Packaging: change permissions/ownership of config dir
When generating the rpm and dep package we now set proper group (elasticsearch) and permissions (750) to the conf dir (default /etc/elasticsearch). Same for the scripts subdirectory. Expanded the assert_file bash function to also optionally check the group of files, so we can actually test that the group was set correctly. Relates to #11016 Closes #14017
This commit is contained in:
parent
ef3172c8b0
commit
648cc6defa
|
@ -120,6 +120,19 @@
|
||||||
<group>root</group>
|
<group>root</group>
|
||||||
</mapper>
|
</mapper>
|
||||||
</data>
|
</data>
|
||||||
|
<!-- create the conf dir manually so it gets proper permissions -->
|
||||||
|
<data>
|
||||||
|
<type>template</type>
|
||||||
|
<paths>
|
||||||
|
<path>${packaging.elasticsearch.conf.dir}</path>
|
||||||
|
</paths>
|
||||||
|
<mapper>
|
||||||
|
<type>perm</type>
|
||||||
|
<filemode>750</filemode>
|
||||||
|
<user>root</user>
|
||||||
|
<group>elasticsearch</group>
|
||||||
|
</mapper>
|
||||||
|
</data>
|
||||||
<!-- Add configuration files -->
|
<!-- Add configuration files -->
|
||||||
<data>
|
<data>
|
||||||
<src>${project.basedir}/../src/main/resources/config</src>
|
<src>${project.basedir}/../src/main/resources/config</src>
|
||||||
|
@ -128,8 +141,9 @@
|
||||||
<mapper>
|
<mapper>
|
||||||
<type>perm</type>
|
<type>perm</type>
|
||||||
<prefix>${packaging.elasticsearch.conf.dir}</prefix>
|
<prefix>${packaging.elasticsearch.conf.dir}</prefix>
|
||||||
|
<filemode>750</filemode>
|
||||||
<user>root</user>
|
<user>root</user>
|
||||||
<group>root</group>
|
<group>elasticsearch</group>
|
||||||
</mapper>
|
</mapper>
|
||||||
</data>
|
</data>
|
||||||
<data>
|
<data>
|
||||||
|
@ -137,6 +151,12 @@
|
||||||
<paths>
|
<paths>
|
||||||
<path>${packaging.elasticsearch.conf.dir}/scripts</path>
|
<path>${packaging.elasticsearch.conf.dir}/scripts</path>
|
||||||
</paths>
|
</paths>
|
||||||
|
<mapper>
|
||||||
|
<type>perm</type>
|
||||||
|
<filemode>750</filemode>
|
||||||
|
<user>root</user>
|
||||||
|
<group>elasticsearch</group>
|
||||||
|
</mapper>
|
||||||
</data>
|
</data>
|
||||||
<!-- Add environment vars file -->
|
<!-- Add environment vars file -->
|
||||||
<data>
|
<data>
|
||||||
|
|
|
@ -142,10 +142,14 @@
|
||||||
that creates the conf.dir.-->
|
that creates the conf.dir.-->
|
||||||
<directory>${packaging.elasticsearch.conf.dir}</directory>
|
<directory>${packaging.elasticsearch.conf.dir}</directory>
|
||||||
<configuration>noreplace</configuration>
|
<configuration>noreplace</configuration>
|
||||||
|
<groupname>elasticsearch</groupname>
|
||||||
|
<filemode>750</filemode>
|
||||||
</mapping>
|
</mapping>
|
||||||
<mapping>
|
<mapping>
|
||||||
<directory>${packaging.elasticsearch.conf.dir}/</directory>
|
<directory>${packaging.elasticsearch.conf.dir}/</directory>
|
||||||
<configuration>noreplace</configuration>
|
<configuration>noreplace</configuration>
|
||||||
|
<groupname>elasticsearch</groupname>
|
||||||
|
<filemode>750</filemode>
|
||||||
<sources>
|
<sources>
|
||||||
<source>
|
<source>
|
||||||
<location>${project.basedir}/../src/main/resources/config/</location>
|
<location>${project.basedir}/../src/main/resources/config/</location>
|
||||||
|
@ -158,6 +162,8 @@
|
||||||
<mapping>
|
<mapping>
|
||||||
<directory>${packaging.elasticsearch.conf.dir}/scripts</directory>
|
<directory>${packaging.elasticsearch.conf.dir}/scripts</directory>
|
||||||
<configuration>noreplace</configuration>
|
<configuration>noreplace</configuration>
|
||||||
|
<groupname>elasticsearch</groupname>
|
||||||
|
<filemode>750</filemode>
|
||||||
</mapping>
|
</mapping>
|
||||||
<!-- Add environment vars file -->
|
<!-- Add environment vars file -->
|
||||||
<mapping>
|
<mapping>
|
||||||
|
|
|
@ -72,38 +72,39 @@ verify_package_installation() {
|
||||||
|
|
||||||
getent group elasticsearch
|
