Attention is currently required from: fixeria, lynxis lazus, msuraev. osmith has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-mgw/+/30094?usp=email ) Change subject: contrib/systemd: run as osmocom user ...................................................................... Patch Set 8: (1 comment) File debian/postinst: https://gerrit.osmocom.org/c/osmo-mgw/+/30094/comment/8715b23e_86e4d5ee PS8, Line 18: # Fix permissions of previous (root-owned) install (OS#4107) Please note that changing the user the Osmocom programs run as, from root to the new osmocom user, is a lot of effort. It affects lots of repositories, and I'm trying to do it consistently across all of them. So if we make such a change here, we would also need to do it with the other repositories (and for many the related changes were already merged: https://gerrit.osmocom.org/q/topic:nonroot+is:merged). The issue has also been open for 5 years at this point with previous attempts stuck as in WIP due the scope of having to adjust all repositories (and making sure it doesn't affect OE, ...), and I would be happy to have it finished up: https://osmocom.org/issues/4107 With that being said: One way to do it without introducing additional complexity could be `chown -v`, and `chmod -v`. But that also causes a line to be printed if the permissions do not change. ``` # chown -v osmocom:osmocom /etc/osmocom/osmo-mgw.cfg changed ownership of '/etc/osmocom/osmo-mgw.cfg' from root:root to osmocom:osmocom # chown -v osmocom:osmocom /etc/osmocom/osmo-mgw.cfg ownership of '/etc/osmocom/osmo-mgw.cfg' retained as osmocom:osmocom # chmod -v 0660 /etc/osmocom/osmo-mgw.cfg mode of '/etc/osmocom/osmo-mgw.cfg' retained as 0660 (rw-rw----) ``` This doesn't really work for the nightly packages, and it would also mean that we need to hardcode the version that introduces this change for every repository into this postinst file. I'd rather avoid this effort, as mentioned this is already a big undertaking. Additionally, the more logic we put into such postinst files, the more likeyl they are to have bugs... IMHO it's better to just run this unconditionally, if we have to do this (and we do, because otherwise we break the feature that allows writing back config files). Since similar patches were already +2'd and merged, I suggest we do it the same way here. -- To view, visit https://gerrit.osmocom.org/c/osmo-mgw/+/30094?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-mgw Gerrit-Branch: master Gerrit-Change-Id: Ibb83c231231b39dc6732c0f375aeb3b21f3938ef Gerrit-Change-Number: 30094 Gerrit-PatchSet: 8 Gerrit-Owner: msuraev <msuraev(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: lynxis lazus <lynxis(a)fe80.eu> Gerrit-Reviewer: pespin <pespin(a)sysmocom.de> Gerrit-CC: osmith <osmith(a)sysmocom.de> Gerrit-Attention: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Attention: lynxis lazus <lynxis(a)fe80.eu> Gerrit-Attention: msuraev <msuraev(a)sysmocom.de> Gerrit-Comment-Date: Mon, 13 May 2024 07:54:43 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: lynxis lazus <lynxis(a)fe80.eu> Gerrit-MessageType: comment