Have a single unix user used for all the thin-edge daemons (#1085)

* Closes #1031 single tedge user Signed-off-by: Pradeep Kumar K J <pradeepkumar.kj@softwareag.com> * Add script to upgrade tedge from 0.6 Signed-off-by: Pradeep Kumar K J <pradeepkumar.kj@softwareag.com>
author: PradeepKiruvale <pradeepkumar.kj@softwareag.com> 2022-04-21 15:03:09 +0530
committer: GitHub <noreply@github.com> 2022-04-21 15:03:09 +0530
commit: 001347fd92e0b697a01a591ae68b3316be0d9ec1 (patch)
tree: 9d3555a8588d9e2cd8640658374812dd359fa0a7 /configuration
parent: 7033ab55c70611bec47f2aee79e38de7e88e6d58 (diff)
11 files changed, 32 insertions, 91 deletions
diff --git a/configuration/contrib/tedge_upgrade/upgrade_tedge_0.6.sh b/configuration/contrib/tedge_upgrade/upgrade_tedge_0.6.sh
new file mode 100644
index 00000000..df5b1ba0
--- /dev/null
+++ b/configuration/contrib/tedge_upgrade/upgrade_tedge_0.6.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# change the owenership of the below directories/files to `tedge` user,
+# as there is only `tedge` user exists.
+
+sudo chown tedge:tedge /etc/tedge/operations/c8y/c8y_*
+sudo chown tedge:tedge /etc/tedge/.agent
+sudo chown tedge:tedge /var/log/tedge/agent
+sudo chown tedge:tedge /run/lock/tedge_agent.lock
+sudo chown tedge:tedge /run/lock/tedge-mapper-c8y.lock
+\ No newline at end of file
diff --git a/configuration/debian/tedge/postinst b/configuration/debian/tedge/postinst
index 788fb369..21794570 100755
--- a/configuration/debian/tedge/postinst
+++ b/configuration/debian/tedge/postinst
@@ -2,11 +2,6 @@
 set -e
 
 ### Create groups
-# thin-edge.io compoments run within their own groups and users the following steps add new groups if they don't exist.
-if ! getent group tedge-users >/dev/null; then
-    addgroup --quiet tedge-users
-fi
-
 if ! getent group tedge >/dev/null; then
     addgroup --quiet --system tedge
 fi
@@ -22,11 +17,11 @@ if ! grep -q "/etc/tedge/mosquitto-conf" "/etc/mosquitto/mosquitto.conf"; then
     echo "include_dir /etc/tedge/mosquitto-conf" >>/etc/mosquitto/mosquitto.conf
 fi
 
-### Create file in /etc/sudoers.d directory. With this configuration, all users in the group tedge-users have the right to call the tedge command with sudo rights, which is required for system-wide configuration in "/etc/tedge"
-echo "%tedge-users   ALL = (ALL) /usr/bin/tedge" >/etc/sudoers.d/tedge-users
+### Create file in /etc/sudoers.d directory. With this configuration, the tedge user have the right to call the tedge command with sudo rights, which is required for system-wide configuration in "/etc/tedge"
+echo "tedge  ALL = (ALL) NOPASSWD: /usr/bin/tedge, /etc/tedge/sm-plugins/[a-zA-Z0-9]*, /bin/sync, /sbin/init" >/etc/sudoers.d/tedge
 
 if [ -f "/etc/sudoers.d/010_pi-nopasswd" ]; then
-    echo "%tedge-users   ALL = (ALL) NOPASSWD: /usr/bin/tedge" >/etc/sudoers.d/tedge-users-nopasswd
+    echo "tedge   ALL = (ALL) NOPASSWD: /usr/bin/tedge, /etc/tedge/sm-plugins/[a-zA-Z0-9]*, /bin/sync, /sbin/init" >/etc/sudoers.d/tedge-nopasswd
 fi
 
 # Initialize the tedge
diff --git a/configuration/debian/tedge/postrm b/configuration/debian/tedge/postrm
index 27c334de..ab676b96 100644
--- a/configuration/debian/tedge/postrm
+++ b/configuration/debian/tedge/postrm
@@ -7,19 +7,19 @@ remove_user_tedge() {
     fi
 }
 
-remove_tedge_users_group() {
-    if getent group tedge-users > /dev/null; then
-        groupdel tedge-users
+remove_tedge_group() {
+    if getent group tedge > /dev/null; then
+        groupdel tedge
     fi
 }
 
 remove_sudoers_file() {
-    if [ -f "/etc/sudoers.d/tedge-users" ]; then
-        rm /etc/sudoers.d/tedge-users
+    if [ -f "/etc/sudoers.d/tedge" ]; then
+        rm /etc/sudoers.d/tedge
     fi
 
