Packaging: Make ES user own plugins dir, remove on uninstall

This change will chown /usr/share/elasticsearch/plugins to the elasticsearch user (the directory was formerly owned by root). This enables the ES user to manage plugins. Also, /usr/share/elasticsearch/plugins is now removed when the elasticsearch package is un-installed. Previously it was left lying there. Closes #8732 Signed-off-by: Thilo Fromm <github@thilo-fromm.de>
2014-12-01 18:22:17 +01:00 · 2014-12-01 18:22:17 +01:00 · 3d03c39ae6
parent 98d18c4bd9
commit 3d03c39ae6
4 changed files with 18 additions and 6 deletions
--- a/src/deb/control/postinst
+++ b/src/deb/control/postinst
@ -29,9 +29,10 @@ case "$1" in
 		"$ES_USER"
 	fi

-	# Set user permissions on /var/log/elasticsearch and /var/lib/elasticsearch
-	mkdir -p /var/log/elasticsearch /var/lib/elasticsearch
-	chown -R $ES_USER:$ES_GROUP /var/log/elasticsearch /var/lib/elasticsearch
+	# Set user permissions on /var/log/elasticsearch, /var/lib/elasticsearch,
+	#   and /usr/share/elasticsearch/plugins
+	mkdir -p /var/log/elasticsearch /var/lib/elasticsearch /usr/share/elasticsearch/plugins
+	chown -R $ES_USER:$ES_GROUP /var/log/elasticsearch /var/lib/elasticsearch /usr/share/elasticsearch/plugins
 	chmod 755 /var/log/elasticsearch /var/lib/elasticsearch
 	
 	# configuration files should not be modifiable by elasticsearch user, as this can be a security issue
--- a/src/deb/control/postrm
+++ b/src/deb/control/postrm
@ -10,7 +10,11 @@ case "$1" in
        if [ -x /bin/systemctl ] ; then
            /bin/systemctl --no-reload disable elasticsearch.service > /dev/null 2>&1 || :
        fi
-        # remove **only** empty data dir
+
+        # Remove plugin directory and all plugins
+        rm -rf /usr/share/elasticsearch/plugins
+
+        # Remove **only** empty data dir
        rmdir --ignore-fail-on-non-empty /var/lib/elasticsearch
    ;;

@ -23,8 +27,8 @@ case "$1" in
            update-rc.d elasticsearch remove >/dev/null || true
        fi
    
-        # Remove logs and data
-        rm -rf /var/log/elasticsearch /var/lib/elasticsearch
+        # Remove logs, data and plugins
+        rm -rf /var/log/elasticsearch /var/lib/elasticsearch /usr/share/elasticsearch/plugins

        # Remove user/group
        deluser elasticsearch || true
--- a/src/rpm/scripts/postinstall
+++ b/src/rpm/scripts/postinstall
@ -1,6 +1,10 @@

 [ -f /etc/sysconfig/elasticsearch ] && . /etc/sysconfig/elasticsearch

+# Generate ES plugin directory and hand over ownership to ES user
+mkdir -p /usr/share/elasticsearch/plugins
+chown elasticsearch:elasticsearch /usr/share/elasticsearch/plugins
+
 startElasticsearch() {
 	if [ -x /bin/systemctl ] ; then
 		/bin/systemctl start elasticsearch.service
--- a/src/rpm/scripts/postremove
+++ b/src/rpm/scripts/postremove
@ -10,6 +10,9 @@ if [ $1 -eq 0 ] ; then
    if [ "$?" == "0" ] ; then
        groupdel elasticsearch
    fi
+
+    # Remove plugin directory and all plugins
+    rm -rf /usr/share/elasticsearch/plugins
 fi

 exit