diff options
Diffstat (limited to 'debian/ceph-common.postinst')
-rw-r--r-- | debian/ceph-common.postinst | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/debian/ceph-common.postinst b/debian/ceph-common.postinst new file mode 100644 index 000000000..e058d096e --- /dev/null +++ b/debian/ceph-common.postinst @@ -0,0 +1,118 @@ +#!/bin/sh +# -*- mode:sh; tab-width:8; indent-tabs-mode:nil -*- +# vim: set noet ts=8: +# postinst script for ceph-mds +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# +# postinst configure <most-recently-configured-version> +# old-postinst abort-upgrade <new-version> +# conflictor's-postinst abort-remove in-favour <package> <new-version> +# postinst abort-remove +# deconfigured's-postinst abort-deconfigure in-favour <failed-install-package> <version> [<removing conflicting-package> <version>] +# + +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +# Let the admin override these distro-specified defaults. This is NOT +# recommended! +[ -f "/etc/default/ceph" ] && . /etc/default/ceph + +[ -z "$SERVER_HOME" ] && SERVER_HOME=/var/lib/ceph +[ -z "$SERVER_USER" ] && SERVER_USER=ceph +[ -z "$SERVER_NAME" ] && SERVER_NAME="Ceph storage service" +[ -z "$SERVER_GROUP" ] && SERVER_GROUP=ceph +[ -z "$SERVER_UID" ] && SERVER_UID=64045 # alloc by Debian base-passwd maintainer +[ -z "$SERVER_GID" ] && SERVER_GID=$SERVER_UID + + +# Groups that the user will be added to, if undefined, then none. +[ -z "$SERVER_ADDGROUP" ] && SERVER_ADDGROUP= + +case "$1" in + configure) + # create user to avoid running server as root + # 1. create group if not existing + if ! getent group | grep -q "^$SERVER_GROUP:" ; then + echo -n "Adding group $SERVER_GROUP.." + addgroup --quiet --system --gid $SERVER_GID \ + $SERVER_GROUP 2>/dev/null ||true + echo "..done" + fi + # 2. create user if not existing + if ! getent passwd | grep -q "^$SERVER_USER:"; then + echo -n "Adding system user $SERVER_USER.." + adduser --quiet \ + --system \ + --no-create-home \ + --disabled-password \ + --home $SERVER_HOME \ + --uid $SERVER_UID \ + --gid $SERVER_GID \ + $SERVER_USER 2>/dev/null || true + echo "..done" + fi + # 3. adjust passwd entry + # NOTE: we should use "adduser --comment" if we don't need to + # support adduser <3.136. "adduser --gecos" is deprecated, + # and will be removed, so we don't use it. the first distro + # using --comment is debian/trixie or ubuntu/mantic. + echo -n "Setting system user $SERVER_USER properties.." + usermod --comment "$SERVER_NAME" \ + --gid $SERVER_GROUP \ + $SERVER_USER + # Unlock $SERVER_USER in case it is locked from an uninstall + if [ -f /etc/shadow ]; then + usermod -U -e '' $SERVER_USER + else + usermod -U $SERVER_USER + fi + echo "..done" + + # 4. adjust file and directory permissions + if ! dpkg-statoverride --list $SERVER_HOME >/dev/null; then + chown $SERVER_USER:$SERVER_GROUP $SERVER_HOME + chmod u=rwx,g=rx,o= $SERVER_HOME + fi + if ! dpkg-statoverride --list /var/log/ceph >/dev/null; then + # take care not to touch cephadm log subdirs + chown $SERVER_USER:$SERVER_GROUP /var/log/ceph + chown $SERVER_USER:$SERVER_GROUP /var/log/ceph/*.log* || true + # members of group ceph can log here, but cannot remove + # others' files. non-members cannot read any logs. + chmod u=rwx,g=rwxs,o=t /var/log/ceph + fi + + # 5. fix /var/run/ceph + if [ -d /var/run/ceph ]; then + echo -n "Fixing /var/run/ceph ownership.." + chown $SERVER_USER:$SERVER_GROUP /var/run/ceph + echo "..done" + fi + + # create /run/ceph. fail softly if systemd isn't present or + # something. + [ -x /bin/systemd-tmpfiles ] && systemd-tmpfiles --create || true + ;; + abort-upgrade|abort-remove|abort-deconfigure) + : + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 |