From 10db95f32725a95c79f9ca2e4d36b5f79b223b55 Mon Sep 17 00:00:00 2001 From: Dreampuf Date: Thu, 18 May 2017 02:29:11 +0800 Subject: [PATCH 1/4] Add non-root support in sysvinit script --- dev-tools/packer/platforms/centos/init.j2 | 7 ++++--- dev-tools/packer/platforms/debian/init.j2 | 5 ++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/dev-tools/packer/platforms/centos/init.j2 b/dev-tools/packer/platforms/centos/init.j2 index ddaaa6c141d..8823aa7c999 100755 --- a/dev-tools/packer/platforms/centos/init.j2 +++ b/dev-tools/packer/platforms/centos/init.j2 @@ -13,7 +13,7 @@ # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: {{.beat_description}} -# Description: {{.beat_name}} is a shipper part of the Elastic Beats +# Description: {{.beat_name}} is a shipper part of the Elastic Beats # family. Please see: https://www.elastic.co/products/beats ### END INIT INFO @@ -27,8 +27,9 @@ pidfile=${PIDFILE-/var/run/{{.beat_name}}.pid} agent=${BEATS_AGENT-/usr/share/{{.beat_name}}/bin/{{.beat_name}}} args="-c /etc/{{.beat_name}}/{{.beat_name}}.yml -path.home /usr/share/{{.beat_name}} -path.config /etc/{{.beat_name}} -path.data /var/lib/{{.beat_name}} -path.logs /var/log/{{.beat_name}}" test_args="-e -configtest" +beat_user="${BEAT_USER:-root}" wrapper="/usr/share/{{.beat_name}}/bin/{{.beat_name}}-god" -wrapperopts="-r / -n -p $pidfile" +wrapperopts="-r / -n -p $pidfile -u $beat_user" RETVAL=0 # Source function library. @@ -42,7 +43,7 @@ if status | grep -q -- '-p' 2>/dev/null; then fi test() { - $agent $args $test_args + runuser -u $beat_user $agent $args $test_args } start() { diff --git a/dev-tools/packer/platforms/debian/init.j2 b/dev-tools/packer/platforms/debian/init.j2 index f339f5bf6a7..45ffcd891de 100755 --- a/dev-tools/packer/platforms/debian/init.j2 +++ b/dev-tools/packer/platforms/debian/init.j2 @@ -21,6 +21,7 @@ DAEMON_ARGS="-c /etc/{{.beat_name}}/{{.beat_name}}.yml -path.home /usr/share/{{. TEST_ARGS="-e -configtest" PIDFILE=/var/run/{{.beat_name}}.pid WRAPPER="/usr/share/{{.beat_name}}/bin/{{.beat_name}}-god" +BEAT_USER="root" WRAPPER_ARGS="-r / -n -p $PIDFILE" SCRIPTNAME=/etc/init.d/$NAME @@ -30,6 +31,8 @@ SCRIPTNAME=/etc/init.d/$NAME # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME +WRAPPER_ARGS="-r / -n -p $PIDFILE -u $BEAT_USER" + # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh @@ -44,7 +47,7 @@ SCRIPTNAME=/etc/init.d/$NAME # do_test() { - $DAEMON $DAEMON_ARGS $TEST_ARGS + runuser -u $DAEMON $DAEMON_ARGS $TEST_ARGS } # From b5ba922094f9711d33fb720a3efda2af184fcb0f Mon Sep 17 00:00:00 2001 From: Dreampuf Date: Fri, 19 May 2017 00:19:34 +0800 Subject: [PATCH 2/4] add su for non-root support --- dev-tools/packer/platforms/centos/init.j2 | 8 +++++++- dev-tools/packer/platforms/debian/init.j2 | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/dev-tools/packer/platforms/centos/init.j2 b/dev-tools/packer/platforms/centos/init.j2 index 8823aa7c999..0e62f668193 100755 --- a/dev-tools/packer/platforms/centos/init.j2 +++ b/dev-tools/packer/platforms/centos/init.j2 @@ -30,6 +30,8 @@ test_args="-e -configtest" beat_user="${BEAT_USER:-root}" wrapper="/usr/share/{{.beat_name}}/bin/{{.beat_name}}-god" wrapperopts="-r / -n -p $pidfile -u $beat_user" +user_wrapper="su" +user_wrapperopts="$beat_user -c" RETVAL=0 # Source function library. @@ -42,8 +44,12 @@ if status | grep -q -- '-p' 2>/dev/null; then pidopts="-p $pidfile" fi +if [ -f /sbin/runuser ]; then + user_wrapper="runuser" +fi + test() { - runuser -u $beat_user $agent $args $test_args + $user_wrapper $user_wrapperopts "$agent $args $test_args" } start() { diff --git a/dev-tools/packer/platforms/debian/init.j2 b/dev-tools/packer/platforms/debian/init.j2 index 45ffcd891de..71918b3bb27 100755 --- a/dev-tools/packer/platforms/debian/init.j2 +++ b/dev-tools/packer/platforms/debian/init.j2 @@ -32,6 +32,12 @@ SCRIPTNAME=/etc/init.d/$NAME [ -r /etc/default/$NAME ] && . /etc/default/$NAME WRAPPER_ARGS="-r / -n -p $PIDFILE -u $BEAT_USER" +USER_WRAPPER="su" +USER_WRAPPER_ARGS="$BEAT_USER -c" + +if [ -f /sbin/runuser ]; then + USER_WRAPPER="runuser" +fi # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh @@ -47,7 +53,7 @@ WRAPPER_ARGS="-r / -n -p $PIDFILE -u $BEAT_USER" # do_test() { - runuser -u $DAEMON $DAEMON_ARGS $TEST_ARGS + $USER_WRAPPER $USER_WRAPPER_ARGS "$DAEMON $DAEMON_ARGS $TEST_ARGS" } # From 30d0225640afd7c1aa32de9c753520abd08f0a5e Mon Sep 17 00:00:00 2001 From: Dreampuf Date: Fri, 19 May 2017 01:29:49 +0800 Subject: [PATCH 3/4] Update a condition of runuser command existing --- dev-tools/packer/platforms/centos/init.j2 | 2 +- dev-tools/packer/platforms/debian/init.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-tools/packer/platforms/centos/init.j2 b/dev-tools/packer/platforms/centos/init.j2 index 0e62f668193..0e1d0bca2a7 100755 --- a/dev-tools/packer/platforms/centos/init.j2 +++ b/dev-tools/packer/platforms/centos/init.j2 @@ -44,7 +44,7 @@ if status | grep -q -- '-p' 2>/dev/null; then pidopts="-p $pidfile" fi -if [ -f /sbin/runuser ]; then +if runuser -v &> /dev/null; then user_wrapper="runuser" fi diff --git a/dev-tools/packer/platforms/debian/init.j2 b/dev-tools/packer/platforms/debian/init.j2 index 71918b3bb27..df0aff38081 100755 --- a/dev-tools/packer/platforms/debian/init.j2 +++ b/dev-tools/packer/platforms/debian/init.j2 @@ -35,7 +35,7 @@ WRAPPER_ARGS="-r / -n -p $PIDFILE -u $BEAT_USER" USER_WRAPPER="su" USER_WRAPPER_ARGS="$BEAT_USER -c" -if [ -f /sbin/runuser ]; then +if runuser -v &> /dev/null; then USER_WRAPPER="runuser" fi From f8238bddd6b2e585459439e55bdeca0a694017fd Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Wed, 24 May 2017 16:08:28 -0400 Subject: [PATCH 4/4] Update CHANGELOG.asciidoc --- CHANGELOG.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 6e375f380f7..2b4be66ff29 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -47,12 +47,12 @@ https://github.com/elastic/beats/compare/v6.0.0-alpha1...master[Check the HEAD d *Winlogbeat* - ==== Added *Affecting all Beats* - Added the possibility to set Elasticsearch mapping template settings from the Beat configuration file. {pull}4284[4284] {pull}4317[4317] +- Added a variable to the SysV init scripts to make it easier to change the user. {pull}4340[4340] *Filebeat*