[M] Change in osmo-ggsn[master]: contrib/systemd: run as osmocom user - gerrit-log

16 May 2024

osmith has submitted this change. ( https://gerrit.osmocom.org/c/osmo-ggsn/+/29412?usp=email )
Change subject: contrib/systemd: run as osmocom user
......................................................................
contrib/systemd: run as osmocom user
Related: OS#4107
Change-Id: I915f2fc12d0bd905d24636aacb2760a6b72a55e3
---
M contrib/systemd/osmo-ggsn.service
A debian/postinst
2 files changed, 53 insertions(+), 0 deletions(-)
Approvals:
  pespin: Looks good to me, but someone else must approve
  Jenkins Builder: Verified
  fixeria: Looks good to me, approved

diff --git a/contrib/systemd/osmo-ggsn.service b/contrib/systemd/osmo-ggsn.service
index 1a7acba..cf7b7e6 100644
--- a/contrib/systemd/osmo-ggsn.service
+++ b/contrib/systemd/osmo-ggsn.service
@@ -11,6 +11,10 @@
 ExecStart=/usr/bin/osmo-ggsn -c /etc/osmocom/osmo-ggsn.cfg
 RestartSec=2
 RestartPreventExitStatus=1
+User=osmocom
+Group=osmocom
+# For setting up the gtp0/tun0 devices
+AmbientCapabilities=CAP_NET_ADMIN
[Install]
 WantedBy=multi-user.target
diff --git a/debian/postinst b/debian/postinst
new file mode 100755
index 0000000..9cd0c77
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,39 @@
+#!/bin/sh -e
+case "$1" in
+	configure)
+		# Create the osmocom group and user (if it doesn't exist yet)
+		if ! getent group osmocom >/dev/null; then
+			groupadd --system osmocom
+		fi
+		if ! getent passwd osmocom >/dev/null; then
+			useradd \
+				--system \
+				--gid osmocom \
+				--home-dir /var/lib/osmocom \
+				--shell /sbin/nologin \
+				--comment "Open Source Mobile Communications" \
+				osmocom
+		fi
+
+		# Fix permissions of previous (root-owned) install (OS#4107)
+		if dpkg --compare-versions "$2" le "1.13.0"; then
+			if [ -e /etc/osmocom/osmo-ggsn.cfg ]; then
+				chown -v osmocom:osmocom /etc/osmocom/osmo-ggsn.cfg
+				chmod -v 0660 /etc/osmocom/osmo-ggsn.cfg
+			fi
+
+			if [ -d /etc/osmocom ]; then
+				chown -v root:osmocom /etc/osmocom
+				chmod -v 2775 /etc/osmocom
+			fi
+
+			mkdir -p /var/lib/osmocom
+			chown -R -v osmocom:osmocom /var/lib/osmocom
+		fi
+		;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#
+
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-ggsn/+/29412?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-Change-Id: I915f2fc12d0bd905d24636aacb2760a6b72a55e3
Gerrit-Change-Number: 29412
Gerrit-PatchSet: 17
Gerrit-Owner: msuraev msuraev@sysmocom.de
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria vyanitskiy@sysmocom.de
Gerrit-Reviewer: laforge laforge@osmocom.org
Gerrit-Reviewer: lynxis lazus lynxis@fe80.eu
Gerrit-Reviewer: osmith osmith@sysmocom.de
Gerrit-Reviewer: pespin pespin@sysmocom.de
Gerrit-MessageType: merged



    