From f0338d69c3f05c7b8af12f75edcd93686ef1547f Mon Sep 17 00:00:00 2001 From: Jonathan Budzenski Date: Mon, 20 Jun 2016 10:27:36 -0500 Subject: [PATCH 1/2] [build] Ensure group kibana is added, stricter user creation Former-commit-id: b54ef4ed0010a61c56f9d07dfa6792bab970746c --- tasks/build/package_scripts/post_install.sh | 42 +++++++++++++++------ tasks/build/package_scripts/post_remove.sh | 24 +++++------- 2 files changed, 41 insertions(+), 25 deletions(-) diff --git a/tasks/build/package_scripts/post_install.sh b/tasks/build/package_scripts/post_install.sh index bc31f19f19953..dd8638a0c20bf 100644 --- a/tasks/build/package_scripts/post_install.sh +++ b/tasks/build/package_scripts/post_install.sh @@ -1,19 +1,39 @@ #!/bin/sh set -e -user_check() { - getent passwd "$1" > /dev/null 2>&1 -} +case $1 in + # Debian + configure) + if ! getent group "<%= group %>" >/dev/null; then + addgroup --quiet --system "<%= group %>" + fi -user_create() { - # Create a system user. A system user is one within the system uid range and - # has no expiration - useradd -r "$1" -} + if ! getent passwd "<%= user %>" >/dev/null; then + adduser --quiet --system --no-create-home --disabled-password \ + --ingroup "<%= group %>" --shell /bin/false "<%= user %>" + fi + ;; + abort-deconfigure|abort-upgrade|abort-remove) + ;; + + # Red Hat + 1|2) + if ! getent group "<%= group %>" >/dev/null; then + groupadd -r "<%= group %>" + fi + + if ! getent passwd "<%= user %>" >/dev/null; then + useradd -r -g "<%= group %>" -M -s /sbin/nologin \ + -c "kibana service user" "<%= user %>" + fi + ;; + + *) + echo "post install script called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac -if ! user_check "<%= user %>" ; then - user_create "<%= user %>" -fi chown -R <%= user %>:<%= group %> <%= optimizeDir %> chown <%= user %>:<%= group %> <%= dataDir %> chown <%= user %>:<%= group %> <%= pluginsDir %> diff --git a/tasks/build/package_scripts/post_remove.sh b/tasks/build/package_scripts/post_remove.sh index c1499c2940d83..fa248c016feb3 100644 --- a/tasks/build/package_scripts/post_remove.sh +++ b/tasks/build/package_scripts/post_remove.sh @@ -1,22 +1,14 @@ #!/bin/sh set -e -user_check() { - getent passwd "$1" > /dev/null 2>&1 -} - -user_remove() { - userdel "$1" -} - -REMOVE_USER=false +REMOVE_USER_AND_GROUP=false REMOVE_DIRS=false case $1 in # Includes cases for all valid arguments, exit 1 otherwise # Debian purge) - REMOVE_USER=true + REMOVE_USER_AND_GROUP=true REMOVE_DIRS=true ;; remove) @@ -28,7 +20,7 @@ case $1 in # Red Hat 0) - REMOVE_USER=true + REMOVE_USER_AND_GROUP=true REMOVE_DIRS=true ;; @@ -41,9 +33,13 @@ case $1 in ;; esac -if [ "$REMOVE_USER" = "true" ]; then - if user_check "<%= user %>" ; then - user_remove "<%= user %>" +if [ "$REMOVE_USER_AND_GROUP" = "true" ]; then + if getent group "<%= group %>" >/dev/null; then + groupdel "<%= group %>" + fi + + if getent passwd "<%= user %>" >/dev/null; then + userdel "<%= user %>" fi fi From caaa471b1bbfb0caf14da80cddf5047ca9dc85c6 Mon Sep 17 00:00:00 2001 From: Jonathan Budzenski Date: Thu, 7 Jul 2016 15:40:18 -0500 Subject: [PATCH 2/2] [build] Remove user before group Former-commit-id: 144a40b7803df4ea3e9792bf29ec436d56935f40 --- tasks/build/package_scripts/post_remove.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/build/package_scripts/post_remove.sh b/tasks/build/package_scripts/post_remove.sh index fa248c016feb3..25c46a54a222a 100644 --- a/tasks/build/package_scripts/post_remove.sh +++ b/tasks/build/package_scripts/post_remove.sh @@ -34,13 +34,13 @@ case $1 in esac if [ "$REMOVE_USER_AND_GROUP" = "true" ]; then - if getent group "<%= group %>" >/dev/null; then - groupdel "<%= group %>" - fi - if getent passwd "<%= user %>" >/dev/null; then userdel "<%= user %>" fi + + if getent group "<%= group %>" >/dev/null; then + groupdel "<%= group %>" + fi fi if [ "$REMOVE_DIRS" = "true" ]; then