[pkg-bacula-commits] [SCM] Bacula, a network backup, recovery and verification program branch, master, updated. debian/5.2.6+dfsg-2-7-gcf9eb64
Alexander Golovko
alexandro at ankalagon.ru
Sat Jul 7 22:45:55 UTC 2012
The following commit has been merged in the master branch:
commit cf9eb640182f4adfd83d05954dc35a20b60170c1
Author: Alexander Golovko <alexandro at ankalagon.ru>
Date: Fri Jul 6 20:44:44 2012 +0400
delegate daemons uid/gid changing to init system
Change uid/gid by start-stop-daemon or systemd for correct backtrace work.
Thanks to Matija Nalis (bug #556207)
diff --git a/debian/additions/common-functions.dpkg b/debian/additions/common-functions.dpkg
index 52ff0b1..a24023d 100644
--- a/debian/additions/common-functions.dpkg
+++ b/debian/additions/common-functions.dpkg
@@ -63,18 +63,15 @@ setup_etc_default() {
case "$1" in
bacula-fd)
SERVICE="bacula-fd"
- ARGS=""
- DEFAULT_ARGS=""
+ DAEMONUSER="root"
;;
bacula-sd)
SERVICE="bacula-sd"
- ARGS="-u bacula -g tape"
- DEFAULT_ARGS="-u bacula -g tape"
+ DAEMONUSER="bacula:tape"
;;
bacula-director-pgsql|bacula-director-mysql|bacula-director-sqlite3)
SERVICE="bacula-dir"
- ARGS="-u bacula -g bacula"
- DEFAULT_ARGS="-u bacula -g bacula"
+ DAEMONUSER="bacula:bacula"
;;
*)
echo "setup_defaults: unknown package \"$1\"" >&2
@@ -83,6 +80,7 @@ setup_etc_default() {
ENABLED="yes"
+ ARGS=""
CONFIG="/etc/bacula/$SERVICE.conf"
DEFAULTS="/etc/default/$SERVICE"
@@ -95,8 +93,6 @@ setup_etc_default() {
else
if [ -f "$DEFAULTS" ]; then
ENABLED=$(. $DEFAULTS; echo $ENABLED)
- ARGS=$(. $DEFAULTS; echo $ARGS)
- CONFIG=$(. $DEFAULTS; echo $CONFIG)
fi
fi
fi
@@ -116,12 +112,13 @@ setup_etc_default() {
# ENABLED="no"
ENABLED="$ENABLED"
+# Daemon user (in format user or user:group)
+DAEMONUSER="$DAEMONUSER"
+
# Additional start arguments can be provided here
-# ARGS="$DEFAULT_ARGS"
ARGS="$ARGS"
# Default config file can be changed here
-# CONFIG="/etc/bacula/$SERVICE.conf"
CONFIG="$CONFIG"
_EOF
diff --git a/debian/bacula-director-common.bacula-director.init b/debian/bacula-director-common.bacula-director.init
index 439b81a..d1313e0 100644
--- a/debian/bacula-director-common.bacula-director.init
+++ b/debian/bacula-director-common.bacula-director.init
@@ -47,6 +47,8 @@ if [ -r /etc/default/$NAME ]; then
fi
CONFIG="${CONFIG:-/etc/bacula/$NAME.conf}"
+DAEMONUSER="${DAEMONUSER:-bacula:bacula}"
+ARGS="${ARGS:-}"
create_var_run_dir
@@ -69,7 +71,7 @@ kill_pid()
# do_start()
do_start()
{
- start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ start-stop-daemon -c "$DAEMONUSER" --start --quiet --pidfile $PIDFILE \
--oknodo --exec $DAEMON -- -c $CONFIG $ARGS
}
@@ -77,8 +79,8 @@ do_start()
do_stop()
{
get_pid $PIDFILE ;
- start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
- --exec $DAEMON -- -c $CONFIG $ARGS
+ start-stop-daemon -c "$DAEMONUSER" --stop --quiet --pidfile $PIDFILE \
+ --oknodo --exec $DAEMON -- -c $CONFIG $ARGS
# make sure daemon is stopped/killed
if [ -n "$pid" ]; then
if check_pid $pid ; then
diff --git a/debian/bacula-fd.init b/debian/bacula-fd.init
index 2a213c4..e85a593 100644
--- a/debian/bacula-fd.init
+++ b/debian/bacula-fd.init
@@ -43,6 +43,8 @@ if [ -r /etc/default/$NAME ]; then
fi
CONFIG="${CONFIG:-/etc/bacula/$NAME.conf}"
+DAEMONUSER="${DAEMONUSER:-root}"
+ARGS="${ARGS:-}"
create_var_run_dir
@@ -51,14 +53,14 @@ PIDFILE=/var/run/bacula/$NAME.$PORT.pid
do_start()
{
- start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ start-stop-daemona -c "$DAEMONUSER" --start --quiet --pidfile $PIDFILE \
--oknodo --exec $DAEMON -- -c $CONFIG $ARGS
}
do_stop()
{
- start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
- --exec $DAEMON -- -c $CONFIG $ARGS
+ start-stop-daemon -c "$DAEMONUSER" --stop --quiet --pidfile $PIDFILE \
+ --oknodo --exec $DAEMON -- -c $CONFIG $ARGS
}
case "$1" in
diff --git a/debian/bacula-sd.init b/debian/bacula-sd.init
index a168187..9010f3f 100644
--- a/debian/bacula-sd.init
+++ b/debian/bacula-sd.init
@@ -41,6 +41,8 @@ if [ -r /etc/default/$NAME ]; then
fi
CONFIG="${CONFIG:-/etc/bacula/$NAME.conf}"
+DAEMONUSER="${DAEMONUSER:-bacula:tape}"
+ARGS="${ARGS:-}"
create_var_run_dir
@@ -48,14 +50,14 @@ PIDFILE=/var/run/bacula/$NAME.$PORT.pid
do_start()
{
- start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ start-stop-daemon -c "$DAEMONUSER" --start --quiet --pidfile $PIDFILE \
--oknodo --exec $DAEMON -- -c $CONFIG $ARGS
}
do_stop()
{
- start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
- --exec $DAEMON -- -c $CONFIG $ARGS
+ start-stop-daemon -c "$DAEMONUSER" --stop --quiet --pidfile $PIDFILE \
+ --oknodo --exec $DAEMON -- -c $CONFIG $ARGS
}
case "$1" in
diff --git a/debian/changelog b/debian/changelog
index ea25850..8461ab1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,8 +12,12 @@ bacula (5.2.6+dfsg-3) unstable; urgency=high
+ fix unsafe bacula-director passwords.
