Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Fix upstart init script to not have syntax error - Add rundeck user at package installation time. - Fix startup script to properly change to rundeck user - Set permissions dynamically at package installation to use rundeck user - Use pidfile so we can run more than one java process through start-stop-daemon
- Loading branch information
Showing
4 changed files
with
151 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
#!/bin/sh | ||
|
||
set -e | ||
|
||
setperm() { | ||
local user="$1" | ||
local group="$2" | ||
local mode="$3" | ||
local file="$4" | ||
shift 4 | ||
|
||
# Only do something when no setting exists - if it was set, then it's already | ||
# been unpacked using the appropriate ownership and permissions. | ||
if ! dpkg-statoverride --list "$file" >/dev/null 2>&1; then | ||
chown "$user":"$group" "$file" | ||
chmod "$mode" "$file" | ||
fi | ||
} | ||
|
||
case "$1" in | ||
configure) | ||
# If the package has default file it could be sourced, so that | ||
# the local admin can overwrite the defaults | ||
|
||
[ -f "/etc/default/rundeck" ] && . /etc/default/rundeck | ||
|
||
# Sane defaults: | ||
|
||
[ -z "$SERVER_HOME" ] && SERVER_HOME=/var/lib/rundeck | ||
[ -z "$SERVER_USER" ] && SERVER_USER=rundeck | ||
[ -z "$SERVER_NAME" ] && SERVER_NAME="Rundeck user account" | ||
[ -z "$SERVER_GROUP" ] && SERVER_GROUP=rundeck | ||
|
||
# create user to avoid running server as root | ||
# 1. create group if not existing | ||
if ! getent group | grep -q "^$SERVER_GROUP:" ; then | ||
echo -n "Adding group $SERVER_GROUP.." | ||
addgroup --quiet --system $SERVER_GROUP 2>/dev/null ||true | ||
echo "..done" | ||
fi | ||
# 2. create homedir if not existing | ||
test -d $SERVER_HOME || mkdir $SERVER_HOME | ||
# 3. create user if not existing | ||
if ! getent passwd | grep -q "^$SERVER_USER:"; then | ||
echo -n "Adding system user $SERVER_USER.." | ||
adduser --quiet \ | ||
--system \ | ||
--ingroup $SERVER_GROUP \ | ||
--no-create-home \ | ||
--disabled-password \ | ||
$SERVER_USER 2>/dev/null || true | ||
echo "..done" | ||
fi | ||
|
||
# 4. adjust passwd entry | ||
usermod -c "$SERVER_NAME" \ | ||
-d $SERVER_HOME \ | ||
-g $SERVER_GROUP \ | ||
$SERVER_USER | ||
|
||
# 5. adjust file and directory permissions | ||
setperm rundeck rundeck 0750 /var/lib/rundeck/work | ||
setperm rundeck rundeck 0750 /var/lib/rundeck/data | ||
setperm rundeck adm 2751 /var/lib/rundeck/logs | ||
setperm rundeck rundeck 0750 /var/lib/rundeck/var/tmp | ||
setperm rundeck rundeck 0750 /var/rundeck | ||
setperm rundeck rundeck 0750 /var/rundeck/projects | ||
setperm rundeck adm 2751 /var/log/rundeck | ||
for file in `find /etc/rundeck -type f`; do | ||
setperm rundeck rundeck 0640 $file | ||
done | ||
;; | ||
|
||
abort-upgrade|abort-remove|abort-deconfigure) | ||
: | ||
;; | ||
|
||
*) | ||
echo "postinst called with unknown argument \`$1'" >&2 | ||
exit 1 | ||
;; | ||
esac | ||
|
||
exit 0 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
#!/bin/sh | ||
|
||
set -e | ||
|
||
case "$1" in | ||
remove) | ||
: | ||
;; | ||
|
||
purge) | ||
# find first and last SYSTEM_UID numbers | ||
for LINE in `grep SYSTEM_UID /etc/adduser.conf | grep -v "^#"`; do | ||
case $LINE in | ||
FIRST_SYSTEM_UID*) | ||
FIST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='` | ||
;; | ||
LAST_SYSTEM_UID*) | ||
LAST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='` | ||
;; | ||
*) | ||
;; | ||
esac | ||
done | ||
# Remove system account if necessary | ||
CREATEDUSER="server_user" | ||
if [ -n "$FIST_SYSTEM_UID" ] && [ -n "$LAST_SYSTEM_UID" ]; then | ||
if USERID=`getent passwd $CREATEDUSER | cut -f 3 -d ':'`; then | ||
if [ -n "$USERID" ]; then | ||
if [ "$FIST_SYSTEM_UID" -le "$USERID" ] && \ | ||
[ "$USERID" -le "$LAST_SYSTEM_UID" ]; then | ||
echo -n "Removing $CREATEDUSER system user.." | ||
deluser --quiet $CREATEDUSER || true | ||
echo "..done" | ||
fi | ||
fi | ||
fi | ||
fi | ||
# Remove system group if necessary | ||
CREATEDGROUP=server_group | ||
FIRST_USER_GID=`grep ^USERS_GID /etc/adduser.conf | cut -f2 -d '='` | ||
if [ -n "$FIST_USER_GID" ]; then | ||
if GROUPGID=`getent group $CREATEDGROUP | cut -f 3 -d ':'`; then | ||
if [ -n "$GROUPGID" ]; then | ||
if [ "$FIST_USER_GID" -gt "$GROUPGID" ]; then | ||
echo -n "Removing $CREATEDGROUP group.." | ||
delgroup --only-if-empty $CREATEDGROUP || true | ||
echo "..done" | ||
fi | ||
fi | ||
fi | ||
fi | ||
;; | ||
|
||
upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) | ||
;; | ||
|
||
*) | ||
echo "postrm called with unknown argument \`$1'" >&2 | ||
exit 1 | ||
;; | ||
esac | ||
|
||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters