From 73599009e66736ccb1a7e9386d25be3238fd9b36 Mon Sep 17 00:00:00 2001 From: Elastic Jasper Date: Fri, 8 Jul 2016 10:04:41 -0400 Subject: [PATCH] Backport PR #7510 --------- **Commit 1:** [build] Ensure group kibana is added, stricter user creation * Original sha: b54ef4ed0010a61c56f9d07dfa6792bab970746c * Authored by Jonathan Budzenski on 2016-06-20T15:27:36Z **Commit 2:** [build] Remove user before group * Original sha: 144a40b7803df4ea3e9792bf29ec436d56935f40 * Authored by Jonathan Budzenski on 2016-07-07T20:40:18Z --- tasks/build/package_scripts/post_install.sh | 42 +++++++++++++++------ tasks/build/package_scripts/post_remove.sh | 24 +++++------- 2 files changed, 41 insertions(+), 25 deletions(-) diff --git a/tasks/build/package_scripts/post_install.sh b/tasks/build/package_scripts/post_install.sh index bc31f19f19953..dd8638a0c20bf 100644 --- a/tasks/build/package_scripts/post_install.sh +++ b/tasks/build/package_scripts/post_install.sh @@ -1,19 +1,39 @@ #!/bin/sh set -e -user_check() { - getent passwd "$1" > /dev/null 2>&1 -} +case $1 in + # Debian + configure) + if ! getent group "<%= group %>" >/dev/null; then + addgroup --quiet --system "<%= group %>" + fi -user_create() { - # Create a system user. A system user is one within the system uid range and - # has no expiration - useradd -r "$1" -} + if ! getent passwd "<%= user %>" >/dev/null; then + adduser --quiet --system --no-create-home --disabled-password \ + --ingroup "<%= group %>" --shell /bin/false "<%= user %>" + fi + ;; + abort-deconfigure|abort-upgrade|abort-remove) + ;; + + # Red Hat + 1|2) + if ! getent group "<%= group %>" >/dev/null; then + groupadd -r "<%= group %>" + fi + + if ! getent passwd "<%= user %>" >/dev/null; then + useradd -r -g "<%= group %>" -M -s /sbin/nologin \ + -c "kibana service user" "<%= user %>" + fi + ;; + + *) + echo "post install script called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac -if ! user_check "<%= user %>" ; then - user_create "<%= user %>" -fi chown -R <%= user %>:<%= group %> <%= optimizeDir %> chown <%= user %>:<%= group %> <%= dataDir %> chown <%= user %>:<%= group %> <%= pluginsDir %> diff --git a/tasks/build/package_scripts/post_remove.sh b/tasks/build/package_scripts/post_remove.sh index 4e33c25aaa767..a8443a4e67e83 100644 --- a/tasks/build/package_scripts/post_remove.sh +++ b/tasks/build/package_scripts/post_remove.sh @@ -1,22 +1,14 @@ #!/bin/sh set -e -user_check() { - getent passwd "$1" > /dev/null 2>&1 -} - -user_remove() { - userdel "$1" -} - -REMOVE_USER=false +REMOVE_USER_AND_GROUP=false REMOVE_DIRS=false case $1 in # Includes cases for all valid arguments, exit 1 otherwise # Debian purge) - REMOVE_USER=true + REMOVE_USER_AND_GROUP=true REMOVE_DIRS=true ;; remove) @@ -28,7 +20,7 @@ case $1 in # Red Hat 0) - REMOVE_USER=true + REMOVE_USER_AND_GROUP=true REMOVE_DIRS=true ;; @@ -41,9 +33,13 @@ case $1 in ;; esac -if [ "$REMOVE_USER" = "true" ]; then - if user_check "<%= user %>" ; then - user_remove "<%= user %>" +if [ "$REMOVE_USER_AND_GROUP" = "true" ]; then + if getent passwd "<%= user %>" >/dev/null; then + userdel "<%= user %>" + fi + + if getent group "<%= group %>" >/dev/null; then + groupdel "<%= group %>" fi fi