Merge pull request elastic#7510 from jbudz/issues/7475

[build] Ensure group kibana is added, stricter user creation Former-commit-id: 13ec202
airow · Jul 8, 2016 · 11f5067 · 11f5067
2 parents ef8ff91 + caaa471
commit 11f5067
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 25 deletions.
diff --git a/tasks/build/package_scripts/post_install.sh b/tasks/build/package_scripts/post_install.sh
@@ -1,19 +1,39 @@
 #!/bin/sh
 set -e
 
-user_check() {
-  getent passwd "$1" > /dev/null 2>&1
-}
+case $1 in
+  # Debian
+  configure)
+    if ! getent group "<%= group %>" >/dev/null; then
+      addgroup --quiet --system "<%= group %>"
+    fi
 
-user_create() {
-  # Create a system user. A system user is one within the system uid range and
-  # has no expiration
-  useradd -r "$1"
-}
+    if ! getent passwd "<%= user %>" >/dev/null; then
+      adduser --quiet --system --no-create-home --disabled-password \
+      --ingroup "<%= group %>" --shell /bin/false "<%= user %>"
+    fi
+  ;;
+  abort-deconfigure|abort-upgrade|abort-remove)
+  ;;
+
+  # Red Hat
+  1|2)
+    if ! getent group "<%= group %>" >/dev/null; then
+      groupadd -r "<%= group %>"
+    fi
+
+    if ! getent passwd "<%= user %>" >/dev/null; then
+      useradd -r -g "<%= group %>" -M -s /sbin/nologin \
+      -c "kibana service user" "<%= user %>"
+    fi
+  ;;
+
+  *)
+      echo "post install script called with unknown argument \`$1'" >&2
+      exit 1
+  ;;
+esac
 
-if ! user_check "<%= user %>" ; then
-  user_create "<%= user %>"
-fi
 chown -R <%= user %>:<%= group %> <%= optimizeDir %>
 chown <%= user %>:<%= group %> <%= dataDir %>
 chown <%= user %>:<%= group %> <%= pluginsDir %>
diff --git a/tasks/build/package_scripts/post_remove.sh b/tasks/build/package_scripts/post_remove.sh
@@ -1,22 +1,14 @@
 #!/bin/sh
 set -e
 
-user_check() {
-  getent passwd "$1" > /dev/null 2>&1
-}
-
-user_remove() {
-  userdel "$1"
-}
-
-REMOVE_USER=false
+REMOVE_USER_AND_GROUP=false
 REMOVE_DIRS=false
 
 case $1 in
   # Includes cases for all valid arguments, exit 1 otherwise
   # Debian
   purge)
-    REMOVE_USER=true
+    REMOVE_USER_AND_GROUP=true
     REMOVE_DIRS=true
   ;;
   remove)
@@ -28,7 +20,7 @@ case $1 in
 
   # Red Hat
   0)
-    REMOVE_USER=true
+    REMOVE_USER_AND_GROUP=true
     REMOVE_DIRS=true
   ;;
 
@@ -41,9 +33,13 @@ case $1 in
   ;;
 esac
 
-if [ "$REMOVE_USER" = "true" ]; then
-  if user_check "<%= user %>"  ; then
-    user_remove "<%= user %>"
+if [ "$REMOVE_USER_AND_GROUP" = "true" ]; then
+  if getent passwd "<%= user %>" >/dev/null; then
+    userdel "<%= user %>"
+  fi
+
+  if getent group "<%= group %>" >/dev/null; then
+    groupdel "<%= group %>"
   fi
 fi