Re: Setting system user home directory

[Dmytro Bilokha]

On Wed, Dec 20, 2017 at 08:32:37PM +0100, Stefan Esser wrote:

Am 20.12.17 um 15:12 schrieb Adam Vande More:

On Sat, Dec 16, 2017 at 2:10 PM, Dmytro Bilokha  wrote:


Guys, thanks for your help. I've managed to adjust user's homedir
using pkg-install script. Now I'll try to move everything writable
from /usr/local to /var (as Miroslav suggested), test and submit the new
port version.


I think you should do what makes sense for your application.  The /var/db
stuff is not a hard fast rule and it doesn't work well for many
situations.  Also it's mostly system related DB's that live there.  It's
not only some java related ports that live mostly under /usr but also
things like postgres(at least used to).

IMO, as long as you're not flagrantly violating hier(7), do what is best
for your port.


For a port that needs quite a large database (password hashes from accounts
that have been leaked), I implemented an option to initialize the application
by downloading the data files after the user had a chance to select a place
for the data (by editing the config file). The default is in /var/db, but the
user may prefer a home directory or some sub-directory of /usr/local/ ...

Regards, STefan



Thanks, Stefan, it is also a nice approach.

--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Stefan Esser]

Am 20.12.17 um 15:12 schrieb Adam Vande More:
> On Sat, Dec 16, 2017 at 2:10 PM, Dmytro Bilokha  wrote:
> 
>> Guys, thanks for your help. I've managed to adjust user's homedir
>> using pkg-install script. Now I'll try to move everything writable
>> from /usr/local to /var (as Miroslav suggested), test and submit the new
>> port version.
> 
> I think you should do what makes sense for your application.  The /var/db
> stuff is not a hard fast rule and it doesn't work well for many
> situations.  Also it's mostly system related DB's that live there.  It's
> not only some java related ports that live mostly under /usr but also
> things like postgres(at least used to).
> 
> IMO, as long as you're not flagrantly violating hier(7), do what is best
> for your port.

For a port that needs quite a large database (password hashes from accounts
that have been leaked), I implemented an option to initialize the application
by downloading the data files after the user had a chance to select a place
for the data (by editing the config file). The default is in /var/db, but the
user may prefer a home directory or some sub-directory of /usr/local/ ...

Regards, STefan

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Dmytro Bilokha]

On Wed, Dec 20, 2017 at 08:12:52AM -0600, Adam Vande More wrote:

On Sat, Dec 16, 2017 at 2:10 PM, Dmytro Bilokha  wrote:


Guys, thanks for your help. I've managed to adjust user's homedir
using pkg-install script. Now I'll try to move everything writable
from /usr/local to /var (as Miroslav suggested), test and submit the new
port version.



I think you should do what makes sense for your application.  The /var/db
stuff is not a hard fast rule and it doesn't work well for many
situations.  Also it's mostly system related DB's that live there.  It's
not only some java related ports that live mostly under /usr but also
things like postgres(at least used to).

IMO, as long as you're not flagrantly violating hier(7), do what is best
for your port.

--
Adam


Thanks for your response. For me both approaches are fine, application will
work. As far as I understand, which layout is better depends on how the 
system is managed. For now having writable data in /var seems reasonable,

so I'll try it.

--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Miroslav Lachman]

Adam Vande More wrote on 2017/12/20 15:12:

On Sat, Dec 16, 2017 at 2:10 PM, Dmytro Bilokha  wrote:


Guys, thanks for your help. I've managed to adjust user's homedir
using pkg-install script. Now I'll try to move everything writable
from /usr/local to /var (as Miroslav suggested), test and submit the new
port version.



I think you should do what makes sense for your application.  The /var/db
stuff is not a hard fast rule and it doesn't work well for many
situations.  Also it's mostly system related DB's that live there.  It's
not only some java related ports that live mostly under /usr but also
things like postgres(at least used to).


Databases (Postgres) are mess. MySQL, CouchDB, Elasticsearch and others 
are using /var/db prefix, PostgreSQL and some others are using 
/usr/local. It is very inconsistent...


