Packaging: change permissions/ownership of config dir
When generating the rpm and dep package we now set proper group (elasticsearch) and permissions (750) to the conf dir (default /etc/elasticsearch). Same for the scripts subdirectory. Expanded the assert_file bash function to also optionally check the group of files, so we can actually test that the group was set correctly. Relates to #11016 Closes #14017
This commit is contained in:
parent
ef3172c8b0
commit
648cc6defa
|
@ -120,6 +120,19 @@
|
|||
<group>root</group>
|
||||
</mapper>
|
||||
</data>
|
||||
<!-- create the conf dir manually so it gets proper permissions -->
|
||||
<data>
|
||||
<type>template</type>
|
||||
<paths>
|
||||
<path>${packaging.elasticsearch.conf.dir}</path>
|
||||
</paths>
|
||||
<mapper>
|
||||
<type>perm</type>
|
||||
<filemode>750</filemode>
|
||||
<user>root</user>
|
||||
<group>elasticsearch</group>
|
||||
</mapper>
|
||||
</data>
|
||||
<!-- Add configuration files -->
|
||||
<data>
|
||||
<src>${project.basedir}/../src/main/resources/config</src>
|
||||
|
@ -128,8 +141,9 @@
|
|||
<mapper>
|
||||
<type>perm</type>
|
||||
<prefix>${packaging.elasticsearch.conf.dir}</prefix>
|
||||
<filemode>750</filemode>
|
||||
<user>root</user>
|
||||
<group>root</group>
|
||||
<group>elasticsearch</group>
|
||||
</mapper>
|
||||
</data>
|
||||
<data>
|
||||
|
@ -137,6 +151,12 @@
|
|||
<paths>
|
||||
<path>${packaging.elasticsearch.conf.dir}/scripts</path>
|
||||
</paths>
|
||||
<mapper>
|
||||
<type>perm</type>
|
||||
<filemode>750</filemode>
|
||||
<user>root</user>
|
||||
<group>elasticsearch</group>
|
||||
</mapper>
|
||||
</data>
|
||||
<!-- Add environment vars file -->
|
||||
<data>
|
||||
|
|
|
@ -142,10 +142,14 @@
|
|||
that creates the conf.dir.-->
|
||||
<directory>${packaging.elasticsearch.conf.dir}</directory>
|
||||
<configuration>noreplace</configuration>
|
||||
<groupname>elasticsearch</groupname>
|
||||
<filemode>750</filemode>
|
||||
</mapping>
|
||||
<mapping>
|
||||
<directory>${packaging.elasticsearch.conf.dir}/</directory>
|
||||
<configuration>noreplace</configuration>
|
||||
<groupname>elasticsearch</groupname>
|
||||
<filemode>750</filemode>
|
||||
<sources>
|
||||
<source>
|
||||
<location>${project.basedir}/../src/main/resources/config/</location>
|
||||
|
@ -158,6 +162,8 @@
|
|||
<mapping>
|
||||
<directory>${packaging.elasticsearch.conf.dir}/scripts</directory>
|
||||
<configuration>noreplace</configuration>
|
||||
<groupname>elasticsearch</groupname>
|
||||
<filemode>750</filemode>
|
||||
</mapping>
|
||||
<!-- Add environment vars file -->
|
||||
<mapping>
|
||||
|
|
|
@ -72,38 +72,39 @@ verify_package_installation() {
|
|||
|
||||
getent group elasticsearch
|
||||
|
||||
assert_file "$ESHOME" d root 755
|
||||
assert_file "$ESHOME/bin" d root 755
|
||||
assert_file "$ESHOME/lib" d root 755
|
||||
assert_file "$ESCONFIG" d root 755
|
||||
assert_file "$ESCONFIG/elasticsearch.yml" f root 644
|
||||
assert_file "$ESCONFIG/logging.yml" f root 644
|
||||
assert_file "$ESDATA" d elasticsearch 755
