From 001347fd92e0b697a01a591ae68b3316be0d9ec1 Mon Sep 17 00:00:00 2001 From: PradeepKiruvale Date: Thu, 21 Apr 2022 15:03:09 +0530 Subject: Have a single unix user used for all the thin-edge daemons (#1085) * Closes #1031 single tedge user Signed-off-by: Pradeep Kumar K J * Add script to upgrade tedge from 0.6 Signed-off-by: Pradeep Kumar K J --- .../contrib/tedge_upgrade/upgrade_tedge_0.6.sh | 10 ++++++++ configuration/debian/tedge/postinst | 11 +++------ configuration/debian/tedge/postrm | 18 +++++++------- configuration/debian/tedge_agent/postinst | 22 +---------------- configuration/debian/tedge_agent/postrm | 28 ++-------------------- configuration/debian/tedge_mapper/postinst | 15 ++---------- configuration/debian/tedge_mapper/postrm | 11 +-------- configuration/init/systemd/tedge-agent.service | 2 +- configuration/init/systemd/tedge-mapper-az.service | 2 +- .../init/systemd/tedge-mapper-c8y.service | 2 +- .../init/systemd/tedge-mapper-collectd.service | 2 +- 11 files changed, 32 insertions(+), 91 deletions(-) create mode 100644 configuration/contrib/tedge_upgrade/upgrade_tedge_0.6.sh (limited to 'configuration') diff --git a/configuration/contrib/tedge_upgrade/upgrade_tedge_0.6.sh b/configuration/contrib/tedge_upgrade/upgrade_tedge_0.6.sh new file mode 100644 index 00000000..df5b1ba0 --- /dev/null +++ b/configuration/contrib/tedge_upgrade/upgrade_tedge_0.6.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# change the owenership of the below directories/files to `tedge` user, +# as there is only `tedge` user exists. + +sudo chown tedge:tedge /etc/tedge/operations/c8y/c8y_* +sudo chown tedge:tedge /etc/tedge/.agent +sudo chown tedge:tedge /var/log/tedge/agent +sudo chown tedge:tedge /run/lock/tedge_agent.lock +sudo chown tedge:tedge /run/lock/tedge-mapper-c8y.lock \ No newline at end of file diff --git a/configuration/debian/tedge/postinst b/configuration/debian/tedge/postinst index 788fb369..21794570 100755 --- a/configuration/debian/tedge/postinst +++ b/configuration/debian/tedge/postinst @@ -2,11 +2,6 @@ set -e ### Create groups -# thin-edge.io compoments run within their own groups and users the following steps add new groups if they don't exist. -if ! getent group tedge-users >/dev/null; then - addgroup --quiet tedge-users -fi - if ! getent group tedge >/dev/null; then addgroup --quiet --system tedge fi @@ -22,11 +17,11 @@ if ! grep -q "/etc/tedge/mosquitto-conf" "/etc/mosquitto/mosquitto.conf"; then echo "include_dir /etc/tedge/mosquitto-conf" >>/etc/mosquitto/mosquitto.conf fi -### Create file in /etc/sudoers.d directory. With this configuration, all users in the group tedge-users have the right to call the tedge command with sudo rights, which is required for system-wide configuration in "/etc/tedge" -echo "%tedge-users ALL = (ALL) /usr/bin/tedge" >/etc/sudoers.d/tedge-users +### Create file in /etc/sudoers.d directory. With this configuration, the tedge user have the right to call the tedge command with sudo rights, which is required for system-wide configuration in "/etc/tedge" +echo "tedge ALL = (ALL) NOPASSWD: /usr/bin/tedge, /etc/tedge/sm-plugins/[a-zA-Z0-9]*, /bin/sync, /sbin/init" >/etc/sudoers.d/tedge if [ -f "/etc/sudoers.d/010_pi-nopasswd" ]; then - echo "%tedge-users ALL = (ALL) NOPASSWD: /usr/bin/tedge" >/etc/sudoers.d/tedge-users-nopasswd + echo "tedge ALL = (ALL) NOPASSWD: /usr/bin/tedge, /etc/tedge/sm-plugins/[a-zA-Z0-9]*, /bin/sync, /sbin/init" >/etc/sudoers.d/tedge-nopasswd fi # Initialize the tedge diff --git a/configuration/debian/tedge/postrm b/configuration/debian/tedge/postrm index 27c334de..ab676b96 100644 --- a/configuration/debian/tedge/postrm +++ b/configuration/debian/tedge/postrm @@ -7,19 +7,19 @@ remove_user_tedge() { fi } -remove_tedge_users_group() { - if getent group tedge-users > /dev/null; then - groupdel tedge-users +remove_tedge_group() { + if getent group tedge > /dev/null; then + groupdel tedge fi } remove_sudoers_file() { - if [ -f "/etc/sudoers.d/tedge-users" ]; then - rm /etc/sudoers.d/tedge-users + if [ -f "/etc/sudoers.d/tedge" ]; then + rm /etc/sudoers.d/tedge fi - if [ -f "/etc/sudoers.d/tedge-users-nopasswd" ]; then - rm /etc/sudoers.d/tedge-users-nopasswd + if [ -f "/etc/sudoers.d/tedge-nopasswd" ]; then + rm /etc/sudoers.d/tedge-nopasswd fi } @@ -44,7 +44,7 @@ purge_var_log() { case "$1" in purge) remove_user_tedge - remove_tedge_users_group + remove_tedge_group remove_mosquitto_edit remove_sudoers_file purge_configs @@ -53,7 +53,7 @@ case "$1" in remove) remove_user_tedge - remove_tedge_users_group + remove_tedge_group remove_mosquitto_edit remove_sudoers_file ;; diff --git a/configuration/debian/tedge_agent/postinst b/configuration/debian/tedge_agent/postinst index 7430e3dc..4059b182 100644 --- a/configuration/debian/tedge_agent/postinst +++ b/configuration/debian/tedge_agent/postinst @@ -2,26 +2,6 @@ set -e -### Create a group "tedge-agent" if not created before -if ! getent group tedge-agent >/dev/null; then - addgroup --quiet --system tedge-agent -fi - -### Create a user "tedge-agent" if not created before -# Create user tedge-agent with no home(--no-create-home), no login(--shell) and in group tedge-agent(--ingroup) -if ! getent passwd tedge-agent >/dev/null; then - adduser --quiet --system --no-create-home --ingroup tedge-agent --shell /usr/sbin/nologin tedge-agent - adduser tedge-agent tedge -fi - -### Create file in /etc/sudoers.d directory -# tedge-agent needs to execute some of its operations as a system user therefore it needs an entry in /etc/sudoers. -echo "%tedge-agent ALL = (ALL) NOPASSWD: /etc/tedge/sm-plugins/[a-zA-Z0-9]*, /bin/sync, /sbin/init" >/etc/sudoers.d/tedge-agent - -if [ -f "/etc/sudoers.d/010_pi-nopasswd" ]; then - echo "%tedge-agent ALL = (ALL) NOPASSWD: /etc/tedge/sm-plugins/[a-zA-Z0-9]*, /bin/sync, /sbin/init" >/etc/sudoers.d/tedge-agent-nopasswd -fi - # Reenable the services only if systemctl is available if command -v systemctl >/dev/null; then ### Enable the sm services if the device is connected to c8y cloud @@ -33,6 +13,6 @@ if command -v systemctl >/dev/null; then fi # Initialize the agent -runuser -u tedge-agent -- tedge_agent --init +runuser -u tedge -- tedge_agent --init #DEBHELPER# diff --git a/configuration/debian/tedge_agent/postrm b/configuration/debian/tedge_agent/postrm index 115688e2..9b4c4681 100644 --- a/configuration/debian/tedge_agent/postrm +++ b/configuration/debian/tedge_agent/postrm @@ -1,23 +1,6 @@ #!/bin/sh set -e -remove_tedge_agent_user() { - if getent passwd tedge-agent >/dev/null; then - pkill -u tedge-agent || true - deluser --quiet --system tedge-agent - fi -} - -remove_sudoers_file() { - if [ -f "/etc/sudoers.d/tedge-agent" ]; then - rm /etc/sudoers.d/tedge-agent - fi - - if [ -f "/etc/sudoers.d/tedge-agent-nopasswd" ]; then - rm /etc/sudoers.d/tedge-agent-nopasswd - fi -} - purge_agent_directory() { if [ -d "/etc/tedge/.agent" ]; then rm -rf /etc/tedge/.agent @@ -26,17 +9,10 @@ purge_agent_directory() { case "$1" in purge) - remove_tedge_agent_user - remove_sudoers_file - purge_agent_directory - ;; - - remove) - remove_tedge_agent_user - remove_sudoers_file + purge_agent_directory ;; - upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) diff --git a/configuration/debian/tedge_mapper/postinst b/configuration/debian/tedge_mapper/postinst index a8625f3f..bb12342a 100644 --- a/configuration/debian/tedge_mapper/postinst +++ b/configuration/debian/tedge_mapper/postinst @@ -2,19 +2,8 @@ set -e -### Create a group "tedge-mapper" if not created before -if ! getent group tedge-mapper >/dev/null; then - addgroup --quiet --system tedge-mapper -fi - -### Create a user "tedge-mapper" if not created before -# Create user tedge-mapper with no home(--no-create-home), no login(--shell) and in group tedge(--ingroup) -if ! getent passwd tedge-mapper >/dev/null; then - adduser --quiet --system --no-create-home --ingroup tedge-mapper --shell /usr/sbin/nologin tedge-mapper - adduser tedge-mapper tedge -fi ### Initialize the sm mapper -runuser -u tedge-mapper -- tedge_mapper --init c8y -runuser -u tedge-mapper -- tedge_mapper --init az +runuser -u tedge -- tedge_mapper --init c8y +runuser -u tedge -- tedge_mapper --init az #DEBHELPER# diff --git a/configuration/debian/tedge_mapper/postrm b/configuration/debian/tedge_mapper/postrm index eec30fbb..150afe9d 100644 --- a/configuration/debian/tedge_mapper/postrm +++ b/configuration/debian/tedge_mapper/postrm @@ -1,13 +1,6 @@ #!/bin/sh set -e -remove_tedge_mapper_user() { - if getent passwd tedge-mapper >/dev/null; then - pkill -u tedge-mapper || true - deluser --quiet --system tedge-mapper - fi -} - purge_operations() { if [ -d "/etc/tedge/operations" ]; then rm -rf /etc/tedge/operations @@ -16,12 +9,10 @@ purge_operations() { case "$1" in purge) - remove_tedge_mapper_user - purge_operations + purge_operations ;; remove) - remove_tedge_mapper_user ;; upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) diff --git a/configuration/init/systemd/tedge-agent.service b/configuration/init/systemd/tedge-agent.service index 70f0ee9d..6d954ffe 100644 --- a/configuration/init/systemd/tedge-agent.service +++ b/configuration/init/systemd/tedge-agent.service @@ -3,7 +3,7 @@ Description=tedge-agent is a thin-edge.io component to support operations. After=syslog.target network.target mosquitto.service [Service] -User=tedge-agent +User=tedge RuntimeDirectory=tedge_agent ExecStart=/usr/bin/tedge_agent Restart=on-failure diff --git a/configuration/init/systemd/tedge-mapper-az.service b/configuration/init/systemd/tedge-mapper-az.service index b87c3d23..062f1d89 100644 --- a/configuration/init/systemd/tedge-mapper-az.service +++ b/configuration/init/systemd/tedge-mapper-az.service @@ -3,7 +3,7 @@ Description=tedge-mapper-az checks Thin Edge JSON measurements and forwards to A After=syslog.target network.target mosquitto.service [Service] -User=tedge-mapper +User=tedge ExecStart=/usr/bin/tedge_mapper az Restart=on-failure RestartPreventExitStatus=255 diff --git a/configuration/init/systemd/tedge-mapper-c8y.service b/configuration/init/systemd/tedge-mapper-c8y.service index a6de52ea..bfa85775 100644 --- a/configuration/init/systemd/tedge-mapper-c8y.service +++ b/configuration/init/systemd/tedge-mapper-c8y.service @@ -3,7 +3,7 @@ Description=tedge-mapper-c8y converts Thin Edge JSON measurements to Cumulocity After=syslog.target network.target mosquitto.service [Service] -User=tedge-mapper +User=tedge ExecStart=/usr/bin/tedge_mapper c8y Restart=on-failure RestartPreventExitStatus=255 diff --git a/configuration/init/systemd/tedge-mapper-collectd.service b/configuration/init/systemd/tedge-mapper-collectd.service index 0499c3c9..62e86a49 100644 --- a/configuration/init/systemd/tedge-mapper-collectd.service +++ b/configuration/init/systemd/tedge-mapper-collectd.service @@ -3,7 +3,7 @@ Description=tedge-mapper-collectd converts Thin Edge JSON measurements to Cumulo After=syslog.target network.target mosquitto.service [Service] -User=tedge-mapper +User=tedge ExecStart=/usr/bin/tedge_mapper collectd Restart=on-failure RestartPreventExitStatus=255 -- cgit v1.2.3