diff options
| author | Austin S. Hemmelgarn <austin@netdata.cloud> | 2023-06-08 13:05:25 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-08 13:05:25 -0400 |
| commit | 1c3b11715e44855d6f2486d61769d820fb6ae50b (patch) | |
| tree | 91c44576144853f628aa545cd59b0188d53bca8c | |
| parent | e351538c95ebd5851ba40c4e42975b4298cfdcb4 (diff) | |
Fix user and group handling in DEB packages. (#15166)
* Fix user and group handling in DEB packages.
* Actually apply correct ownership.
But use the list of files in the package as provided by dpkg to do it
instead of blindly modifying everything under /usr/libexec/netdata.
| -rw-r--r-- | contrib/debian/control | 82 | ||||
| -rw-r--r-- | contrib/debian/netdata-base.postinst | 30 | ||||
| -rw-r--r-- | contrib/debian/netdata-ebpf-code-legacy.postinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-ebpf-code-legacy.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-apps.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-chartsd.postinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-chartsd.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-debugfs.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-ebpf.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-freeipmi.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-go.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-nfacct.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-perf.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-pythond.postinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-pythond.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata-plugin-slabinfo.preinst | 13 | ||||
| -rw-r--r-- | contrib/debian/netdata.postinst | 2 | ||||
| -rw-r--r-- | contrib/debian/netdata.preinst | 23 |
18 files changed, 247 insertions, 72 deletions
diff --git a/contrib/debian/control b/contrib/debian/control index 66adc17a18..91850bcb80 100644 --- a/contrib/debian/control +++ b/contrib/debian/control @@ -44,34 +44,29 @@ Depends: openssl, netdata-plugin-chartsd, netdata-plugin-slabinfo, netdata-plugin-perf +Pre-Depends: adduser, + dpkg (>= 1.17.14), + libcap2-bin (>=1:2.0), + lsb-base (>= 3.1-23.2) Conflicts: netdata-core, netdata-plugins-bash, netdata-plugins-python, - netdata-web + netdata-web, + netdata-base Suggests: netdata-plugin-cups, netdata-plugin-freeipmi -Pre-Depends: dpkg (>= 1.17.14) Description: real-time charts for system monitoring Netdata is a daemon that collects data in realtime (per second) and presents a web site to view and analyze them. The presentation is also real-time and full of interactive charts that precisely render all collected values. -Package: netdata-base -Architecture: all -Pre-Depends: adduser, - dpkg (>= 1.17.14), - libcap2-bin (>=1:2.0), - lsb-base (>= 3.1-23.2), - ${misc:Depends}, -Description: Base system configuration for Netdata packages - This package handles setup of users and groups for Netdata and it’s plugins. - Package: netdata-plugin-cups Architecture: any Depends: cups, ${shlibs:Depends}, -Pre-Depends: netdata-base (= ${source:Version}) + netdata (= ${source:Version}) +Pre-Depends: adduser Description: The CUPS metrics collection plugin for the Netdata Agent This plugin allows the Netdata Agent to collect metrics from the Common UNIX Printing System. @@ -79,16 +74,18 @@ Description: The CUPS metrics collection plugin for the Netdata Agent Package: netdata-plugin-freeipmi Architecture: any Depends: freeipmi, - ${shlibs:Depends} -Pre-Depends: netdata-base (= ${source:Version}) + ${shlibs:Depends}, + netdata (= ${source:Version}) +Pre-Depends: adduser Description: The FreeIPMI metrics collection plugin for the Netdata Agent This plugin allows the Netdata Agent to collect metrics from hardware using FreeIPMI. Package: netdata-plugin-nfacct Architecture: any -Depends: ${shlibs:Depends} -Pre-Depends: netdata-base (= ${source:Version}) +Depends: ${shlibs:Depends}, + netdata (= ${source:Version}) +Pre-Depends: adduser Conflicts: netdata (<< ${source:Version}) Description: The NFACCT metrics collection plugin for the Netdata Agent This plugin allows the Netdata Agent to collect metrics from the firewall @@ -96,8 +93,9 @@ Description: The NFACCT metrics collection plugin for the Netdata Agent Package: netdata-plugin-chartsd Architecture: all -Depends: bash -Pre-Depends: netdata-base (= ${source:Version}) +Depends: bash, + netdata (= ${source:Version}) +Pre-Depends: adduser Conflicts: netdata (<< ${source:Version}) Suggests: apcupsd, nut, iw, sudo Description: The charts.d metrics collection plugin for the Netdata Agent @@ -107,10 +105,11 @@ Description: The charts.d metrics collection plugin for the Netdata Agent Package: netdata-plugin-ebpf Architecture: amd64 -Depends: ${shlibs:Depends} -Pre-Depends: netdata-base (= ${source:Version}) -Recommends: netdata-ebpf-code-legacy (= ${source:Version}), - netdata-plugin-apps (= ${source:Version}) +Depends: ${shlibs:Depends}, + netdata (= ${source:Version}), + netdata-ebpf-code-legacy (= ${source:Version}) +Pre-Depends: adduser +Recommends: netdata-plugin-apps (= ${source:Version}) Conflicts: netdata (<< ${source:Version}) Description: The eBPF metrics collection plugin for the Netdata Agent This plugin allows the Netdata Agent to use eBPF code to collect more @@ -118,8 +117,8 @@ Description: The eBPF metrics collection plugin for the Netdata Agent Package: netdata-ebpf-code-legacy Architecture: amd64 -Pre-Depends: netdata-base (= ${source:Version}) Depends: netdata-plugin-ebpf (= ${source:Version}) +Pre-Depends: adduser Conflicts: netdata (<< ${source:Version}) Description: Compiled eBPF legacy code for the Netdata eBPF plugin This package provides the pre-compiled eBPF legacy code for use by @@ -129,8 +128,9 @@ Description: Compiled eBPF legacy code for the Netdata eBPF plugin Package: netdata-plugin-pythond Architecture: all -Depends: ${shlibs:Depends} -Pre-Depends: netdata-base (= ${source:Version}) +Depends: ${shlibs:Depends}, + netdata (= ${source:Version}) +Pre-Depends: adduser Suggests: sudo Conflicts: netdata (<< ${source:Version}) Description: The python.d metrics collection plugin for the Netdata Agent @@ -140,9 +140,9 @@ Description: The python.d metrics collection plugin for the Netdata Agent Package: netdata-plugin-go Architecture: any -Depends: ${shlibs:Depends} -Pre-Depends: libcap2-bin, - netdata-base (= ${source:Version}) +Depends: ${shlibs:Depends}, + netdata (= ${source:Version}) +Pre-Depends: libcap2-bin, adduser Suggests: nvme-cli, sudo Conflicts: netdata (<< ${source:Version}) Description: The go.d metrics collection plugin for the Netdata Agent @@ -153,9 +153,9 @@ Description: The go.d metrics collection plugin for the Netdata Agent Package: netdata-plugin-apps Architecture: any -Depends: ${shlibs:Depends} -Pre-Depends: libcap2-bin, - netdata-base (= ${source:Version}) +Depends: ${shlibs:Depends}, + netdata (= ${source:Version}) +Pre-Depends: libcap2-bin, adduser Conflicts: netdata (<< ${source:Version}) Description: The per-application metrics collection plugin for the Netdata Agent This plugin allows the Netdata Agent to collect per-application and @@ -163,9 +163,9 @@ Description: The per-application metrics collection plugin for the Netdata Agent Package: netdata-plugin-slabinfo Architecture: any -Depends: ${shlibs:Depends} -Pre-Depends: libcap2-bin, - netdata-base (= ${source:Version}) +Depends: ${shlibs:Depends}, + netdata (= ${source:Version}) +Pre-Depends: libcap2-bin, adduser Conflicts: netdata (<< ${source:Version}) Description: The slabinfo metrics collector for the Netdata Agent This plugin allows the Netdata Agent to collect perfromance and @@ -173,9 +173,9 @@ Description: The slabinfo metrics collector for the Netdata Agent Package: netdata-plugin-perf Architecture: any -Depends: ${shlibs:Depends} -Pre-Depends: libcap2-bin, - netdata-base (= ${source:Version}) +Depends: ${shlibs:Depends}, + netdata (= ${source:Version}) +Pre-Depends: libcap2-bin, adduser Conflicts: netdata (<< ${source:Version}) Description: The perf metrics collector for the Netdata Agent This plugin allows the Netdata to collect metrics from the Linux perf @@ -183,9 +183,9 @@ Description: The perf metrics collector for the Netdata Agent Package: netdata-plugin-debugfs Architecture: any -Depends: ${shlibs:Debends} -Pre-Depends: libcap2-bin, - netdata-base (= ${source:Version}) +Depends: ${shlibs:Debends}, + netdata (= ${source:Version}) +Pre-Depends: libcap2-bin, adduser Conflicts: netdata (<< ${source:Version}) Description: The debugfs metrics collector for the Netdata Agent This plugin allows the Netdata Agent to collect Linux kernel metrics diff --git a/contrib/debian/netdata-base.postinst b/contrib/debian/netdata-base.postinst deleted file mode 100644 index 70927b1ca1..0000000000 --- a/contrib/debian/netdata-base.postinst +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh - -set -e - -case "$1" in - configure|reconfigure) - if ! getent group netdata > /dev/null; then - addgroup --quiet --system netdata - fi - - if ! getent passwd netdata > /dev/null; then - adduser --quiet --system --ingroup netdata --home /var/lib/netdata --no-create-home netdata - fi - - for item in docker nginx varnish haproxy adm nsd proxy squid ceph nobody I2C; do - if getent group $item > /dev/null 2>&1; then - usermod -a -G $item netdata - fi - done - # Netdata must be able to read /etc/pve/qemu-server/* and /etc/pve/lxc/* - # for reading VMs/containers names, CPU and memory limits on Proxmox. - if [ -d "/etc/pve" ] && getent group "www-data" > /dev/null 2>&1; then - usermod -a -G www-data netdata - fi - ;; -esac - -##DEBHELPER## - -exit 0 diff --git a/contrib/debian/netdata-ebpf-code-legacy.postinst b/contrib/debian/netdata-ebpf-code-legacy.postinst new file mode 100644 index 0000000000..b82532286c --- /dev/null +++ b/contrib/debian/netdata-ebpf-code-legacy.postinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + configure|reconfigure) + grep /usr/libexec/netdata /var/lib/dpkg/info/netdata-ebpf-code-legacy.list | xargs -n 30 chown root:netdata + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/contrib/debian/netdata-ebpf-code-legacy.preinst b/contrib/debian/netdata-ebpf-code-legacy.