osmith has submitted this change. ( https://gerrit.osmocom.org/c/erlang/osmo_dia2gsup/+/36771?usp=email )
Change subject: contrib/systemd: run as osmocom user ...................................................................... contrib/systemd: run as osmocom user Run the systemd service as osmocom user and group instead of root. Set the StateDirectory and WorkingDirectory like we have it in other Osmocom service files. Remove the ExecStartPre mkdir, as the directory now gets created by postinst. Related: OS#4107 Change-Id: I2c0c7f4b98300b3b0bb5b95013b51b6b60625b95 --- M contrib/systemd/osmo_dia2gsup.service A debian/postinst 2 files changed, 49 insertions(+), 1 deletion(-) Approvals: Jenkins Builder: Verified fixeria: Looks good to me, but someone else must approve pespin: Looks good to me, approved diff --git a/contrib/systemd/osmo_dia2gsup.service b/contrib/systemd/osmo_dia2gsup.service index 2ef737c..e3d092e 100644 --- a/contrib/systemd/osmo_dia2gsup.service +++ b/contrib/systemd/osmo_dia2gsup.service @@ -7,8 +7,11 @@ [Service] Type=simple Restart=always +StateDirectory=osmo_dia2gsup +WorkingDirectory=%S/osmo_dia2gsup +User=osmocom +Group=osmocom Environment="HOME=/var/lib/osmo_dia2gsup" -ExecStartPre=/usr/bin/mkdir -p /var/lib/osmo_dia2gsup ExecStart=/usr/bin/osmo-dia2gsup foreground RestartSec=2 diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..f9f64c8 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,30 @@ +#!/bin/sh -e +case "$1" in + configure) + # Create the osmocom group and user (if it doesn't exist yet) + if ! getent group osmocom >/dev/null; then + groupadd --system osmocom + fi + if ! getent passwd osmocom >/dev/null; then + useradd \ + --system \ + --gid osmocom \ + --home-dir /var/lib/osmocom \ + --shell /sbin/nologin \ + --comment "Open Source Mobile Communications" \ + osmocom + fi + + # Fix permissions of previous (root-owned) install (OS#4107) + chown osmocom:osmocom /etc/osmocom/osmo_dia2gsup.service + chmod 0660 /etc/osmocom/osmo_dia2gsup.service + chown root:osmocom /etc/osmocom + chmod 2775 /etc/osmocom + mkdir -p /var/lib/osmo_dia2gsup + chown -R osmocom:osmocom /var/lib/osmo_dia2gsup + ;; +esac + +# dh_installdeb(1) will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER# -- To view, visit https://gerrit.osmocom.org/c/erlang/osmo_dia2gsup/+/36771?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: erlang/osmo_dia2gsup Gerrit-Branch: master Gerrit-Change-Id: I2c0c7f4b98300b3b0bb5b95013b51b6b60625b95 Gerrit-Change-Number: 36771 Gerrit-PatchSet: 1 Gerrit-Owner: osmith <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <[email protected]> Gerrit-Reviewer: osmith <[email protected]> Gerrit-Reviewer: pespin <[email protected]> Gerrit-MessageType: merged
