From 88bb292552333a63835fc7f94a08283e076fa90e Mon Sep 17 00:00:00 2001 From: Alan Parkinson Date: Sat, 1 Feb 2014 12:33:27 +0000 Subject: [PATCH] use normalizedName as the default appUser for Linux Packages --- README.md | 7 +++-- .../sbt/packager/debian/DebianPlugin.scala | 29 ++++++++++++++++--- .../sbt/packager/linux/LinuxPlugin.scala | 3 +- src/sphinx/archetypes.rst | 7 +++-- src/sphinx/debian.rst | 20 +++++++------ 5 files changed, 47 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 4c398a6c2..139da85f9 100644 --- a/README.md +++ b/README.md @@ -75,9 +75,10 @@ For debian packaging there are a few things generated for you * A template folder `/var/log/` * A symlink `/installdir//logs` to `/var/log/ 32) { + streams.log.warn("The length of '" + user + "' must be not be greater than 32 characters for Debian based distributions.") + } + } + def debianSettings: Seq[Setting[_]] = Seq( debianPriority := "optional", @@ -172,8 +190,8 @@ trait DebianPlugin extends Plugin with linux.LinuxPlugin { } groupBy (_._1) foreach { case ((user, group), pathList) => streams.log info ("Altering postrm/postinst files to add user " + user + " and group " + group) - val postinst = t / Names.Debian / Names.Postinst - val postrm = t / Names.Debian / Names.Postrm + val postinst = createFileIfRequired(t / Names.Debian / Names.Postinst, LinuxFileMetaData()) + val postrm = createFileIfRequired(t / Names.Debian / Names.Postrm, LinuxFileMetaData()) val replacements = Seq("group" -> group, "user" -> user) @@ -185,6 +203,9 @@ trait DebianPlugin extends Plugin with linux.LinuxPlugin { prependAndFixPerms(postinst, chownAdd, LinuxFileMetaData()) } + validateUserGroupNames(user, streams) + validateUserGroupNames(group, streams) + val userGroupAdd = Seq( TemplateWriter.generateScript(DebianPlugin.postinstGroupaddTemplateSource, replacements), TemplateWriter.generateScript(DebianPlugin.postinstUseraddTemplateSource, replacements) diff --git a/src/main/scala/com/typesafe/sbt/packager/linux/LinuxPlugin.scala b/src/main/scala/com/typesafe/sbt/packager/linux/LinuxPlugin.scala index 23fd49a0f..89a21c55e 100644 --- a/src/main/scala/com/typesafe/sbt/packager/linux/LinuxPlugin.scala +++ b/src/main/scala/com/typesafe/sbt/packager/linux/LinuxPlugin.scala @@ -4,6 +4,7 @@ package linux import Keys._ import sbt._ +import sbt.Keys.{ normalizedName } import com.typesafe.sbt.packager.linux.LinuxPlugin.Users /** @@ -27,7 +28,7 @@ trait LinuxPlugin extends Plugin { }, packageSummary in Linux <<= packageSummary, packageDescription in Linux <<= packageDescription, - appUser := Users.Root, appGroup <<= appUser in Linux) + appUser <<= normalizedName, appGroup <<= appUser in Linux) /** DSL for packaging files into .deb */ def packageMapping(files: (File, String)*) = LinuxPackageMapping(files) diff --git a/src/sphinx/archetypes.rst b/src/sphinx/archetypes.rst index 2942bcf2f..cddbab0e6 100644 --- a/src/sphinx/archetypes.rst +++ b/src/sphinx/archetypes.rst @@ -108,15 +108,18 @@ For Debian servers, you can select to either use SystemV or Upstart for your ser serverLoading in Debian := ServerLoader.SystemV -By default, the native packager will install and run services using the ``root`` user and group. This is not a good default for services, which should not be exposed to root access. You can change the installation and usage user via the ``daemonUser`` key: +By default, the native packager will install and run services using a user and group based on your package name. You can change the installation and usage user via the ``appUser`` and ``appGroup`` key: .. code-block:: scala - daemonUser in Debian := "my_app_user" + appUser in Linux := "my_app_user" + + appGroup in Linux := "my_app_group" The archetype will automatically append/prepend the creation/deletion of the user to your packaging for Debian. *Note:* All specified users are **deleted** on an ``apt-get purge ``. +*Note:* It is not a good idea to use **root** as the ``appUser`` for services as it represents a security risk. diff --git a/src/sphinx/debian.rst b/src/sphinx/debian.rst index c8e3dc7f5..f1c3c73d7 100644 --- a/src/sphinx/debian.rst +++ b/src/sphinx/debian.rst @@ -128,7 +128,7 @@ can add ``preinst`` , ``postinst`` , ``prerm`` and/or ``postrm`` scripts. Just p If you use the ``packageArchetype.java_server`` there are predefined ``postinst`` and ``preinst`` files, which start/stop the application on install/remove calls. Existing -maintainer scripts will be extended not overidden. +maintainer scripts will be extended not overridden. Your control scripts are in a different castle.. directory? No problem. @@ -149,12 +149,14 @@ The default configuration looks like this (that means you don't have to add anyt import com.typesafe.sbt.packager.archetypes.ServerLoader.{Upstart, SystemV} serverLoading := Upstart - - daemonUser := "root" - -Change these values as you need. When you change the ``daemonUser`` make sure -you alter the ``packageMappings`` correctly. All users you define in the -``packageMappings`` will be generated within in the ``postinst`` script and -removed with ``apt-get purge`` through the ``postrm`` script. -For more informations look at the :ref:`Archetypes` page. +The default configuration will create a default system user and group for ownerships of the +installed files. This user will also be used to execute the daemon service so it does +not run as the **root** user. + +This default can be overridden using the ``appUser`` and ``appGroup`` keys, change +these values as you need. The user or group you define in the appropriate keys will be +created within in the ``postinst`` script and removed with ``apt-get purge`` through the +``postrm`` script. + +For more information look at the :ref:`Archetypes` page.