Miroslav Lachman
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Adam Vande More]

On Sat, Dec 16, 2017 at 2:10 PM, Dmytro Bilokha  wrote:

> Guys, thanks for your help. I've managed to adjust user's homedir
> using pkg-install script. Now I'll try to move everything writable
> from /usr/local to /var (as Miroslav suggested), test and submit the new
> port version.


I think you should do what makes sense for your application.  The /var/db
stuff is not a hard fast rule and it doesn't work well for many
situations.  Also it's mostly system related DB's that live there.  It's
not only some java related ports that live mostly under /usr but also
things like postgres(at least used to).

IMO, as long as you're not flagrantly violating hier(7), do what is best
for your port.

-- 
Adam
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Dmytro Bilokha]

On Sat, Dec 16, 2017 at 09:47:46PM +0100, Miroslav Lachman wrote:

Dmytro Bilokha wrote on 2017/12/16 21:10:

On Sat, Dec 16, 2017 at 08:53:17PM +0200, Dmytro Bilokha wrote:

On Sat, Dec 16, 2017 at 10:48:34AM -0800, Kevin Oberman wrote:

On Sat, Dec 16, 2017 at 9:04 AM, Dmytro Bilokha 


[...]


Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkober...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683


I've add following lines to the port's makefile:
USERS=payara
GROUPS=payara

And user is created automatically during port installation process.



Guys, thanks for your help. I've managed to adjust user's homedir
using pkg-install script. Now I'll try to move everything writable
from /usr/local to /var (as Miroslav suggested), test and submit the new
port version.


Ideally you should not silently change existing user account. There is
possibility that user (sysadmin) made some tweaks (different UID,
different home, shell etc.) and if your port will do some silent changes
it can break some setup.
Better way is to use this setting only on newly created user (fresh pkg
install) or print pkg-message with instruction (command) what should
user do to have this setup corrected to new port properties.
Or maybe you can do this change interactively with user confirmation Y/N.
Maybe create UPDATING entry.

Just my $0.02

Miroslav Lachman


Thanks, Miroslav! It is useful advice. I'll proceed with pkg-message
approach.

--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Miroslav Lachman]

Dmytro Bilokha wrote on 2017/12/16 21:10:

On Sat, Dec 16, 2017 at 08:53:17PM +0200, Dmytro Bilokha wrote:

On Sat, Dec 16, 2017 at 10:48:34AM -0800, Kevin Oberman wrote:

On Sat, Dec 16, 2017 at 9:04 AM, Dmytro Bilokha 


[...]


Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkober...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683


I've add following lines to the port's makefile:
USERS=payara
GROUPS=payara

And user is created automatically during port installation process.



Guys, thanks for your help. I've managed to adjust user's homedir
using pkg-install script. Now I'll try to move everything writable
from /usr/local to /var (as Miroslav suggested), test and submit the new
port version.


Ideally you should not silently change existing user account. There is 
possibility that user (sysadmin) made some tweaks (different UID, 
different home, shell etc.) and if your port will do some silent changes 
it can break some setup.
Better way is to use this setting only on newly created user (fresh pkg 
install) or print pkg-message with instruction (command) what should 
user do to have this setup corrected to new port properties.

Or maybe you can do this change interactively with user confirmation Y/N.
Maybe create UPDATING entry.

Just my $0.02

Miroslav Lachman
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Dmytro Bilokha]

On Sat, Dec 16, 2017 at 08:53:17PM +0200, Dmytro Bilokha wrote:

On Sat, Dec 16, 2017 at 10:48:34AM -0800, Kevin Oberman wrote:

On Sat, Dec 16, 2017 at 9:04 AM, Dmytro Bilokha  wrote:


On Sat, Dec 16, 2017 at 03:20:21PM +0100, Miroslav Lachman wrote:


Dmytro Bilokha wrote on 2017/12/16 14:59:


On Sat, Dec 16, 2017 at 01:44:05PM +0100, Miroslav Lachman wrote:


Dmytro Bilokha wrote on 2017/12/16 10:40:


Hello, Everyone!

