osmith has submitted this change. ( https://gerrit.osmocom.org/c/osmo-sgsn/+/29711?usp=email )
Change subject: .deb/.rpm: add osmocom user during package install ...................................................................... .deb/.rpm: add osmocom user during package install Create osmocom user & group during package installation. Fix the configuration dir/files permission to match. Related: OS#4107 Tweaked-By: Oliver Smith <[email protected]> Change-Id: I55ce205d4b314d01b2641c8f3d52455c051d6282 --- M contrib/osmo-sgsn.spec.in M contrib/systemd/osmo-gtphub.service M contrib/systemd/osmo-sgsn.service M debian/control A debian/postinst 5 files changed, 78 insertions(+), 5 deletions(-) Approvals: osmith: Looks good to me, approved Jenkins Builder: Verified pespin: Looks good to me, but someone else must approve laforge: Looks good to me, but someone else must approve diff --git a/contrib/osmo-sgsn.spec.in b/contrib/osmo-sgsn.spec.in index 7ba994f..d1382cb 100644 --- a/contrib/osmo-sgsn.spec.in +++ b/contrib/osmo-sgsn.spec.in @@ -81,13 +81,29 @@ %if 0%{?suse_version} %preun %service_del_preun %{name}.service %postun %service_del_postun %{name}.service -%pre %service_add_pre %{name}.service -%post %service_add_post %{name}.service +%endif + +%pre +getent group osmocom >/dev/null || groupadd --system osmocom +getent passwd osmocom >/dev/null || useradd --system --gid osmocom --home-dir /var/lib/osmocom \ + --shell /sbin/nologin --comment "Open Source Mobile Communications" osmocom +%if 0%{?suse_version} +%service_add_pre %{name}.service +%endif + +%post +%if 0%{?suse_version} +%service_add_post %{name}.service +%endif +chown osmocom:osmocom /etc/osmocom/osmo-sgsn.cfg +chmod 0660 /etc/osmocom/osmo-sgsn.cfg +chown root:osmocom /etc/osmocom +chmod 2775 /etc/osmocom + %preun -n osmo-gtphub %service_del_preun osmo-gtphub.service %postun -n osmo-gtphub %service_del_postun osmo-gtphub.service %pre -n osmo-gtphub %service_add_pre osmo-gtphub.service %post -n osmo-gtphub %service_add_post osmo-gtphub.service -%endif %check make %{?_smp_mflags} check || (find . -name testsuite.log -exec cat {} +) diff --git a/contrib/systemd/osmo-gtphub.service b/contrib/systemd/osmo-gtphub.service index 9ade246..1e1a8a0 100644 --- a/contrib/systemd/osmo-gtphub.service +++ b/contrib/systemd/osmo-gtphub.service @@ -5,6 +5,8 @@ [Service] Type=simple +User=osmocom +Group=osmocom ExecStart=/usr/bin/osmo-gtphub -c /etc/osmocom/osmo-gtphub.cfg StateDirectory=osmocom WorkingDirectory=%S/osmocom diff --git a/contrib/systemd/osmo-sgsn.service b/contrib/systemd/osmo-sgsn.service index 21ecbb7..1cc962b 100644 --- a/contrib/systemd/osmo-sgsn.service +++ b/contrib/systemd/osmo-sgsn.service @@ -11,6 +11,8 @@ StateDirectory=osmocom WorkingDirectory=%S/osmocom Restart=always +User=osmocom +Group=osmocom ExecStart=/usr/bin/osmo-sgsn -c /etc/osmocom/osmo-sgsn.cfg RestartSec=2 diff --git a/debian/control b/debian/control index aa59455..b28db1f 100644 --- a/debian/control +++ b/debian/control @@ -30,7 +30,7 @@ Package: osmo-sgsn Architecture: any Multi-Arch: foreign -Depends: ${misc:Depends}, ${shlibs:Depends} +Depends: ${misc:Depends}, ${shlibs:Depends}, adduser Description: OsmoSGSN: Osmocom's Serving GPRS Support Node for 2G and 3G packet-switched mobile networks Package: osmo-sgsn-dbg @@ -42,7 +42,7 @@ Package: osmo-gtphub Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser Description: Osmocom GTP Hub: Proxy for GTP traffic between multiple SGSNs and GGSNs Package: osmo-gtphub-dbg diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 0000000..84d7e5f --- /dev/null +++ b/debian/postinst @@ -0,0 +1,39 @@ +#!/bin/sh -e +# Create 'osmocom' user and group (if it doesn't exist yet) and adjust permissions +# of directories which are not automatically adjusted by systemd from previous (root-owned) +# install. + +# N. B: the user is intentionally NOT removed during package uninstall: +# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning. +chperms() { + # chperms <user> <group> <perms> <file> + if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then + if [ -e $4 ]; then + chown $1:$2 $4 + chmod $3 $4 + fi + fi +} + +case "$1" in + configure) + if ! getent passwd osmocom > /dev/null; then + adduser --quiet \ + --system \ + --group \ + --no-create-home \ + --disabled-password \ + --home /var/lib/osmocom \ + --gecos "Open Source Mobile Communications" \ + osmocom + fi +# Set permissions according to https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners + chperms osmocom osmocom 0660 /etc/osmocom/osmo-sgsn.cfg + chperms root osmocom 2775 /etc/osmocom + + ;; +esac + +# dh_installdeb(1) will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER# -- To view, visit https://gerrit.osmocom.org/c/osmo-sgsn/+/29711?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-sgsn Gerrit-Branch: master Gerrit-Change-Id: I55ce205d4b314d01b2641c8f3d52455c051d6282 Gerrit-Change-Number: 29711 Gerrit-PatchSet: 2 Gerrit-Owner: msuraev <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <[email protected]> Gerrit-Reviewer: osmith <[email protected]> Gerrit-Reviewer: pespin <[email protected]> Gerrit-MessageType: merged
