coolaj86
/
goldilocks.js
1
0
Fork 1
Code Issues Pull Requests Releases Activity

don't let perms on / get messed up by systemd

This commit is contained in:
AJ ONeal 2017-11-07 15:39:36 -07:00
parent ccf45ab06e
commit fbdf0e8a28
3 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
dist/etc/tmpfiles.d/goldilocks.conf vendored
View File

@ -2,9 +2,9 @@
# See https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html # See https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
# Type Path Mode UID GID Age Argument # Type Path Mode UID GID Age Argument
#d /etc/goldilocks 0755 www-data www-data - - #d /etc/goldilocks 0755 MY_USER MY_GROUP - -
#d /opt/goldilocks 0775 www-data www-data - - #d /opt/goldilocks 0775 MY_USER MY_GROUP - -
#d /srv/www 0775 www-data www-data - - #d /srv/www 0775 MY_USER MY_GROUP - -
#d /etc/ssl/goldilocks 0750 www-data www-data - - #d /etc/ssl/goldilocks 0750 MY_USER MY_GROUP - -
#d /var/log/goldilocks 0750 www-data www-data - - #d /var/log/goldilocks 0750 MY_USER MY_GROUP - -
#d /run/goldilocks 0755 www-data www-data - - d /run/goldilocks 0755 MY_USER MY_GROUP - -

4
installer/install-for-systemd.sh
View File

@ -11,6 +11,10 @@ sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_service" > "$my_app_dis
sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_service.2" > "$my_app_dist/$my_app_systemd_service" sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_service.2" > "$my_app_dist/$my_app_systemd_service"
rm "$my_app_dist/$my_app_systemd_service.2" rm "$my_app_dist/$my_app_systemd_service.2"
safe_copy_config "$my_app_dist/$my_app_systemd_service" "$my_root/$my_app_systemd_service" safe_copy_config "$my_app_dist/$my_app_systemd_service" "$my_root/$my_app_systemd_service"
sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_tmpfiles" > "$my_app_dist/$my_app_systemd_tmpfiles.2"
sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_tmpfiles.2" > "$my_app_dist/$my_app_systemd_tmpfiles"
rm "$my_app_dist/$my_app_systemd_tmpfiles.2"
safe_copy_config "$my_app_dist/$my_app_systemd_tmpfiles" "$my_root/$my_app_systemd_tmpfiles" safe_copy_config "$my_app_dist/$my_app_systemd_tmpfiles" "$my_root/$my_app_systemd_tmpfiles"
$sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null || true $sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null || true

5
installer/install.sh
View File

@ -122,8 +122,11 @@ echo "User $my_user Group $my_group"
$sudo_cmd chown -R $my_user:$my_group $my_tmp/* $sudo_cmd chown -R $my_user:$my_group $my_tmp/*
$sudo_cmd chown root:root $my_tmp/* $sudo_cmd chown root:root $my_tmp/*
$sudo_cmd chown root:root $my_tmp $sudo_cmd chown root:root $my_tmp
# don't even read $my_tmp/
# don't change permissions on /, /etc, etc # don't change permissions on /, /etc, etc
rsync -a --ignore-existing $my_tmp/ $my_root/ for my_dir in $my_tmp/*; do
rsync -a --ignore-existing $my_tmp/$my_dir/ $my_root/$my_dir/
done
rsync -a --ignore-existing $my_app_dist/etc/$my_name/$my_name.yml $my_root/etc/$my_name/$my_name.yml rsync -a --ignore-existing $my_app_dist/etc/$my_name/$my_name.yml $my_root/etc/$my_name/$my_name.yml
source ./installer/install-system-service.sh source ./installer/install-system-service.sh