osmith has uploaded this change for review. ( https://gerrit.osmocom.org/c/erlang/osmo_dia2gsup/+/36771?usp=email )
Change subject: contrib/systemd: run as osmocom user ......................................................................
contrib/systemd: run as osmocom user
Run the systemd service as osmocom user and group instead of root. Set the StateDirectory and WorkingDirectory like we have it in other Osmocom service files. Remove the ExecStartPre mkdir, as the directory now gets created by postinst.
Related: OS#4107 Change-Id: I2c0c7f4b98300b3b0bb5b95013b51b6b60625b95 --- M contrib/systemd/osmo_dia2gsup.service A debian/postinst 2 files changed, 49 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/erlang/osmo_dia2gsup refs/changes/71/36771/1
diff --git a/contrib/systemd/osmo_dia2gsup.service b/contrib/systemd/osmo_dia2gsup.service index 2ef737c..e3d092e 100644 --- a/contrib/systemd/osmo_dia2gsup.service +++ b/contrib/systemd/osmo_dia2gsup.service @@ -7,8 +7,11 @@ [Service] Type=simple Restart=always +StateDirectory=osmo_dia2gsup +WorkingDirectory=%S/osmo_dia2gsup +User=osmocom +Group=osmocom Environment="HOME=/var/lib/osmo_dia2gsup" -ExecStartPre=/usr/bin/mkdir -p /var/lib/osmo_dia2gsup ExecStart=/usr/bin/osmo-dia2gsup foreground RestartSec=2
diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..f9f64c8 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,30 @@ +#!/bin/sh -e +case "$1" in + configure) + # Create the osmocom group and user (if it doesn't exist yet) + if ! getent group osmocom >/dev/null; then + groupadd --system osmocom + fi + if ! getent passwd osmocom >/dev/null; then + useradd \ + --system \ + --gid osmocom \ + --home-dir /var/lib/osmocom \ + --shell /sbin/nologin \ + --comment "Open Source Mobile Communications" \ + osmocom + fi + + # Fix permissions of previous (root-owned) install (OS#4107) + chown osmocom:osmocom /etc/osmocom/osmo_dia2gsup.service + chmod 0660 /etc/osmocom/osmo_dia2gsup.service + chown root:osmocom /etc/osmocom + chmod 2775 /etc/osmocom + mkdir -p /var/lib/osmo_dia2gsup + chown -R osmocom:osmocom /var/lib/osmo_dia2gsup + ;; +esac + +# dh_installdeb(1) will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER#