From 3d03c39ae66dd5a6394a71dc2ec831083c252b86 Mon Sep 17 00:00:00 2001
From: Thilo Fromm <github@thilo-fromm.de>
Date: Mon, 1 Dec 2014 18:22:17 +0100
Subject: [PATCH] Packaging: Make ES user own plugins dir, remove on uninstall

This change will chown /usr/share/elasticsearch/plugins to the elasticsearch
user (the directory was formerly owned by root). This enables the ES user to
manage plugins.

Also, /usr/share/elasticsearch/plugins is now removed when the elasticsearch
package is un-installed. Previously it was left lying there.

Closes #8732

Signed-off-by: Thilo Fromm <github@thilo-fromm.de>
---
 src/deb/control/postinst    |  7 ++++---
 src/deb/control/postrm      | 10 +++++++---
 src/rpm/scripts/postinstall |  4 ++++
 src/rpm/scripts/postremove  |  3 +++
 4 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/src/deb/control/postinst b/src/deb/control/postinst
index bba988ac6e3..8c76fe916f7 100755
--- a/src/deb/control/postinst
+++ b/src/deb/control/postinst
@@ -29,9 +29,10 @@ case "$1" in
 		"$ES_USER"
 	fi
 
-	# Set user permissions on /var/log/elasticsearch and /var/lib/elasticsearch
-	mkdir -p /var/log/elasticsearch /var/lib/elasticsearch
-	chown -R $ES_USER:$ES_GROUP /var/log/elasticsearch /var/lib/elasticsearch
+	# Set user permissions on /var/log/elasticsearch, /var/lib/elasticsearch,
+	#   and /usr/share/elasticsearch/plugins
+	mkdir -p /var/log/elasticsearch /var/lib/elasticsearch /usr/share/elasticsearch/plugins
+	chown -R $ES_USER:$ES_GROUP /var/log/elasticsearch /var/lib/elasticsearch /usr/share/elasticsearch/plugins
 	chmod 755 /var/log/elasticsearch /var/lib/elasticsearch
 	
 	# configuration files should not be modifiable by elasticsearch user, as this can be a security issue
diff --git a/src/deb/control/postrm b/src/deb/control/postrm
index b47965d6ebb..23133590535 100755
--- a/src/deb/control/postrm
+++ b/src/deb/control/postrm
@@ -10,7 +10,11 @@ case "$1" in
         if [ -x /bin/systemctl ] ; then
             /bin/systemctl --no-reload disable elasticsearch.service > /dev/null 2>&1 || :
         fi
-        # remove **only** empty data dir
+
+        # Remove plugin directory and all plugins
+        rm -rf /usr/share/elasticsearch/plugins
+
+        # Remove **only** empty data dir
         rmdir --ignore-fail-on-non-empty /var/lib/elasticsearch
     ;;
 
@@ -23,8 +27,8 @@ case "$1" in
             update-rc.d elasticsearch remove >/dev/null || true
         fi
     
-        # Remove logs and data
-        rm -rf /var/log/elasticsearch /var/lib/elasticsearch
+        # Remove logs, data and plugins
+        rm -rf /var/log/elasticsearch /var/lib/elasticsearch /usr/share/elasticsearch/plugins
 
         # Remove user/group
         deluser elasticsearch || true
diff --git a/src/rpm/scripts/postinstall b/src/rpm/scripts/postinstall
index 317f7fe4029..55d1dbe3a1f 100644
--- a/src/rpm/scripts/postinstall
+++ b/src/rpm/scripts/postinstall
@@ -1,6 +1,10 @@
 
 [ -f /etc/sysconfig/elasticsearch ] && . /etc/sysconfig/elasticsearch
 
+# Generate ES plugin directory and hand over ownership to ES user
+mkdir -p /usr/share/elasticsearch/plugins
+chown elasticsearch:elasticsearch /usr/share/elasticsearch/plugins
+
 startElasticsearch() {
 	if [ -x /bin/systemctl ] ; then
 		/bin/systemctl start elasticsearch.service
diff --git a/src/rpm/scripts/postremove b/src/rpm/scripts/postremove
index 6dedc2984ce..52fd0e0b1c1 100644
--- a/src/rpm/scripts/postremove
+++ b/src/rpm/scripts/postremove
@@ -10,6 +10,9 @@ if [ $1 -eq 0 ] ; then
     if [ "$?" == "0" ] ; then
         groupdel elasticsearch
     fi
+
+    # Remove plugin directory and all plugins
+    rm -rf /usr/share/elasticsearch/plugins
 fi
 
 exit