I'm trying to change www/payara port to make it run under the payara
user instead of root.
I've added the following line to the UIDs file:

payara:*:221:221::0:0:Payara Application Server
user:/nonexistent:/usr/sbin/nologin

And this line to the port makefile:

USERS=payara

Also, I've made some another changes to the port's scripts to start
service under payara user.
Everything seems to be fine, but the service on start/shutdown creates
some preferences files,
caches, etc in the payara user's homedir.
The problem is, that it is impossible to create these files in
/nonexistent. This fact makes
service to show some annoying warnings on every startup/shutdown.
To make service to work properly I want to create directory writable by
the payara user and
set it as payara's homedir.
And I don't want to put these dir under the /usr/home/, it should be
somewhere in the application,
like /usr/local/payara-4.1.2.173/prefs.
As far as I understand, payara user will be created automatically by
the
bsd.port.pre.mk file included in the port's makefile. But, during
every
installation somehow payara user's homedir
should be changed. I can do it with the following one-liner:

/usr/sbin/pw usermod payara -d ${DATADIR}/prefs

So, the questions are:
1. Is it a proper way of doing such kind of things?
2. Where in the port's makefile should I put my one-liner? Will it be
OK
to make it like this:

...head of the make file with setting variables and so on is
here..
.include 
do-install:
 .doing some work here..
 @/usr/sbin/pw usermod payara -d ${DATADIR}/prefs
.include 
end of the makefile.

Many thanks for your attention and help.



I don't know Payara but applications should not write its files to
/usr/local. This should work even if /usr/local is mounted Read Only.
If you need to store configuration (preferences) then it should be in
/usr/local/etc/payara.
If the application writes some data files like databases, it goes under
/var/db/payara and log in to /var/log/payara.log or /var/log/payara
(directory)

Miroslav Lachman



Thanks for the information. Now I'm a little bit confused.
I've checked and seems to me that nither www/tomcat85 (servlet
container) nor www/glassfish and java/wildfly10 (application servers)
ports follow this convention.
All of them has directories for logs, configuration and Java
applications under the
/usr/local. Is there something special in Java servers ports?




I know there are ports not following this convention (and I don't
understand why). Those ports are making troubles if you want to serve
/usr/local as read only NFS for example.

Miroslav Lachman



Ok, than I'll try to move everything writable from /usr/local to /var.
I plan to put system user's caches and properties to the
/var/payara/X.Y.Z/prefs,
where X.Y.Z is an application's version.
And this returns me to the first question: how to properly change user's
home
directory on port installation?

--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43



How did you add the user? If you did not use the adduser script or vipw,
you must rebuild the database. pwd_mkdb. I would suggest always using vipw
as it automatically does everything

Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkober...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683


I've add following lines to the port's makefile:
USERS=  payara
GROUPS= payara

And user is created automatically during port installation process.
--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43


Guys, thanks for your help. I've managed to adjust user's homedir
using pkg-install script. Now I'll try to move everything writable
from /usr/local to /var (as Miroslav suggested), test and submit 
the new port version.

--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Dmytro Bilokha]

On Sat, Dec 16, 2017 at 10:48:34AM -0800, Kevin Oberman wrote:

On Sat, Dec 16, 2017 at 9:04 AM, Dmytro Bilokha  wrote:


On Sat, Dec 16, 2017 at 03:20:21PM +0100, Miroslav Lachman wrote:


Dmytro Bilokha wrote on 2017/12/16 14:59:


On Sat, Dec 16, 2017 at 01:44:05PM +0100, Miroslav Lachman wrote:


Dmytro Bilokha wrote on 2017/12/16 10:40:


Hello, Everyone!

I'm trying to change www/payara port to make it run under the payara
user instead of root.
I've added the following line to the UIDs file:

payara:*:221:221::0:0:Payara Application Server
user:/nonexistent:/usr/sbin/nologin

And this line to the port makefile:

USERS=payara

Also, I've made some another changes to the port's scripts to start
service under payara user.
Everything seems to be fine, but the service on start/shutdown creates
some preferences files,
caches, etc in the payara user's homedir.
The problem is, that it is impossible to create these files in
/nonexistent. This fact makes
service to show some annoying warnings on every startup/shutdown.
To make service to work properly I want to create directory writable by
the payara user and
set it as payara's homedir.
And I don't want to put these dir under the /usr/home/, it should be
somewhere in the application,
like /usr/local/payara-4.1.2.173/prefs.
As far as I understand, payara user will be created automatically by
the
bsd.port.pre.mk file included in the port's makefile. But, during
every
installation somehow payara user's homedir
should be changed. I can do it with the following one-liner:

/usr/sbin/pw usermod payara -d ${DATADIR}/prefs

So, the questions are:
1. Is it a proper way of doing such kind of things?
2. Where in the port's makefile should I put my one-liner? Will it be
OK
to make it like this:

...head of the make file with setting variables and so on is
here..
.include 
do-install:
 .doing some work here..
 @/usr/sbin/pw usermod payara -d ${DATADIR}/prefs
.include 
end of the makefile.

