[pkg-bacula-commits] [bacula] 01/04: Remove ability for administrator to change users deamons run as
Sven Hartge
hartge-guest at moszumanska.debian.org
Mon Jul 18 09:14:08 UTC 2016
This is an automated email from the git hooks/post-receive script.
hartge-guest pushed a commit to branch systemd-fixuser
in repository bacula.
commit 84be61b004544f74c525bf09b0461c621a14f8ca
Author: Sven Hartge <sven at svenhartge.de>
Date: Sun Jul 17 23:56:05 2016 +0200
Remove ability for administrator to change users deamons run as
The users the various daemons run as are deeply ingrained into the
packages, there is no simple way for an administrator to change
those at runtime without rebuilding the packages from source.
Remove the unneeded and in fact unusable ability to change the runtime
user from both the init-scripts and the systemd units and instead
hard-code the default user and group to bacula:bacula for the director
and bacula:tape for the storage daemon. (The file-deamon always runs
as root:root.)
---
debian/bacula-director-db.bacula-director.init.in | 5 ++-
debian/bacula-fd.init | 5 ++-
debian/bacula-sd.init | 5 ++-
debian/patches/non-forking-systemd-units.patch | 46 +++++++++++------------
4 files changed, 32 insertions(+), 29 deletions(-)
diff --git a/debian/bacula-director-db.bacula-director.init.in b/debian/bacula-director-db.bacula-director.init.in
index f8884aa..6a9e615 100644
--- a/debian/bacula-director-db.bacula-director.init.in
+++ b/debian/bacula-director-db.bacula-director.init.in
@@ -27,6 +27,7 @@ DAEMON=/usr/sbin/bacula-dir
NAME="bacula-dir"
PORT=9101
DESC="Bacula Director"
+USERGROUP="bacula:bacula"
if [ ! -x $DAEMON ] ; then
echo "No bacula-director SQL package installed"
@@ -65,7 +66,7 @@ do_start()
{
if $DAEMON -t -c $CONFIG $ARGS > /dev/null 2>&1; then
start-stop-daemon --start --quiet --pidfile $PIDFILE \
- --oknodo --exec $DAEMON -- -c $CONFIG $ARGS
+ --oknodo --exec $DAEMON --chuid $USERGROUP -- -c $CONFIG
return 0
else
log_progress_msg "- the configtest"
@@ -76,7 +77,7 @@ do_start()
do_stop()
{
start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
- --retry TERM/30/KILL/5 --exec $DAEMON -- -c $CONFIG $ARGS
+ --retry TERM/30/KILL/5 --exec $DAEMON -- -c $CONFIG
}
diff --git a/debian/bacula-fd.init b/debian/bacula-fd.init
index 8d1afa0..8ebe074 100644
--- a/debian/bacula-fd.init
+++ b/debian/bacula-fd.init
@@ -29,6 +29,7 @@ DAEMON=/usr/sbin/bacula-fd
NAME="bacula-fd"
PORT=9102
DESC="Bacula File daemon"
+USERGROUP="root:root"
test -x $DAEMON || exit 0
@@ -53,7 +54,7 @@ do_start()
{
if $DAEMON -t -c $CONFIG $ARGS > /dev/null 2>&1; then
start-stop-daemon --start --quiet --pidfile $PIDFILE \
- --oknodo --exec $DAEMON -- -c $CONFIG $ARGS
+ --oknodo --exec $DAEMON --chuid $USERGROUP -- -c $CONFIG
return 0
else
log_progress_msg "- the configtest"
@@ -64,7 +65,7 @@ do_start()
do_stop()
{
start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
- --retry TERM/30/KILL/5 --exec $DAEMON -- -c $CONFIG $ARGS
+ --retry TERM/30/KILL/5 --exec $DAEMON -- -c $CONFIG
}
case "$1" in
diff --git a/debian/bacula-sd.init b/debian/bacula-sd.init
index 5477ff5..df4ef87 100644
--- a/debian/bacula-sd.init
+++ b/debian/bacula-sd.init
@@ -27,6 +27,7 @@ DAEMON=/usr/sbin/bacula-sd
NAME="bacula-sd"
PORT=9103
DESC="Bacula Storage daemon"
+USERGROUP="bacula:tape"
test -x $DAEMON || exit 0
@@ -51,7 +52,7 @@ do_start()
{
if $DAEMON -t -c $CONFIG $ARGS > /dev/null 2>&1; then
start-stop-daemon --start --quiet --pidfile $PIDFILE \
- --oknodo --exec $DAEMON -- -c $CONFIG $ARGS
+ --oknodo --exec $DAEMON --chuid $USERGROUP -- -c $CONFIG
return 0
else
log_progress_msg "- the configtest"
@@ -62,7 +63,7 @@ do_start()
do_stop()
{
start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
- --retry TERM/$STOPTIMEOUT/KILL/5 --exec $DAEMON -- -c $CONFIG $ARGS
+ --retry TERM/$STOPTIMEOUT/KILL/5 --exec $DAEMON -- -c $CONFIG
}
case "$1" in
diff --git a/debian/patches/non-forking-systemd-units.patch b/debian/patches/non-forking-systemd-units.patch
