[M] Change in osmo-trx[master]: contrib/systemd: run as osmocom user

15 May 2024

osmith has submitted this change. (
https://gerrit.osmocom.org/c/osmo-trx/+/30131?usp=email )

Change subject: contrib/systemd: run as osmocom user
......................................................................

contrib/systemd: run as osmocom user

I have verified that with AmbientCapabilities=CAP_SYS_NICE, setting
scheduling policy as described in the manual still works as expected.

Related: OS#4107
Change-Id: I3e0e5978992dac0a0c76c6f0e859576aa3eb72eb
---
M contrib/systemd/osmo-trx-ipc.service
M contrib/systemd/osmo-trx-lms.service
M contrib/systemd/osmo-trx-uhd.service
M contrib/systemd/osmo-trx-usrp1.service
A debian/osmo-trx-ipc.postinst
A debian/osmo-trx-lms.postinst
A debian/osmo-trx-uhd.postinst
A debian/osmo-trx-usrp1.postinst
8 files changed, 177 insertions(+), 0 deletions(-)

Approvals:
  Jenkins Builder: Verified
  fixeria: Looks good to me, but someone else must approve
  pespin: Looks good to me, approved

diff --git a/contrib/systemd/osmo-trx-ipc.service b/contrib/systemd/osmo-trx-ipc.service
index c7f7c17..12372c0 100644
--- a/contrib/systemd/osmo-trx-ipc.service
+++ b/contrib/systemd/osmo-trx-ipc.service
@@ -8,8 +8,11 @@
 Restart=always
 StateDirectory=osmocom
 WorkingDirectory=%S/osmocom
+User=osmocom
+Group=osmocom
 ExecStart=/usr/bin/osmo-trx-ipc -C /etc/osmocom/osmo-trx-ipc.cfg
 RestartSec=2
+AmbientCapabilities=CAP_SYS_NICE
 # CPU scheduling policy:
 CPUSchedulingPolicy=rr
 # For real-time scheduling policies an integer between 1 (lowest priority) and 99
(highest priority):
diff --git a/contrib/systemd/osmo-trx-lms.service b/contrib/systemd/osmo-trx-lms.service
index f51bd45..09c7475 100644
--- a/contrib/systemd/osmo-trx-lms.service
+++ b/contrib/systemd/osmo-trx-lms.service
@@ -8,8 +8,11 @@
 Restart=always
 StateDirectory=osmocom
 WorkingDirectory=%S/osmocom
+User=osmocom
+Group=osmocom
 ExecStart=/usr/bin/osmo-trx-lms -C /etc/osmocom/osmo-trx-lms.cfg
 RestartSec=2
+AmbientCapabilities=CAP_SYS_NICE
 # CPU scheduling policy:
 CPUSchedulingPolicy=rr
 # For real-time scheduling policies an integer between 1 (lowest priority) and 99
(highest priority):
diff --git a/contrib/systemd/osmo-trx-uhd.service b/contrib/systemd/osmo-trx-uhd.service
index 6c5c2de..64eb510 100644
--- a/contrib/systemd/osmo-trx-uhd.service
+++ b/contrib/systemd/osmo-trx-uhd.service
@@ -9,8 +9,11 @@
 StateDirectory=osmocom
 WorkingDirectory=%S/osmocom
 Environment=HOME=%h
+User=osmocom
+Group=osmocom
 ExecStart=/usr/bin/osmo-trx-uhd -C /etc/osmocom/osmo-trx-uhd.cfg
 RestartSec=2
+AmbientCapabilities=CAP_SYS_NICE
 # CPU scheduling policy:
 CPUSchedulingPolicy=rr
 # For real-time scheduling policies an integer between 1 (lowest priority) and 99
(highest priority):
diff --git a/contrib/systemd/osmo-trx-usrp1.service
b/contrib/systemd/osmo-trx-usrp1.service
index 988c053..4e795a2 100644
--- a/contrib/systemd/osmo-trx-usrp1.service
+++ b/contrib/systemd/osmo-trx-usrp1.service
@@ -8,8 +8,11 @@
 Restart=always
 StateDirectory=osmocom
 WorkingDirectory=%S/osmocom
+User=osmocom
+Group=osmocom
 ExecStart=/usr/bin/osmo-trx-usrp1 -C /etc/osmocom/osmo-trx-usrp1.cfg
 RestartSec=2
+AmbientCapabilities=CAP_SYS_NICE
 # CPU scheduling policy:
 CPUSchedulingPolicy=rr
 # For real-time scheduling policies an integer between 1 (lowest priority) and 99
(highest priority):
diff --git a/debian/osmo-trx-ipc.postinst b/debian/osmo-trx-ipc.postinst
new file mode 100755
index 0000000..ed0f889
--- /dev/null
+++ b/debian/osmo-trx-ipc.postinst
@@ -0,0 +1,38 @@
+#!/bin/sh -e
+case "$1" in
+	configure)
+		# Create the osmocom group and user (if it doesn't exist yet)
+		if ! getent group osmocom >/dev/null; then
+			groupadd --system osmocom
+		fi
+		if ! getent passwd osmocom >/dev/null; then
+			useradd \
+				--system \
+				--gid osmocom \
+				--home-dir /var/lib/osmocom \
+				--shell /sbin/nologin \
+				--comment "Open Source Mobile Communications" \
+				osmocom
+		fi
+
+		# Fix permissions of previous (root-owned) install (OS#4107)
+		if dpkg --compare-versions "$2" le "1.13.0"; then
+			if [ -e /etc/osmocom/osmo-trx-ipc.cfg ]; then
+				chown -v osmocom:osmocom /etc/osmocom/osmo-trx-ipc.cfg
+				chmod -v 0660 /etc/osmocom/osmo-trx-ipc.cfg
+			fi
+