Many thanks for your attention and help.



I don't know Payara but applications should not write its files to
/usr/local. This should work even if /usr/local is mounted Read Only.
If you need to store configuration (preferences) then it should be in
/usr/local/etc/payara.
If the application writes some data files like databases, it goes under
/var/db/payara and log in to /var/log/payara.log or /var/log/payara
(directory)

Miroslav Lachman



Thanks for the information. Now I'm a little bit confused.
I've checked and seems to me that nither www/tomcat85 (servlet
container) nor www/glassfish and java/wildfly10 (application servers)
ports follow this convention.
All of them has directories for logs, configuration and Java
applications under the
/usr/local. Is there something special in Java servers ports?




I know there are ports not following this convention (and I don't
understand why). Those ports are making troubles if you want to serve
/usr/local as read only NFS for example.

Miroslav Lachman



Ok, than I'll try to move everything writable from /usr/local to /var.
I plan to put system user's caches and properties to the
/var/payara/X.Y.Z/prefs,
where X.Y.Z is an application's version.
And this returns me to the first question: how to properly change user's
home
directory on port installation?

--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43



How did you add the user? If you did not use the adduser script or vipw,
you must rebuild the database. pwd_mkdb. I would suggest always using vipw
as it automatically does everything

Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkober...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683


I've add following lines to the port's makefile:
USERS=  payara
GROUPS= payara

And user is created automatically during port installation process.
--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Kevin Oberman]

On Sat, Dec 16, 2017 at 9:04 AM, Dmytro Bilokha  wrote:

> On Sat, Dec 16, 2017 at 03:20:21PM +0100, Miroslav Lachman wrote:
>
>> Dmytro Bilokha wrote on 2017/12/16 14:59:
>>
>>> On Sat, Dec 16, 2017 at 01:44:05PM +0100, Miroslav Lachman wrote:
>>>
 Dmytro Bilokha wrote on 2017/12/16 10:40:

> Hello, Everyone!
>
> I'm trying to change www/payara port to make it run under the payara
> user instead of root.
> I've added the following line to the UIDs file:
>
> payara:*:221:221::0:0:Payara Application Server
> user:/nonexistent:/usr/sbin/nologin
>
> And this line to the port makefile:
>
> USERS=payara
>
> Also, I've made some another changes to the port's scripts to start
> service under payara user.
> Everything seems to be fine, but the service on start/shutdown creates
> some preferences files,
> caches, etc in the payara user's homedir.
> The problem is, that it is impossible to create these files in
> /nonexistent. This fact makes
> service to show some annoying warnings on every startup/shutdown.
> To make service to work properly I want to create directory writable by
> the payara user and
> set it as payara's homedir.
> And I don't want to put these dir under the /usr/home/, it should be
> somewhere in the application,
> like /usr/local/payara-4.1.2.173/prefs.
> As far as I understand, payara user will be created automatically by
> the
> bsd.port.pre.mk file included in the port's makefile. But, during
> every
> installation somehow payara user's homedir
> should be changed. I can do it with the following one-liner:
>
> /usr/sbin/pw usermod payara -d ${DATADIR}/prefs
>
> So, the questions are:
> 1. Is it a proper way of doing such kind of things?
> 2. Where in the port's makefile should I put my one-liner? Will it be
> OK
> to make it like this:
>
> ...head of the make file with setting variables and so on is
> here..
> .include 
> do-install:
>  .doing some work here..
>  @/usr/sbin/pw usermod payara -d ${DATADIR}/prefs
> .include 
> end of the makefile.
>
> Many thanks for your attention and help.
>

 I don't know Payara but applications should not write its files to
 /usr/local. This should work even if /usr/local is mounted Read Only.
 If you need to store configuration (preferences) then it should be in
 /usr/local/etc/payara.
 If the application writes some data files like databases, it goes under
 /var/db/payara and log in to /var/log/payara.log or /var/log/payara
 (directory)