index fb873c1..0918564 100644
--- a/debian/patches/non-forking-systemd-units.patch
+++ b/debian/patches/non-forking-systemd-units.patch
@@ -1,11 +1,9 @@
Description: Change systemd.units to non-forking simple mode
Author: Sven Hartge <sven at svenhartge.de>
-Index: bacula-7.4.2+dfsg/platforms/systemd/bacula-dir.service.in
-===================================================================
---- bacula-7.4.2+dfsg.orig/platforms/systemd/bacula-dir.service.in
-+++ bacula-7.4.2+dfsg/platforms/systemd/bacula-dir.service.in
-@@ -22,13 +22,14 @@ RequiresMountsFor=@working_dir@ @sysconf
+--- a/platforms/systemd/bacula-dir.service.in
++++ b/platforms/systemd/bacula-dir.service.in
+@@ -22,13 +22,16 @@
# From http://www.freedesktop.org/software/systemd/man/systemd.service.html
[Service]
@@ -16,21 +14,21 @@ Index: bacula-7.4.2+dfsg/platforms/systemd/bacula-dir.service.in
-PIDFile=@piddir@/bacula-dir. at dir_port@.pid
-ExecReload=@sbindir@/bacula-dir -t -c @sysconfdir@/bacula-dir.conf
+Type=simple
-+Environment="CONFIG=/etc/bacula/bacula-dir.conf" "ARGS=-u bacula -g bacula"
++User=bacula
++Group=bacula
++Environment="CONFIG=/etc/bacula/bacula-dir.conf"
+EnvironmentFile=-/etc/default/bacula-dir
-+ExecStartPre=@sbindir@/bacula-dir -t -c $CONFIG $ARGS
-+ExecStart=@sbindir@/bacula-dir -f -c $CONFIG $ARGS
-+ExecReload=@sbindir@/bacula-dir -t -c $CONFIG $ARGS
++ExecStartPre=@sbindir@/bacula-dir -t -c $CONFIG
++ExecStart=@sbindir@/bacula-dir -f -c $CONFIG
++ExecReload=@sbindir@/bacula-dir -t -c $CONFIG
ExecReload=/bin/kill -HUP $MAINPID
+SuccessExitStatus=15
StandardError=syslog
[Install]
-Index: bacula-7.4.2+dfsg/platforms/systemd/bacula-fd.service.in
-===================================================================
---- bacula-7.4.2+dfsg.orig/platforms/systemd/bacula-fd.service.in
-+++ bacula-7.4.2+dfsg/platforms/systemd/bacula-fd.service.in
-@@ -22,11 +22,13 @@ RequiresMountsFor=@working_dir@ @sysconf
+--- a/platforms/systemd/bacula-fd.service.in
++++ b/platforms/systemd/bacula-fd.service.in
+@@ -22,11 +22,15 @@
# from http://www.freedesktop.org/software/systemd/man/systemd.service.html
[Service]
@@ -40,20 +38,20 @@ Index: bacula-7.4.2+dfsg/platforms/systemd/bacula-fd.service.in
-ExecStart=@sbindir@/bacula-fd -c @sysconfdir@/bacula-fd.conf
-PIDFile=@piddir@/bacula-fd. at fd_port@.pid
+Type=simple
-+Environment="CONFIG=/etc/bacula/bacula-fd.conf" "ARGS=-u root -g root"
++User=root
++Group=root
++Environment="CONFIG=/etc/bacula/bacula-fd.conf"
+EnvironmentFile=-/etc/default/bacula-fd
-+ExecStartPre=@sbindir@/bacula-fd -t -c $CONFIG $ARGS
-+ExecStart=@sbindir@/bacula-fd -f -c $CONFIG $ARGS
++ExecStartPre=@sbindir@/bacula-fd -t -c $CONFIG
++ExecStart=@sbindir@/bacula-fd -f -c $CONFIG
+ExecReload=/bin/kill -HUP $MAINPID
+SuccessExitStatus=15
StandardError=syslog
[Install]
-Index: bacula-7.4.2+dfsg/platforms/systemd/bacula-sd.service.in
-===================================================================
---- bacula-7.4.2+dfsg.orig/platforms/systemd/bacula-sd.service.in
-+++ bacula-7.4.2+dfsg/platforms/systemd/bacula-sd.service.in
-@@ -21,11 +21,13 @@ RequiresMountsFor=@working_dir@ @sysconf
+--- a/platforms/systemd/bacula-sd.service.in
++++ b/platforms/systemd/bacula-sd.service.in
+@@ -21,11 +21,15 @@
# from http://www.freedesktop.org/software/systemd/man/systemd.service.html
[Service]
@@ -63,7 +61,9 @@ Index: bacula-7.4.2+dfsg/platforms/systemd/bacula-sd.service.in
-ExecStart=@sbindir@/bacula-sd -c @sysconfdir@/bacula-sd.conf
-PIDFile=@piddir@/bacula-sd. at sd_port@.pid
+Type=simple
-+Environment="CONFIG=/etc/bacula/bacula-sd.conf" "ARGS=-u bacula -g tape"
++User=bacula
++Group=tape
++Environment="CONFIG=/etc/bacula/bacula-sd.conf"
+EnvironmentFile=-/etc/default/bacula-sd
+ExecStartPre=@sbindir@/bacula-sd -t -c $CONFIG $ARGS
+ExecStart=@sbindir@/bacula-sd -f -c $CONFIG $ARGS
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git
More information about the pkg-bacula-commits
mailing list