Skip to content

Commit

Permalink
Improve ownership and permissions of files in deb and rpm packages (o…
Browse files Browse the repository at this point in the history
…pensearch-project#3898)

Signed-off-by: Romain Tartière <[email protected]>
Signed-off-by: Peter Zhu <[email protected]>
  • Loading branch information
smortex authored and peterzhuamazon committed Sep 19, 2023
1 parent 240fde6 commit f4f2968
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 15 deletions.
12 changes: 9 additions & 3 deletions scripts/pkg/build_templates/opensearch/deb/debian/postinst
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,17 @@ if ! grep -q '## OpenSearch Performance Analyzer' ${config_dir}/jvm.options; the
echo "--add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED" >> ${config_dir}/jvm.options
fi

# Set owner
chown -R opensearch.opensearch ${product_dir}
# Set ownership and permissions
# FIXME: the opensearch service should not have w permission in the config directory
chown -R opensearch.opensearch ${config_dir}
chown -R opensearch.opensearch ${log_dir}
chmod -R u=rwX,g=rX,o= ${config_dir}

chown -R opensearch.adm ${log_dir}
chmod 750 ${log_dir}

chown -R opensearch.opensearch ${data_dir}
chmod 750 ${data_dir}

chown -R opensearch.opensearch ${pid_dir}

# Reload systemctl daemon
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ ln -s ${data_dir} ${buildroot}${product_dir}/data
ln -s ${log_dir} ${buildroot}${product_dir}/logs

# Change Permissions
chmod -Rf a+rX,u+w,g-w,o-w ${buildroot}/*
chmod -Rf g-s ${buildroot}/*
chmod -Rf u=rwX,g=rX,o=rX ${buildroot}/*

exit 0
27 changes: 16 additions & 11 deletions scripts/pkg/build_templates/opensearch/rpm/opensearch.rpm.spec
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,8 @@ if [ ! -f %{buildroot}%{data_dir}/performance_analyzer_enabled.conf ]; then
echo 'true' > %{buildroot}%{data_dir}/performance_analyzer_enabled.conf
fi
# Change Permissions
chmod -Rf a+rX,u+w,g-w,o-w %{buildroot}/*
chmod -Rf g-s %{buildroot}/*
chmod -Rf u=rwX,g=rX,o= %{buildroot}/etc
exit 0

%pre
Expand Down Expand Up @@ -150,13 +151,6 @@ exit 0
# Permissions
%defattr(-, %{name}, %{name})

# Root dirs/docs/licenses
%dir %{product_dir}
%doc %{product_dir}/NOTICE.txt
%doc %{product_dir}/README.md
%license %{product_dir}/LICENSE.txt
%{product_dir}/manifest.yml

# Config dirs/files
%dir %{config_dir}
%{config_dir}/jvm.options.d
Expand All @@ -175,16 +169,27 @@ exit 0
%attr(0644, root, root) %config(noreplace) %{_prefix}/lib/sysctl.d/%{name}.conf
%attr(0644, root, root) %config(noreplace) %{_prefix}/lib/tmpfiles.d/%{name}.conf

%dir %attr(750, %{name}, %{name}) %{data_dir}
%attr(750, %{name}, %{name}) %{log_dir}
%attr(750, %{name}, %{name}) %{pid_dir}

# Permissions
%defattr(-, root, root)

# Root dirs/docs/licenses
%dir %{product_dir}
%doc %{product_dir}/NOTICE.txt
%doc %{product_dir}/README.md
%license %{product_dir}/LICENSE.txt
%{product_dir}/manifest.yml

# Main dirs
%{product_dir}/bin
%{product_dir}/jdk
%{product_dir}/lib
%{product_dir}/modules
%{product_dir}/performance-analyzer-rca
%{product_dir}/plugins
%{log_dir}
%{pid_dir}
%dir %{data_dir}

# Symlinks
%{product_dir}/data
Expand Down

0 comments on commit f4f2968

Please sign in to comment.