 Miroslav Lachman

>>>
>>> Thanks for the information. Now I'm a little bit confused.
>>> I've checked and seems to me that nither www/tomcat85 (servlet
>>> container) nor www/glassfish and java/wildfly10 (application servers)
>>> ports follow this convention.
>>> All of them has directories for logs, configuration and Java
>>> applications under the
>>> /usr/local. Is there something special in Java servers ports?
>>>
>>
>>
>> I know there are ports not following this convention (and I don't
>> understand why). Those ports are making troubles if you want to serve
>> /usr/local as read only NFS for example.
>>
>> Miroslav Lachman
>>
>
> Ok, than I'll try to move everything writable from /usr/local to /var.
> I plan to put system user's caches and properties to the
> /var/payara/X.Y.Z/prefs,
> where X.Y.Z is an application's version.
> And this returns me to the first question: how to properly change user's
> home
> directory on port installation?
>
> --
> Dmytro Bilokha
> dmy...@posteo.net
> +38-050-607-41-43
>

How did you add the user? If you did not use the adduser script or vipw,
you must rebuild the database. pwd_mkdb. I would suggest always using vipw
as it automatically does everything

Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkober...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Dmytro Bilokha]

On Sat, Dec 16, 2017 at 03:20:21PM +0100, Miroslav Lachman wrote:

Dmytro Bilokha wrote on 2017/12/16 14:59:

On Sat, Dec 16, 2017 at 01:44:05PM +0100, Miroslav Lachman wrote:

Dmytro Bilokha wrote on 2017/12/16 10:40:

Hello, Everyone!

I'm trying to change www/payara port to make it run under the payara
user instead of root.
I've added the following line to the UIDs file:

payara:*:221:221::0:0:Payara Application Server
user:/nonexistent:/usr/sbin/nologin

And this line to the port makefile:

USERS=payara

Also, I've made some another changes to the port's scripts to start
service under payara user.
Everything seems to be fine, but the service on start/shutdown creates
some preferences files,
caches, etc in the payara user's homedir.
The problem is, that it is impossible to create these files in
/nonexistent. This fact makes
service to show some annoying warnings on every startup/shutdown.
To make service to work properly I want to create directory writable by
the payara user and
set it as payara's homedir.
And I don't want to put these dir under the /usr/home/, it should be
somewhere in the application,
like /usr/local/payara-4.1.2.173/prefs.
As far as I understand, payara user will be created automatically by the
bsd.port.pre.mk file included in the port's makefile. But, during every
installation somehow payara user's homedir
should be changed. I can do it with the following one-liner:

/usr/sbin/pw usermod payara -d ${DATADIR}/prefs

So, the questions are:
1. Is it a proper way of doing such kind of things?
2. Where in the port's makefile should I put my one-liner? Will it be OK
to make it like this:

...head of the make file with setting variables and so on is
here..
.include 
do-install:
 .doing some work here..
 @/usr/sbin/pw usermod payara -d ${DATADIR}/prefs
.include 
end of the makefile.

Many thanks for your attention and help.


I don't know Payara but applications should not write its files to
/usr/local. This should work even if /usr/local is mounted Read Only.
If you need to store configuration (preferences) then it should be in
/usr/local/etc/payara.
If the application writes some data files like databases, it goes under
/var/db/payara and log in to /var/log/payara.log or /var/log/payara
(directory)

Miroslav Lachman


Thanks for the information. Now I'm a little bit confused.
I've checked and seems to me that nither www/tomcat85 (servlet
container) nor www/glassfish and java/wildfly10 (application servers)
ports follow this convention.
All of them has directories for logs, configuration and Java
applications under the
/usr/local. Is there something special in Java servers ports?



I know there are ports not following this convention (and I don't
understand why). Those ports are making troubles if you want to serve
/usr/local as read only NFS for example.

Miroslav Lachman


Ok, than I'll try to move everything writable from /usr/local to /var.
I plan to put system user's caches and properties to the 
/var/payara/X.Y.Z/prefs,
where X.Y.Z is an application's version.
And this returns me to the first question: how to properly change user's home
directory on port installation?