getent group elasticsearch
|
||||||
|
|
||||||
assert_file "$ESHOME" d root 755
|
assert_file "$ESHOME" d root root 755
|
||||||
assert_file "$ESHOME/bin" d root 755
|
assert_file "$ESHOME/bin" d root root 755
|
||||||
assert_file "$ESHOME/lib" d root 755
|
assert_file "$ESHOME/lib" d root root 755
|
||||||
assert_file "$ESCONFIG" d root 755
|
assert_file "$ESCONFIG" d root elasticsearch 750
|
||||||
assert_file "$ESCONFIG/elasticsearch.yml" f root 644
|
assert_file "$ESCONFIG/elasticsearch.yml" f root elasticsearch 750
|
||||||
assert_file "$ESCONFIG/logging.yml" f root 644
|
assert_file "$ESCONFIG/logging.yml" f root elasticsearch 750
|
||||||
assert_file "$ESDATA" d elasticsearch 755
|
assert_file "$ESSCRIPTS" d root elasticsearch 750
|
||||||
assert_file "$ESLOG" d elasticsearch 755
|
assert_file "$ESDATA" d elasticsearch elasticsearch 755
|
||||||
assert_file "$ESPLUGINS" d elasticsearch 755
|
assert_file "$ESLOG" d elasticsearch elasticsearch 755
|
||||||
assert_file "$ESPIDDIR" d elasticsearch 755
|
assert_file "$ESPLUGINS" d elasticsearch elasticsearch 755
|
||||||
assert_file "$ESHOME/NOTICE.txt" f root 644
|
assert_file "$ESPIDDIR" d elasticsearch elasticsearch 755
|
||||||
assert_file "$ESHOME/README.textile" f root 644
|
assert_file "$ESHOME/NOTICE.txt" f root root 644
|
||||||
|
assert_file "$ESHOME/README.textile" f root root 644
|
||||||
|
|
||||||
if is_dpkg; then
|
if is_dpkg; then
|
||||||
# Env file
|
# Env file
|
||||||
assert_file "/etc/default/elasticsearch" f root 644
|
assert_file "/etc/default/elasticsearch" f root root 644
|
||||||
|
|
||||||
# Doc files
|
# Doc files
|
||||||
assert_file "/usr/share/doc/elasticsearch" d root 755
|
assert_file "/usr/share/doc/elasticsearch" d root root 755
|
||||||
assert_file "/usr/share/doc/elasticsearch/copyright" f root 644
|
assert_file "/usr/share/doc/elasticsearch/copyright" f root root 644
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if is_rpm; then
|
if is_rpm; then
|
||||||
# Env file
|
# Env file
|
||||||
assert_file "/etc/sysconfig/elasticsearch" f root 644
|
assert_file "/etc/sysconfig/elasticsearch" f root root 644
|
||||||
# License file
|
# License file
|
||||||
assert_file "/usr/share/elasticsearch/LICENSE.txt" f root 644
|
assert_file "/usr/share/elasticsearch/LICENSE.txt" f root root 644
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if is_systemd; then
|
if is_systemd; then
|
||||||
assert_file "/usr/lib/systemd/system/elasticsearch.service" f root 644
|
assert_file "/usr/lib/systemd/system/elasticsearch.service" f root root 644
|
||||||
assert_file "/usr/lib/tmpfiles.d/elasticsearch.conf" f root 644
|
assert_file "/usr/lib/tmpfiles.d/elasticsearch.conf" f root root 644
|
||||||
assert_file "/usr/lib/sysctl.d/elasticsearch.conf" f root 644
|
assert_file "/usr/lib/sysctl.d/elasticsearch.conf" f root root 644
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
|
@ -150,7 +150,8 @@ assert_file() {
|
||||||
local file="$1"
|
local file="$1"
|
||||||
local type=$2
|
local type=$2
|
||||||
local user=$3
|
local user=$3
|
||||||
local privileges=$4
|
local group=$4
|
||||||
|
local privileges=$5
|
||||||
|
|
||||||
assert_file_exist "$file"
|
assert_file_exist "$file"
|
||||||
|
|
||||||
|
@ -167,6 +168,11 @@ assert_file() {
|
||||||
[ "$realuser" = "$user" ]
|
[ "$realuser" = "$user" ]
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "x$group" != "x" ]; then
|
||||||
|
realgroup=$(find "$file" -maxdepth 0 -printf "%g")
|
||||||
|
[ "$realgroup" = "$group" ]
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "x$privileges" != "x" ]; then
|
if [ "x$privileges" != "x" ]; then
|
||||||
realprivileges=$(find "$file" -maxdepth 0 -printf "%m")
|
realprivileges=$(find "$file" -maxdepth 0 -printf "%m")
|
||||||
[ "$realprivileges" = "$privileges" ]
|
[ "$realprivileges" = "$privileges" ]
|
||||||
|
|
Loading…
Reference in New Issue