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-ebpf-code-legacy.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata-plugin-apps.preinst b/contrib/debian/netdata-plugin-apps.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-plugin-apps.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata-plugin-chartsd.postinst b/contrib/debian/netdata-plugin-chartsd.postinst new file mode 100644 index 0000000000..1871bfef65 --- /dev/null +++ b/contrib/debian/netdata-plugin-chartsd.postinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + configure|reconfigure) + grep /usr/libexec/netdata /var/lib/dpkg/info/netdata-plugin-chartsd.list | xargs -n 30 chown root:netdata + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/contrib/debian/netdata-plugin-chartsd.preinst b/contrib/debian/netdata-plugin-chartsd.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-plugin-chartsd.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata-plugin-debugfs.preinst b/contrib/debian/netdata-plugin-debugfs.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-plugin-debugfs.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata-plugin-ebpf.preinst b/contrib/debian/netdata-plugin-ebpf.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-plugin-ebpf.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata-plugin-freeipmi.preinst b/contrib/debian/netdata-plugin-freeipmi.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-plugin-freeipmi.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata-plugin-go.preinst b/contrib/debian/netdata-plugin-go.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-plugin-go.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata-plugin-nfacct.preinst b/contrib/debian/netdata-plugin-nfacct.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-plugin-nfacct.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata-plugin-perf.preinst b/contrib/debian/netdata-plugin-perf.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-plugin-perf.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata-plugin-pythond.postinst b/contrib/debian/netdata-plugin-pythond.postinst new file mode 100644 index 0000000000..fc4ac504eb --- /dev/null +++ b/contrib/debian/netdata-plugin-pythond.postinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + configure|reconfigure) + grep /usr/libexec/netdata /var/lib/dpkg/info/netdata-plugin-pythond.list | xargs -n 30 chown root:netdata + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/contrib/debian/netdata-plugin-pythond.preinst b/contrib/debian/netdata-plugin-pythond.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-plugin-pythond.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata-plugin-slabinfo.preinst b/contrib/debian/netdata-plugin-slabinfo.preinst new file mode 100644 index 0000000000..fcabb415aa --- /dev/null +++ b/contrib/debian/netdata-plugin-slabinfo.preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + ;; +esac + +#DEBHELPER# diff --git a/contrib/debian/netdata.postinst b/contrib/debian/netdata.postinst index 0b9e98b9cb..15ffeaf7b2 100644 --- a/contrib/debian/netdata.postinst +++ b/contrib/debian/netdata.postinst @@ -39,7 +39,7 @@ case "$1" in dpkg-statoverride --force --update --add root netdata 0775 /var/lib/netdata/registry > /dev/null 2>&1 - chown -R root:netdata /usr/libexec/netdata/plugins.d + grep /usr/libexec/netdata /var/lib/dpkg/info/netdata.list | xargs -n 30 chown root:netdata chmod 4750 /usr/libexec/netdata/plugins.d/cgroup-network diff --git a/contrib/debian/netdata.preinst b/contrib/debian/netdata.preinst index 3bbdea0b37..a5dc9107e6 100644 --- a/contrib/debian/netdata.preinst +++ b/contrib/debian/netdata.preinst @@ -15,4 +15,27 @@ dpkg-maintscript-helper dir_to_symlink \ dpkg-maintscript-helper dir_to_symlink \ /var/lib/netdata/www/static /usr/share/netdata/www/static 1.18.1~ netdata -- "$@" +case "$1" in + install) + if ! getent group netdata > /dev/null; then + addgroup --quiet --system netdata + fi + + if ! getent passwd netdata > /dev/null; then + adduser --quiet --system --ingroup netdata --home /var/lib/netdata --no-create-home netdata + fi + + for item in docker nginx varnish haproxy adm nsd proxy squid ceph nobody I2C; do + if getent group $item > /dev/null 2>&1; then + usermod -a -G $item netdata + fi + done + # Netdata must be able to read /etc/pve/qemu-server/* and /etc/pve/lxc/* + # for reading VMs/containers names, CPU and memory limits on Proxmox. + if [ -d "/etc/pve" ] && getent group "www-data" > /dev/null 2>&1; then + usermod -a -G www-data netdata + fi + ;; +esac + #DEBHELPER# |