[build] Ensure group kibana is added, stricter user creation

2025-04-24 01:38:56 -04:00 · 2016-06-20 10:27:36 -05:00 · 2016-06-20 10:27:36 -05:00 · b54ef4ed00
commit b54ef4ed00
parent 05f6a56f34
2 changed files with 41 additions and 25 deletions
--- a/tasks/build/package_scripts/post_install.sh
+++ b/tasks/build/package_scripts/post_install.sh
@ -1,19 +1,39 @@
 #!/bin/sh
 set -e

-user_check() {
-  getent passwd "$1" > /dev/null 2>&1
-}
+case $1 in
+  # Debian
+  configure)
+    if ! getent group "<%= group %>" >/dev/null; then
+      addgroup --quiet --system "<%= group %>"
+    fi

-user_create() {
-  # Create a system user. A system user is one within the system uid range and
-  # has no expiration
-  useradd -r "$1"
-}
+    if ! getent passwd "<%= user %>" >/dev/null; then
+      adduser --quiet --system --no-create-home --disabled-password \
+      --ingroup "<%= group %>" --shell /bin/false "<%= user %>"
+    fi
+  ;;
+  abort-deconfigure|abort-upgrade|abort-remove)
+  ;;
+
+  # Red Hat
+  1|2)
+    if ! getent group "<%= group %>" >/dev/null; then
+      groupadd -r "<%= group %>"
+    fi
+
+    if ! getent passwd "<%= user %>" >/dev/null; then
+      useradd -r -g "<%= group %>" -M -s /sbin/nologin \
+      -c "kibana service user" "<%= user %>"
+    fi
+  ;;
+
+  *)
+      echo "post install script called with unknown argument \`$1'" >&2
+      exit 1
+  ;;
+esac

-if ! user_check "<%= user %>" ; then
-  user_create "<%= user %>"
-fi
 chown -R <%= user %>:<%= group %> <%= optimizeDir %>
 chown <%= user %>:<%= group %> <%= dataDir %>
 chown <%= user %>:<%= group %> <%= pluginsDir %>
--- a/tasks/build/package_scripts/post_remove.sh
+++ b/tasks/build/package_scripts/post_remove.sh
@ -1,22 +1,14 @@
 #!/bin/sh
 set -e

-user_check() {
-  getent passwd "$1" > /dev/null 2>&1
-}
-
-user_remove() {
-  userdel "$1"
-}
-
-REMOVE_USER=false
+REMOVE_USER_AND_GROUP=false
 REMOVE_DIRS=false

 case $1 in
  # Includes cases for all valid arguments, exit 1 otherwise
  # Debian
  purge)
-    REMOVE_USER=true
+    REMOVE_USER_AND_GROUP=true
    REMOVE_DIRS=true
  ;;
  remove)
@ -28,7 +20,7 @@ case $1 in

  # Red Hat
  0)
-    REMOVE_USER=true
+    REMOVE_USER_AND_GROUP=true
    REMOVE_DIRS=true
  ;;

@ -41,9 +33,13 @@ case $1 in
  ;;
 esac

-if [ "$REMOVE_USER" = "true" ]; then
-  if user_check "<%= user %>"  ; then
-    user_remove "<%= user %>"
+if [ "$REMOVE_USER_AND_GROUP" = "true" ]; then
+  if getent group "<%= group %>" >/dev/null; then
+    groupdel "<%= group %>"
+  fi
+
+  if getent passwd "<%= user %>" >/dev/null; then
+    userdel "<%= user %>"
  fi
 fi