* debian/bacula-common.postrm:
+ don't remove bacula user on package purging (details in bug 621833).
+ * debian/additions/common-functions.dpkg, debian/*.init,
+ debian/patches/delegate-chuid-to-systemd.patch, debian/patches/series:
+ + delegate daemons uid/gid changing to start-stop-daemon or systemd,
+ thanks to Matija Nalis (Closes: #556207).
- --
+ --
bacula (5.2.6+dfsg-2) unstable; urgency=low
diff --git a/debian/patches/delegate-chuid-to-systemd.patch b/debian/patches/delegate-chuid-to-systemd.patch
new file mode 100644
index 0000000..99256b4
--- /dev/null
+++ b/debian/patches/delegate-chuid-to-systemd.patch
@@ -0,0 +1,58 @@
+Description: Delegate uid/gid changing to systemd
+Bug-Debian: 556207
+Author: Alexander Golovko <alexandro at ankalagon.ru>
+Last-Update: 2012-07-06
+
+diff --git a/platforms/systemd/bacula-dir.service.in b/platforms/systemd/bacula-dir.service.in
+index 265e92b..9a82532 100644
+--- a/platforms/systemd/bacula-dir.service.in
++++ b/platforms/systemd/bacula-dir.service.in
+@@ -26,10 +26,12 @@ ConditionPathIsDirectory=@working_dir@
+
+ [Service]
+ Type=forking
++User=@dir_user@
++Group=@dir_group@
+ PIDFile=@piddir@/bacula-dir. at dir_port@.pid
+ # EnvironmentFile=-/etc/sysconfig/bacula-dir
+ StandardOutput=syslog
+-ExecStart=@sbindir@/bacula-dir -u @dir_user@ -g @dir_group@ -c @sysconfdir@/bacula-dir.conf
++ExecStart=@sbindir@/bacula-dir -c @sysconfdir@/bacula-dir.conf
+ # This daemon should be able to reload the conf file
+ #ExecReload=/sbin/killproc -p @piddir@/bacula-dir.pid -HUP @sbindir@/bacula-dir
+
+diff --git a/platforms/systemd/bacula-fd.service.in b/platforms/systemd/bacula-fd.service.in
+index 8463bbd..3efb256 100644
+--- a/platforms/systemd/bacula-fd.service.in
++++ b/platforms/systemd/bacula-fd.service.in
+@@ -21,9 +21,11 @@ After=var-run.mount nss-lookup.target network.target remote-fs.target syslog.tar
+
+ [Service]
+ Type=forking
++User=@fd_user@
++Group=@fd_group@
+ PIDFile=@piddir@/bacula-fd. at fd_port@.pid
+ StandardOutput=syslog
+-ExecStart=@sbindir@/bacula-fd -u @fd_user@ -g @fd_group@ -c @sysconfdir@/bacula-fd.conf
++ExecStart=@sbindir@/bacula-fd -c @sysconfdir@/bacula-fd.conf
+
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/platforms/systemd/bacula-sd.service.in b/platforms/systemd/bacula-sd.service.in
+index ba78f7f..2d4dc1a 100644
+--- a/platforms/systemd/bacula-sd.service.in
++++ b/platforms/systemd/bacula-sd.service.in
+@@ -21,10 +21,12 @@ After=var-run.mount nss-lookup.target network.target remote-fs.target syslog.tar
+
+ [Service]
+ Type=forking
++User=@sd_user@
++Group=@sd_group@
+ PIDFile=@piddir@/bacula-sd. at sd_port@.pid
+ # EnvironmentFile=-/etc/sysconfig/bacula-sd
+ StandardOutput=syslog
+-ExecStart=@sbindir@/bacula-sd -u @sd_user@ -g @sd_group@ -c @sysconfdir@/bacula-sd.conf
++ExecStart=@sbindir@/bacula-sd -c @sysconfdir@/bacula-sd.conf
+
+ [Install]
+ WantedBy=multi-user.target
diff --git a/debian/patches/series b/debian/patches/series
index 1ef3d22..825e8b1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,3 +12,4 @@ remove-upstream-autoconf-log.patch
fix-libbaccats-rpath.patch
fix-scriptdir-examples-devices.patch
add-systemd-bacula.conf-for-piddir.patch
+delegate-chuid-to-systemd.patch
--
Bacula, a network backup, recovery and verification program
More information about the pkg-bacula-commits
mailing list