-    if [ -f "/etc/sudoers.d/tedge-users-nopasswd" ]; then
-        rm /etc/sudoers.d/tedge-users-nopasswd
+    if [ -f "/etc/sudoers.d/tedge-nopasswd" ]; then
+        rm /etc/sudoers.d/tedge-nopasswd
     fi
 }
 
@@ -44,7 +44,7 @@ purge_var_log() {
 case "$1" in
     purge)
         remove_user_tedge
-        remove_tedge_users_group
+        remove_tedge_group
         remove_mosquitto_edit
         remove_sudoers_file
         purge_configs
@@ -53,7 +53,7 @@ case "$1" in
 
     remove)
         remove_user_tedge
-        remove_tedge_users_group
+        remove_tedge_group
         remove_mosquitto_edit
         remove_sudoers_file
     ;;
diff --git a/configuration/debian/tedge_agent/postinst b/configuration/debian/tedge_agent/postinst
index 7430e3dc..4059b182 100644
--- a/configuration/debian/tedge_agent/postinst
+++ b/configuration/debian/tedge_agent/postinst
@@ -2,26 +2,6 @@
 
 set -e
 
-### Create a group "tedge-agent" if not created before
-if ! getent group tedge-agent >/dev/null; then
-    addgroup --quiet --system tedge-agent
-fi
-
-### Create a user "tedge-agent" if not created before
-# Create user tedge-agent with no home(--no-create-home), no login(--shell) and in group tedge-agent(--ingroup)
-if ! getent passwd tedge-agent >/dev/null; then
-    adduser --quiet --system --no-create-home --ingroup tedge-agent --shell /usr/sbin/nologin tedge-agent
-    adduser tedge-agent tedge
-fi
-
-### Create file in /etc/sudoers.d directory
-# tedge-agent needs to execute some of its operations as a system user therefore it needs an entry in /etc/sudoers.
-echo "%tedge-agent   ALL = (ALL) NOPASSWD: /etc/tedge/sm-plugins/[a-zA-Z0-9]*, /bin/sync, /sbin/init" >/etc/sudoers.d/tedge-agent
-
-if [ -f "/etc/sudoers.d/010_pi-nopasswd" ]; then
-    echo "%tedge-agent   ALL = (ALL) NOPASSWD: /etc/tedge/sm-plugins/[a-zA-Z0-9]*, /bin/sync, /sbin/init" >/etc/sudoers.d/tedge-agent-nopasswd
-fi
-
 # Reenable the services only if systemctl is available
 if command -v systemctl >/dev/null; then
     ### Enable the sm services if the device is connected to c8y cloud
@@ -33,6 +13,6 @@ if command -v systemctl >/dev/null; then
 fi
 
 # Initialize the agent
-runuser -u tedge-agent -- tedge_agent --init
+runuser -u tedge -- tedge_agent --init
 
 #DEBHELPER#
diff --git a/configuration/debian/tedge_agent/postrm b/configuration/debian/tedge_agent/postrm
index 115688e2..9b4c4681 100644
--- a/configuration/debian/tedge_agent/postrm
+++ b/configuration/debian/tedge_agent/postrm
@@ -1,23 +1,6 @@
 #!/bin/sh
 set -e
 
-remove_tedge_agent_user() {
-    if getent passwd tedge-agent >/dev/null; then
-        pkill -u tedge-agent || true
-        deluser --quiet --system tedge-agent
-    fi
-}
-
-remove_sudoers_file() {
-    if [ -f "/etc/sudoers.d/tedge-agent" ]; then
-        rm /etc/sudoers.d/tedge-agent
-    fi
-
-    if [ -f "/etc/sudoers.d/tedge-agent-nopasswd" ]; then
-        rm /etc/sudoers.d/tedge-agent-nopasswd
-    fi
-}
-
 purge_agent_directory() {
     if [ -d "/etc/tedge/.agent" ]; then
         rm -rf /etc/tedge/.agent
@@ -26,17 +9,10 @@ purge_agent_directory() {
 
 case "$1" in
     purge)
-        remove_tedge_agent_user
-        remove_sudoers_file
-        purge_agent_directory
-    ;;
-
-    remove)
-        remove_tedge_agent_user
-        remove_sudoers_file
+       purge_agent_directory
     ;;
 
-    upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
     ;;
 
     *)
diff --git a/configuration/debian/tedge_mapper/postinst b/configuration/debian/tedge_mapper/postinst
index a8625f3f..bb12342a 100644
--- a/configuration/debian/tedge_mapper/postinst
+++ b/configuration/debian/tedge_mapper/postinst
@@ -2,19 +2,8 @@
 
 set -e
 
-### Create a group "tedge-mapper" if not created before
-if ! getent group tedge-mapper >/dev/null; then
-    addgroup --quiet --system tedge-mapper
-fi
-
-### Create a user "tedge-mapper" if not created before
-# Create user tedge-mapper with no home(--no-create-home), no login(--shell) and in group tedge(--ingroup)
-if ! getent passwd tedge-mapper >/dev/null; then
-    adduser --quiet --system --no-create-home --ingroup tedge-mapper --shell /usr/sbin/nologin tedge-mapper
-    adduser tedge-mapper tedge
-fi
 
