If xrdp is running with dropped privileges it won't be able to delete
the PID file it's created. Places where xrdp is stopped need to cater
for this.
It's prefereable to do this than make the PID file writeable by xrdp
with dropped privileges, as this can still lead to DoS attacks if an
attacker manages to modify the PID file from a compromised xrdp
process.
Use install-data-hook to ensure restrictive permissions on rsakeys.ini.
Don't create rsakeys.ini in init scripts. This makes xrdp functional upon
"make install" without relying on the init scripts.
Packagers should not package rsakeys.ini, it should be created when the
package is installed.
On systemd system, at least CentOS 7, `service foo start` command
works as wrapper of `systemctl start foo`. However, xrdp installs
init script into /etc/init.d/xrdp. This script is not necessary
for systemd system, and, what is worse, if init.d/xrdp exists,
`service xrdp start` works as wrapper to run init.d/xrdp. Maybe
this is inconvinient for many users.
with combined path var
-DAEMON=/usr/sbin/xrdp
+BASE=__BASE__
(PREFIX gets replaced by given prefix, or as fallback /usr/local on Ubuntu)
+DAEMON=${BASE}/sbin/xrdp
+SDAEMON=${BASE}/sbin/xrdp-sesman
matt335672