[pkg-bacula-commits] [bacula] 01/01: Reworks runtime user usage for daemins

Sven Hartge hartge-guest at moszumanska.debian.org
Mon Aug 29 20:06:42 UTC 2016 

This is an automated email from the git hooks/post-receive script.

hartge-guest pushed a commit to branch systemd-fixuser
in repository bacula.

commit d8542c510917d8a5f65aa50b74239364347daec3
Author: Sven Hartge <sven at svenhartge.de>
Date:   Mon Aug 29 21:56:25 2016 +0200

    Reworks runtime user usage for daemins
    
    a) Remove ARGS from init scripts, systemd units and defaults files
    
    The variable ARGS was used to provide arguments for the daemons,
    mainly consisting of "-u bacula -g bacula/tape".
    
    We now hard code the user and the group for all daemons and use
    start-stop-daemon/systemd to change the UID before starting the daemon.
    This is also closer to the way upstream wants us to start them, because
    by using "-u user -g group" automatic backtracing breaks.
    See http://bugs.bacula.org/view.php?id=1905 and
    http://www.bacula.org/git/cgit.cgi/bacula/commit/?h=Branch-7.4&id=3924012940114148be0ef565e6d979597f9a27d1
    
    It was also never feasable for the end-user to be able to change them on
    the fly in the first place; to much internal logic already hard-coded
    them.
    
    Because existing files in /etc/defaults will still contain the
    old ARGS we have to get rid of this variable, specifying a user/group
    via -u/-g will cause an error if it is started as non-root via
    start-stop-daemon/systemd.
    
    If a variable to specify additional arguments is needed in the future,
    it will have to be named differently to not collide with existing
    configurations.
    
    b) switch bacula-fd over to non-root mode
    
    Since version 5.2.6 it is possible to run the filedaemon (on Linux) as
    non-root, if the system has capabilities allowing the daemon to read all
    files while running as a normal user.
    
    This is now the new default for systems which allow this mode of
    operation.
---
 debian/additions/common-functions.dpkg         | 11 ++---------
 debian/bacula-fd.init                          |  3 ++-
 debian/patches/non-forking-systemd-units.patch |  4 ++--
 3 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/debian/additions/common-functions.dpkg b/debian/additions/common-functions.dpkg
index 6cf956e..160cb3a 100644
--- a/debian/additions/common-functions.dpkg
+++ b/debian/additions/common-functions.dpkg
@@ -150,10 +150,10 @@ install_config() {
 #
 # if there is fresh install, generate default /etc/default/* file
 # if there is upgrade from old version, then set ENABLED=no if /etc/bacula/do_not_run present
-# if there is upgrade from recent version, then preserve ENABLED, ARGS and CONFIG variables/
+# if there is upgrade from recent version, then preserve ENABLED and CONFIG variables/
 #
 setup_etc_default() {
-    local PACKAGE SERVICE ARGS DEFAULT_ARGS ENABLED CONFIG DEFAULTS tempfile
+    local PACKAGE SERVICE ENABLED CONFIG DEFAULTS tempfile
     PACKAGE="$1"
 
     if [ "$2" != "configure" ]; then
@@ -163,15 +163,12 @@ setup_etc_default() {
     case "$1" in
         bacula-fd)
             SERVICE="bacula-fd"
-            ARGS=""
             ;;
         bacula-sd)
             SERVICE="bacula-sd"
-            ARGS="-u bacula -g tape"
             ;;
         bacula-director-pgsql|bacula-director-mysql|bacula-director-sqlite3)
             SERVICE="bacula-dir"
-            ARGS="-u bacula -g bacula"
             if ucfq -w "/etc/default/bacula-dir" \
                 |egrep -q '^[^:]*:bacula-director-(pgsql|mysql|sqlite3):'; then
                 UCFR_ARGS="-f"
@@ -217,10 +214,6 @@ setup_etc_default() {
 # ENABLED="no"
 ENABLED="$ENABLED"
 
-# Additional start arguments can be provided here
-# ARGS="$ARGS"
-ARGS="$ARGS"
-
 # Default config file can be changed here
 # CONFIG="/etc/bacula/$SERVICE.conf"
 CONFIG="$CONFIG"
diff --git a/debian/bacula-fd.init b/debian/bacula-fd.init
index 36dfa7b..6edb45e 100644
--- a/debian/bacula-fd.init
+++ b/debian/bacula-fd.init
@@ -45,11 +45,12 @@ if [ -r /etc/default/$NAME ]; then
 	. /etc/default/$NAME
 fi
 
-ENABLE_NONROOT="${ENABLE_NONROOT:-false}"
+ENABLE_NONROOT="${ENABLE_NONROOT:-true}"
 
 if [ "$ENABLE_NONROOT" = "true" ]; then 
 	BUSER="bacula"
 	BGROUP="bacula"
+	# KEEPCAPS just needed for configtest
 	KEEPCAPS="-k"
 fi
 
diff --git a/debian/patches/non-forking-systemd-units.patch b/debian/patches/non-forking-systemd-units.patch
index 0918564..e00ebba 100644
--- a/debian/patches/non-forking-systemd-units.patch
+++ b/debian/patches/non-forking-systemd-units.patch
@@ -65,8 +65,8 @@ Author: Sven Hartge <sven at svenhartge.de>
 +Group=tape
 +Environment="CONFIG=/etc/bacula/bacula-sd.conf"
 +EnvironmentFile=-/etc/default/bacula-sd
-+ExecStartPre=@sbindir@/bacula-sd -t -c $CONFIG $ARGS
-+ExecStart=@sbindir@/bacula-sd -f -c $CONFIG $ARGS
++ExecStartPre=@sbindir@/bacula-sd -t -c $CONFIG
++ExecStart=@sbindir@/bacula-sd -f -c $CONFIG
 +ExecReload=/bin/kill -HUP $MAINPID
 +SuccessExitStatus=15
  StandardError=syslog

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git

More information about the pkg-bacula-commits mailing list