 ### Initialize the sm mapper
-runuser -u tedge-mapper -- tedge_mapper --init c8y
-runuser -u tedge-mapper -- tedge_mapper --init az
+runuser -u tedge -- tedge_mapper --init c8y
+runuser -u tedge -- tedge_mapper --init az
 #DEBHELPER#
diff --git a/configuration/debian/tedge_mapper/postrm b/configuration/debian/tedge_mapper/postrm
index eec30fbb..150afe9d 100644
--- a/configuration/debian/tedge_mapper/postrm
+++ b/configuration/debian/tedge_mapper/postrm
@@ -1,13 +1,6 @@
 #!/bin/sh
 set -e
 
-remove_tedge_mapper_user() {
-    if getent passwd tedge-mapper >/dev/null; then
-        pkill -u tedge-mapper || true
-        deluser --quiet --system tedge-mapper
-    fi
-}
-
 purge_operations() {
     if [ -d "/etc/tedge/operations" ]; then
         rm -rf /etc/tedge/operations
@@ -16,12 +9,10 @@ purge_operations() {
 
 case "$1" in
     purge)
-        remove_tedge_mapper_user
-        purge_operations
+       purge_operations
     ;;
 
     remove)
-        remove_tedge_mapper_user
     ;;
 
     upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/configuration/init/systemd/tedge-agent.service b/configuration/init/systemd/tedge-agent.service
index 70f0ee9d..6d954ffe 100644
--- a/configuration/init/systemd/tedge-agent.service
+++ b/configuration/init/systemd/tedge-agent.service
@@ -3,7 +3,7 @@ Description=tedge-agent is a thin-edge.io component to support operations.
 After=syslog.target network.target mosquitto.service
 
 [Service]
-User=tedge-agent
+User=tedge
 RuntimeDirectory=tedge_agent
 ExecStart=/usr/bin/tedge_agent
 Restart=on-failure
diff --git a/configuration/init/systemd/tedge-mapper-az.service b/configuration/init/systemd/tedge-mapper-az.service
index b87c3d23..062f1d89 100644
--- a/configuration/init/systemd/tedge-mapper-az.service
+++ b/configuration/init/systemd/tedge-mapper-az.service
@@ -3,7 +3,7 @@ Description=tedge-mapper-az checks Thin Edge JSON measurements and forwards to A
 After=syslog.target network.target mosquitto.service
 
 [Service]
-User=tedge-mapper
+User=tedge
 ExecStart=/usr/bin/tedge_mapper az
 Restart=on-failure
 RestartPreventExitStatus=255
diff --git a/configuration/init/systemd/tedge-mapper-c8y.service b/configuration/init/systemd/tedge-mapper-c8y.service
index a6de52ea..bfa85775 100644
--- a/configuration/init/systemd/tedge-mapper-c8y.service
+++ b/configuration/init/systemd/tedge-mapper-c8y.service
@@ -3,7 +3,7 @@ Description=tedge-mapper-c8y converts Thin Edge JSON measurements to Cumulocity
 After=syslog.target network.target mosquitto.service
 
 [Service]
-User=tedge-mapper
+User=tedge
 ExecStart=/usr/bin/tedge_mapper c8y
 Restart=on-failure
 RestartPreventExitStatus=255
diff --git a/configuration/init/systemd/tedge-mapper-collectd.service b/configuration/init/systemd/tedge-mapper-collectd.service
index 0499c3c9..62e86a49 100644
--- a/configuration/init/systemd/tedge-mapper-collectd.service
+++ b/configuration/init/systemd/tedge-mapper-collectd.service
@@ -3,7 +3,7 @@ Description=tedge-mapper-collectd converts Thin Edge JSON measurements to Cumulo
 After=syslog.target network.target mosquitto.service
 
 [Service]
-User=tedge-mapper
+User=tedge
 ExecStart=/usr/bin/tedge_mapper collectd
 Restart=on-failure
 RestartPreventExitStatus=255
author	PradeepKiruvale <pradeepkumar.kj@softwareag.com>	2022-04-21 15:03:09 +0530
committer	GitHub <noreply@github.com>	2022-04-21 15:03:09 +0530
commit	001347fd92e0b697a01a591ae68b3316be0d9ec1 (patch)
tree	9d3555a8588d9e2cd8640658374812dd359fa0a7 /configuration
parent	7033ab55c70611bec47f2aee79e38de7e88e6d58 (diff)