|
||||
assert_file "$ESLOG" d elasticsearch 755
|
||||
assert_file "$ESPLUGINS" d elasticsearch 755
|
||||
assert_file "$ESPIDDIR" d elasticsearch 755
|
||||
assert_file "$ESHOME/NOTICE.txt" f root 644
|
||||
assert_file "$ESHOME/README.textile" f root 644
|
||||
assert_file "$ESHOME" d root root 755
|
||||
assert_file "$ESHOME/bin" d root root 755
|
||||
assert_file "$ESHOME/lib" d root root 755
|
||||
assert_file "$ESCONFIG" d root elasticsearch 750
|
||||
assert_file "$ESCONFIG/elasticsearch.yml" f root elasticsearch 750
|
||||
assert_file "$ESCONFIG/logging.yml" f root elasticsearch 750
|
||||
assert_file "$ESSCRIPTS" d root elasticsearch 750
|
||||
assert_file "$ESDATA" d elasticsearch elasticsearch 755
|
||||
assert_file "$ESLOG" d elasticsearch elasticsearch 755
|
||||
assert_file "$ESPLUGINS" d elasticsearch elasticsearch 755
|
||||
assert_file "$ESPIDDIR" d elasticsearch elasticsearch 755
|
||||
assert_file "$ESHOME/NOTICE.txt" f root root 644
|
||||
assert_file "$ESHOME/README.textile" f root root 644
|
||||
|
||||
if is_dpkg; then
|
||||
# Env file
|
||||
assert_file "/etc/default/elasticsearch" f root 644
|
||||
assert_file "/etc/default/elasticsearch" f root root 644
|
||||
|
||||
# Doc files
|
||||
assert_file "/usr/share/doc/elasticsearch" d root 755
|
||||
assert_file "/usr/share/doc/elasticsearch/copyright" f root 644
|
||||
assert_file "/usr/share/doc/elasticsearch" d root root 755
|
||||
assert_file "/usr/share/doc/elasticsearch/copyright" f root root 644
|
||||
fi
|
||||
|
||||
if is_rpm; then
|
||||
# Env file
|
||||
assert_file "/etc/sysconfig/elasticsearch" f root 644
|
||||
assert_file "/etc/sysconfig/elasticsearch" f root root 644
|
||||
# License file
|
||||
assert_file "/usr/share/elasticsearch/LICENSE.txt" f root 644
|
||||
assert_file "/usr/share/elasticsearch/LICENSE.txt" f root root 644
|
||||
fi
|
||||
|
||||
if is_systemd; then
|
||||
assert_file "/usr/lib/systemd/system/elasticsearch.service" f root 644
|
||||
assert_file "/usr/lib/tmpfiles.d/elasticsearch.conf" f root 644
|
||||
assert_file "/usr/lib/sysctl.d/elasticsearch.conf" f root 644
|
||||
assert_file "/usr/lib/systemd/system/elasticsearch.service" f root root 644
|
||||
assert_file "/usr/lib/tmpfiles.d/elasticsearch.conf" f root root 644
|
||||
assert_file "/usr/lib/sysctl.d/elasticsearch.conf" f root root 644
|
||||
fi
|
||||
}
|
||||
|
|
|
@ -150,7 +150,8 @@ assert_file() {
|
|||
local file="$1"
|
||||
local type=$2
|
||||
local user=$3
|
||||
local privileges=$4
|
||||
local group=$4
|
||||
local privileges=$5
|
||||
|
||||
assert_file_exist "$file"
|
||||
|
||||
|
@ -167,6 +168,11 @@ assert_file() {
|
|||
[ "$realuser" = "$user" ]
|
||||
fi
|
||||
|
||||
if [ "x$group" != "x" ]; then
|
||||
realgroup=$(find "$file" -maxdepth 0 -printf "%g")
|
||||
[ "$realgroup" = "$group" ]
|
||||
fi
|
||||
|
||||
if [ "x$privileges" != "x" ]; then
|
||||
realprivileges=$(find "$file" -maxdepth 0 -printf "%m")
|
||||
[ "$realprivileges" = "$privileges" ]
|
||||
|
|
Loading…
Reference in New Issue