--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Miroslav Lachman]

Dmytro Bilokha wrote on 2017/12/16 14:59:

On Sat, Dec 16, 2017 at 01:44:05PM +0100, Miroslav Lachman wrote:

Dmytro Bilokha wrote on 2017/12/16 10:40:

Hello, Everyone!

I'm trying to change www/payara port to make it run under the payara
user instead of root.
I've added the following line to the UIDs file:

payara:*:221:221::0:0:Payara Application Server
user:/nonexistent:/usr/sbin/nologin

And this line to the port makefile:

USERS=payara

Also, I've made some another changes to the port's scripts to start
service under payara user.
Everything seems to be fine, but the service on start/shutdown creates
some preferences files,
caches, etc in the payara user's homedir.
The problem is, that it is impossible to create these files in
/nonexistent. This fact makes
service to show some annoying warnings on every startup/shutdown.
To make service to work properly I want to create directory writable by
the payara user and
set it as payara's homedir.
And I don't want to put these dir under the /usr/home/, it should be
somewhere in the application,
like /usr/local/payara-4.1.2.173/prefs.
As far as I understand, payara user will be created automatically by the
bsd.port.pre.mk file included in the port's makefile. But, during every
installation somehow payara user's homedir
should be changed. I can do it with the following one-liner:

/usr/sbin/pw usermod payara -d ${DATADIR}/prefs

So, the questions are:
1. Is it a proper way of doing such kind of things?
2. Where in the port's makefile should I put my one-liner? Will it be OK
to make it like this:

...head of the make file with setting variables and so on is
here..
.include 
do-install:
 .doing some work here..
 @/usr/sbin/pw usermod payara -d ${DATADIR}/prefs
.include 
end of the makefile.

Many thanks for your attention and help.


I don't know Payara but applications should not write its files to
/usr/local. This should work even if /usr/local is mounted Read Only.
If you need to store configuration (preferences) then it should be in
/usr/local/etc/payara.
If the application writes some data files like databases, it goes under
/var/db/payara and log in to /var/log/payara.log or /var/log/payara
(directory)

Miroslav Lachman


Thanks for the information. Now I'm a little bit confused.
I've checked and seems to me that nither www/tomcat85 (servlet
container) nor www/glassfish and java/wildfly10 (application servers)
ports follow this convention.
All of them has directories for logs, configuration and Java
applications under the
/usr/local. Is there something special in Java servers ports?



I know there are ports not following this convention (and I don't 
understand why). Those ports are making troubles if you want to serve 
/usr/local as read only NFS for example.


Miroslav Lachman


___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Dmytro Bilokha]

On Sat, Dec 16, 2017 at 01:44:05PM +0100, Miroslav Lachman wrote:

Dmytro Bilokha wrote on 2017/12/16 10:40:

Hello, Everyone!

I'm trying to change www/payara port to make it run under the payara
user instead of root.
I've added the following line to the UIDs file:

payara:*:221:221::0:0:Payara Application Server
user:/nonexistent:/usr/sbin/nologin

And this line to the port makefile:

USERS=payara

Also, I've made some another changes to the port's scripts to start
service under payara user.
Everything seems to be fine, but the service on start/shutdown creates
some preferences files,
caches, etc in the payara user's homedir.
The problem is, that it is impossible to create these files in
/nonexistent. This fact makes
service to show some annoying warnings on every startup/shutdown.
To make service to work properly I want to create directory writable by
the payara user and
set it as payara's homedir.
And I don't want to put these dir under the /usr/home/, it should be
somewhere in the application,
like /usr/local/payara-4.1.2.173/prefs.
As far as I understand, payara user will be created automatically by the
bsd.port.pre.mk file included in the port's makefile. But, during every
installation somehow payara user's homedir
should be changed. I can do it with the following one-liner:

/usr/sbin/pw usermod payara -d ${DATADIR}/prefs

So, the questions are:
1. Is it a proper way of doing such kind of things?
2. Where in the port's makefile should I put my one-liner? Will it be OK
to make it like this:

...head of the make file with setting variables and so on is here..
.include 
do-install:
 .doing some work here..
 @/usr/sbin/pw usermod payara -d ${DATADIR}/prefs
.include 
end of the makefile.

Many thanks for your attention and help.


