laforge has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-hlr/+/28356 ) Change subject: run osmo-hlr as non-root ...................................................................... run osmo-hlr as non-root Change-Id: I2a51c0242fd109270d5b0326f68ee80082021061 --- M contrib/osmo-hlr.spec.in M contrib/systemd/osmo-hlr.service A debian/osmo-hlr.postinst 3 files changed, 31 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-hlr refs/changes/56/28356/1 diff --git a/contrib/osmo-hlr.spec.in b/contrib/osmo-hlr.spec.in index d0a1b57..f686b2a 100644 --- a/contrib/osmo-hlr.spec.in +++ b/contrib/osmo-hlr.spec.in @@ -38,6 +38,7 @@ BuildRequires: pkgconfig(talloc) >= 2.0.1 # only needed for populate_hlr_db.pl Requires: libdbi-drivers-dbd-sqlite3 +Requires(pre): shadow-utils %{?systemd_requires} %description @@ -135,7 +136,12 @@ %service_del_postun %{name}.service %pre +# https://fedoraproject.org/wiki/Packaging%3aUsersAndGroups +getent group osmocom >/dev/null || groupadd --quiet --system osmocom +getent passwd osmocom >/dev/null || useradd -r -g osmocom -d /var/lib/osmocom \ + -s /sbin/nologin -c "Open Source Mobile Communications" %service_add_pre %{name}.service +exit 0 %endif %post diff --git a/contrib/systemd/osmo-hlr.service b/contrib/systemd/osmo-hlr.service index 2eea0c4..048873f 100644 --- a/contrib/systemd/osmo-hlr.service +++ b/contrib/systemd/osmo-hlr.service @@ -7,6 +7,8 @@ Restart=always ExecStart=/usr/bin/osmo-hlr -c /etc/osmocom/osmo-hlr.cfg -l /var/lib/osmocom/hlr.db RestartSec=2 +User=osmocom +Group=osmocom [Install] WantedBy=multi-user.target diff --git a/debian/osmo-hlr.postinst b/debian/osmo-hlr.postinst new file mode 100644 index 0000000..5506aa3 --- /dev/null +++ b/debian/osmo-hlr.postinst @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e + +case "$1" in + configure) + # add osmocom group if it doesn't exist yet + if ! getent group osmocom >/dev/null; then + addgroup --quiet --system osmocom + fi + + # create osmocom user; will succeed if it already exists + adduser --system --group --home /var/lib/osmocom \ + --quiet --gecos "Open Source Mobile Communications" osmocom + + chown osmocom:osmocom /var/lib/osmocom + chown osmocom:osmocom /etc/osmocom/osmo-hlr.cfg + ;; +esac + +#DEBHELPER# + +exit 0 -- To view, visit https://gerrit.osmocom.org/c/osmo-hlr/+/28356 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-hlr Gerrit-Branch: master Gerrit-Change-Id: I2a51c0242fd109270d5b0326f68ee80082021061 Gerrit-Change-Number: 28356 Gerrit-PatchSet: 1 Gerrit-Owner: laforge <laforge(a)osmocom.org> Gerrit-MessageType: newchange