# prior to saucy, we would need to start on mounted
+# MOUNTPOINT=/sys, and mount /sys/fs/cgroup ourselves
+start on started cgmanager
+stop on runlevel [06]
+
+# to get debug output into /var/log/upstart/cgproxy.log, create/edit
+# /etc/default/cgmanager and set cgmanager_opts="--debug"
+env cgmanager_opts=""
+env NESTED="no"
+
+pre-start script
+ # check whether we should start
+ if [ -e /proc/self/ns/pid ] && [ "$NESTED" = "no" ]; then
+ initctl emit -n cgmanager-ready
+ { stop; exit 0; }
+ fi
+end script
+
+script
+ [ -r /etc/default/cgmanager ] && . /etc/default/cgmanager
+
+ exec /sbin/cgproxy --sigstop $cgmanager_opts
+end script
+
+post-start script
+initctl emit -n cgmanager-ready
+initctl notify-cgroup-manager-address "unix:path=/sys/fs/cgroup/cgmanager/sock" || true
+end script
--- /dev/null
+../modules
\ No newline at end of file
--- /dev/null
+#
+# The PAM configuration file for the at daemon
+#
+
+auth required pam_env.so
+@include common-auth
+@include common-account
+session required pam_loginuid.so
+@include common-session-noninteractive
+session required pam_limits.so
session required pam_permit.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
+session optional pam_systemd.so
# end of pam-auth-update config
ulog:x:107:115::/var/log/ulog:/bin/false
repo:x:1111:100:Repository user ns1,,,:/home/repo:/bin/bash
postgres:x:108:116:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
+messagebus:x:109:117::/var/run/dbus:/bin/false
bind:x:999:999:Bind daemon user,,,:/var/cache/bind:/bin/false
ulog:x:107:115::/var/log/ulog:/bin/false
repo:x:1111:100:Repository user ns1,,,:/home/repo:/bin/bash
-postgres:x:108:116::/var/lib/postgresql:/bin/bash
+postgres:x:108:116:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
+messagebus:x:109:117::/var/run/dbus:/bin/false
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/cgmanager
\ No newline at end of file
--- /dev/null
+../init.d/cgproxy
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/cgmanager
\ No newline at end of file
--- /dev/null
+../init.d/cgproxy
\ No newline at end of file
--- /dev/null
+../init.d/cgmanager
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/cgproxy
\ No newline at end of file
--- /dev/null
+../init.d/dbus
\ No newline at end of file
--- /dev/null
+../init.d/cgmanager
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/cgproxy
\ No newline at end of file
--- /dev/null
+../init.d/dbus
\ No newline at end of file
--- /dev/null
+../init.d/cgmanager
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/cgproxy
\ No newline at end of file
--- /dev/null
+../init.d/dbus
\ No newline at end of file
--- /dev/null
+../init.d/cgmanager
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/cgproxy
\ No newline at end of file
--- /dev/null
+../init.d/dbus
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/cgmanager
\ No newline at end of file
--- /dev/null
+../init.d/cgproxy
\ No newline at end of file
ulog:*:16920:0:99999:7:::
repo:!:17100:0:99999:7:::
postgres:*:17175:0:99999:7:::
+messagebus:*:17329:0:99999:7:::
ulog:*:16920:0:99999:7:::
repo:!:17100:0:99999:7:::
postgres:*:17175:0:99999:7:::
+messagebus:*:17329:0:99999:7:::
ulog:624288:65536
repo:689824:65536
postgres:755360:65536
+messagebus:820896:65536
bind:558752:65536
ulog:624288:65536
repo:689824:65536
+postgres:755360:65536
ulog:624288:65536
repo:689824:65536
postgres:755360:65536
+messagebus:820896:65536
bind:558752:65536
ulog:624288:65536
repo:689824:65536
+postgres:755360:65536
--- /dev/null
+../sysctl.conf
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/atd.service
\ No newline at end of file
--- /dev/null
+../../systemd/user
\ No newline at end of file
projects / config / ns1 / etc.git / commitdiff