I don't know Payara but applications should not write its files to
/usr/local. This should work even if /usr/local is mounted Read Only.
If you need to store configuration (preferences) then it should be in
/usr/local/etc/payara.
If the application writes some data files like databases, it goes under
/var/db/payara and log in to /var/log/payara.log or /var/log/payara
(directory)

Miroslav Lachman


Thanks for the information. Now I'm a little bit confused.
I've checked and seems to me that nither www/tomcat85 (servlet container) nor 
www/glassfish and java/wildfly10 (application servers) ports follow this convention.

All of them has directories for logs, configuration and Java applications under 
the
/usr/local. Is there something special in Java servers ports?

--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Setting system user home directory

[Miroslav Lachman]

Dmytro Bilokha wrote on 2017/12/16 10:40:

Hello, Everyone!

I'm trying to change www/payara port to make it run under the payara
user instead of root.
I've added the following line to the UIDs file:

payara:*:221:221::0:0:Payara Application Server
user:/nonexistent:/usr/sbin/nologin

And this line to the port makefile:

USERS=payara

Also, I've made some another changes to the port's scripts to start
service under payara user.
Everything seems to be fine, but the service on start/shutdown creates
some preferences files,
caches, etc in the payara user's homedir.
The problem is, that it is impossible to create these files in
/nonexistent. This fact makes
service to show some annoying warnings on every startup/shutdown.
To make service to work properly I want to create directory writable by
the payara user and
set it as payara's homedir.
And I don't want to put these dir under the /usr/home/, it should be
somewhere in the application,
like /usr/local/payara-4.1.2.173/prefs.
As far as I understand, payara user will be created automatically by the
bsd.port.pre.mk file included in the port's makefile. But, during every
installation somehow payara user's homedir
should be changed. I can do it with the following one-liner:

/usr/sbin/pw usermod payara -d ${DATADIR}/prefs

So, the questions are:
1. Is it a proper way of doing such kind of things?
2. Where in the port's makefile should I put my one-liner? Will it be OK
to make it like this:

...head of the make file with setting variables and so on is here..
.include 
do-install:
 .doing some work here..
 @/usr/sbin/pw usermod payara -d ${DATADIR}/prefs
.include 
end of the makefile.

Many thanks for your attention and help.


I don't know Payara but applications should not write its files to 
/usr/local. This should work even if /usr/local is mounted Read Only.
If you need to store configuration (preferences) then it should be in 
/usr/local/etc/payara.
If the application writes some data files like databases, it goes under 
/var/db/payara and log in to /var/log/payara.log or /var/log/payara 
(directory)


Miroslav Lachman

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Setting system user home directory

[Dmytro Bilokha]

Hello, Everyone!

I'm trying to change www/payara port to make it run under the payara user 
instead of root.
I've added the following line to the UIDs file:

payara:*:221:221::0:0:Payara Application Server 
user:/nonexistent:/usr/sbin/nologin

And this line to the port makefile:

USERS=  payara

Also, I've made some another changes to the port's scripts to start service 
under payara user.
Everything seems to be fine, but the service on start/shutdown creates some 
preferences files,
caches, etc in the payara user's homedir.
The problem is, that it is impossible to create these files in /nonexistent. 
This fact makes
service to show some annoying warnings on every startup/shutdown.
To make service to work properly I want to create directory writable by the 
payara user and
set it as payara's homedir.
And I don't want to put these dir under the /usr/home/, it should be somewhere 
in the application,
like /usr/local/payara-4.1.2.173/prefs.
As far as I understand, payara user will be created automatically by the 
bsd.port.pre.mk file included in the port's makefile. But, during every 
installation somehow payara user's homedir
should be changed. I can do it with the following one-liner:

/usr/sbin/pw usermod payara -d ${DATADIR}/prefs

So, the questions are:
1. Is it a proper way of doing such kind of things?
2. Where in the port's makefile should I put my one-liner? Will it be OK to 
make it like this:

...head of the make file with setting variables and so on is here..
.include 
do-install:
.doing some work here..
@/usr/sbin/pw usermod payara -d ${DATADIR}/prefs
.include 
end of the makefile.

Many thanks for your attention and help.

--
Dmytro Bilokha
dmy...@posteo.net
+38-050-607-41-43
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"