+			if [ -d /etc/osmocom ]; then
+				chown -v root:osmocom /etc/osmocom
+				chmod -v 2775 /etc/osmocom
+			fi
+
+			mkdir -p /var/lib/osmocom
+			chown -R -v osmocom:osmocom /var/lib/osmocom
+		fi
+		;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#
diff --git a/debian/osmo-trx-lms.postinst b/debian/osmo-trx-lms.postinst
new file mode 100755
index 0000000..4040e98
--- /dev/null
+++ b/debian/osmo-trx-lms.postinst
@@ -0,0 +1,38 @@
+#!/bin/sh -e
+case "$1" in
+	configure)
+		# Create the osmocom group and user (if it doesn't exist yet)
+		if ! getent group osmocom >/dev/null; then
+			groupadd --system osmocom
+		fi
+		if ! getent passwd osmocom >/dev/null; then
+			useradd \
+				--system \
+				--gid osmocom \
+				--home-dir /var/lib/osmocom \
+				--shell /sbin/nologin \
+				--comment "Open Source Mobile Communications" \
+				osmocom
+		fi
+
+		# Fix permissions of previous (root-owned) install (OS#4107)
+		if dpkg --compare-versions "$2" le "1.13.0"; then
+			if [ -e /etc/osmocom/osmo-trx-lms.cfg ]; then
+				chown -v osmocom:osmocom /etc/osmocom/osmo-trx-lms.cfg
+				chmod -v 0660 /etc/osmocom/osmo-trx-lms.cfg
+			fi
+
+			if [ -d /etc/osmocom ]; then
+				chown -v root:osmocom /etc/osmocom
+				chmod -v 2775 /etc/osmocom
+			fi
+
+			mkdir -p /var/lib/osmocom
+			chown -R -v osmocom:osmocom /var/lib/osmocom
+		fi
+		;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#
diff --git a/debian/osmo-trx-uhd.postinst b/debian/osmo-trx-uhd.postinst
new file mode 100755
index 0000000..2d1f62d
--- /dev/null
+++ b/debian/osmo-trx-uhd.postinst
@@ -0,0 +1,38 @@
+#!/bin/sh -e
+case "$1" in
+	configure)
+		# Create the osmocom group and user (if it doesn't exist yet)
+		if ! getent group osmocom >/dev/null; then
+			groupadd --system osmocom
+		fi
+		if ! getent passwd osmocom >/dev/null; then
+			useradd \
+				--system \
+				--gid osmocom \
+				--home-dir /var/lib/osmocom \
+				--shell /sbin/nologin \
+				--comment "Open Source Mobile Communications" \
+				osmocom
+		fi
+
+		# Fix permissions of previous (root-owned) install (OS#4107)
+		if dpkg --compare-versions "$2" le "1.13.0"; then
+			if [ -e /etc/osmocom/osmo-trx-uhd.cfg ]; then
+				chown -v osmocom:osmocom /etc/osmocom/osmo-trx-uhd.cfg
+				chmod -v 0660 /etc/osmocom/osmo-trx-uhd.cfg
+			fi
+
+			if [ -d /etc/osmocom ]; then
+				chown -v root:osmocom /etc/osmocom
+				chmod -v 2775 /etc/osmocom
+			fi
+
+			mkdir -p /var/lib/osmocom
+			chown -R -v osmocom:osmocom /var/lib/osmocom
+		fi
+		;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#
diff --git a/debian/osmo-trx-usrp1.postinst b/debian/osmo-trx-usrp1.postinst
new file mode 100755
index 0000000..93585e6
--- /dev/null
+++ b/debian/osmo-trx-usrp1.postinst
@@ -0,0 +1,38 @@
+#!/bin/sh -e
+case "$1" in
+	configure)
+		# Create the osmocom group and user (if it doesn't exist yet)
+		if ! getent group osmocom >/dev/null; then
+			groupadd --system osmocom
+		fi
+		if ! getent passwd osmocom >/dev/null; then
+			useradd \
+				--system \
+				--gid osmocom \
+				--home-dir /var/lib/osmocom \
+				--shell /sbin/nologin \
+				--comment "Open Source Mobile Communications" \
+				osmocom
+		fi
+
+		# Fix permissions of previous (root-owned) install (OS#4107)
+		if dpkg --compare-versions "$2" le "1.13.0"; then
+			if [ -e /etc/osmocom/osmo-trx-usrp1.cfg ]; then
+				chown -v osmocom:osmocom /etc/osmocom/osmo-trx-usrp1.cfg
+				chmod -v 0660 /etc/osmocom/osmo-trx-usrp1.cfg
+			fi
+
+			if [ -d /etc/osmocom ]; then
+				chown -v root:osmocom /etc/osmocom
+				chmod -v 2775 /etc/osmocom
+			fi
+
+			mkdir -p /var/lib/osmocom
+			chown -R -v osmocom:osmocom /var/lib/osmocom
+		fi
+		;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-trx/+/30131?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-trx
Gerrit-Branch: master
Gerrit-Change-Id: I3e0e5978992dac0a0c76c6f0e859576aa3eb72eb
Gerrit-Change-Number: 30131
Gerrit-PatchSet: 4
Gerrit-Owner: msuraev &lt;msuraev(a)sysmocom.de&gt;
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria &lt;vyanitskiy(a)sysmocom.de&gt;
Gerrit-Reviewer: osmith &lt;osmith(a)sysmocom.de&gt;
Gerrit-Reviewer: pespin &lt;pespin(a)sysmocom.de&gt;
Gerrit-MessageType: merged



    

2025

2024

2023

2022

[M] Change in osmo-trx[master]: contrib/systemd: run as osmocom user