View Issue Details

IDProjectCategoryView StatusLast Update
0000099bareos-coreinstaller / packagespublic2015-03-25 19:18
Reporteruser12Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSUbuntuOS Version12.10
Product Version12.4.2 
Fixed in Version12.4.3 
Summary0000099: user bareos unable to operate tape changer due to wrong permissions
DescriptionBareos is not able to mount, label, do backup to tape because he is not allowed to: Results=cannot open SCSI device '/dev/sg3' - Permission denied
Steps To Reproduceroot@cardtech01:/etc/bareos# bconsole
Connecting to Director cardtech01:9101
1000 OK: cardtech01-dir Version: 12.4.1 (06 February 2013)
Enter a period to cancel a command.
*unmount storage=L700
Automatically selected Catalog: MyCatalog
Using Catalog "MyCatalog"
Connecting to Storage daemon L700 at cardtech01:9103 ...
Connecting to Storage daemon L700 at cardtech01:9103 ...
3991 Bad autochanger "loaded? drive 0" command: ERR=Child exited with code 1.
Results=cannot open SCSI device '/dev/sg3' - Permission denied
*mount storage=L700
Enter autochanger slot: 1
Connecting to Storage daemon L700 at cardtech01:9103 ...
3991 Bad autochanger "loaded? drive 0" command: ERR=Child exited with code 1.
Results=cannot open SCSI device '/dev/sg3' - Permission denied

3991 Bad autochanger "loaded? drive 0" command: ERR=Child exited with code 1.
Results=cannot open SCSI device '/dev/sg3' - Permission denied

3304 Issuing autochanger "load slot 1, drive 0" command.

3992 Bad autochanger "load slot 1, drive 0": ERR=Child died from signal 15: Termination.
Results=Program killed by BAREOS (timeout)
Additional Informationroot@cardtech01:/etc/bareos# ps aux | grep bareos
root 1456 0.0 0.2 272672 2044 ? Ssl Feb25 0:09 /usr/sbin/bareos-fd -c /etc/bareos/bareos-fd.conf
bareos 29563 0.0 0.2 553740 2660 ? Ssl Feb25 0:09 /usr/sbin/bareos-sd -c /etc/bareos/bareos-sd.conf
bareos 30007 0.0 0.4 567280 4852 ? Ssl Feb25 0:12 /usr/sbin/bareos-dir -c /etc/bareos/bareos-dir.conf

ls -lh /dev/sg3
crw-rw---- 1 root tape 21, 3 Feb 25 15:04 /dev/sg3

root@cardtech01:/etc/bareos# ls -lh
insgesamt 116K
-rw-r----- 1 bareos bareos 9,2K Feb 25 19:02 bareos-dir.conf
-rw-r----- 1 root bareos 1006 Feb 25 12:36 bareos-fd.conf
-rw-r----- 1 bareos bareos 2,5K Feb 25 15:10 bareos-sd.conf
-rw-r----- 1 root bareos 194 Feb 25 12:36 bconsole.conf
-rw-r--r-- 1 root root 78K Feb 25 16:06 btape_segmentation_violation.txt
lrwxrwxrwx 1 root root 20 Feb 25 15:40 btraceback -> /usr/sbin/btraceback
-rw-r--r-- 1 root root 6,9K Feb 25 19:08 bugs.txt
-rw-r--r-- 1 root root 1,5K Feb 20 09:26 mtx-changer.conf


by the way:
root@cardtech01:/etc/bareos# grep -in kern /etc/init.d/bareos*
/etc/init.d/bareos-dir:7:# Kern E. Sibbald - 21 March 2008
/etc/init.d/bareos-fd:7:# Kern E. Sibbald - 21 March 2008
/etc/init.d/bareos-sd:7:# Kern E. Sibbald - 21 March 2008
TagsNo tags attached.

Activities

mvwieringen

mvwieringen

2013-02-26 10:24

developer   ~0000173

About the last entries, Yes Kern is the Author of the original scripts
you cannot just remove that (copyright etc.)

About the actual problem what does id -a bareos show because I guess its
missing being added to the tape group as secondary group but for that we need
the output of id -a.

user12

2013-02-26 10:25

  ~0000174

root@cardtech01:/etc/bareos# id -a bareos
uid=106(bareos) gid=113(bareos) Gruppen=113(bareos)
mvwieringen

mvwieringen

2013-02-26 10:59

developer   ~0000179

See specfile there is code there in the post action of the storage
daemon to setup the secondary groups maybe this should be moved to
bareos-config so it can be reused on debian based systems.
joergs

joergs

2013-03-01 10:06

developer  

0001-add-daemon-user-to-required-groups.patch (24,697 bytes)   
From ad386a5f5a088cf7b500ac26fb36ba5791237294 Mon Sep 17 00:00:00 2001
From: Marco van Wieringen <marco.van.wieringen@bareos.com>
Date: Wed, 27 Feb 2013 10:44:06 +0100
Subject: [PATCH 1/2] add daemon user to required groups

bareos storage daemon user must be in groups tape and/or disk
to be able to access tape devices.
Due to different behavior of different distributions
(install order if not always the same),
every package that requires a specific group/user set this up on its own.

preinstall:
  bareos-common: setup default daemon group bareos and user bareos
  bareos-filedaemon: setup fd group (bareos) and user (root)
  bareos-storage: setup sd group (bareos) and user (bareos)
  bareos-director: setup dir group (bareos) and user (bareos)

postinstall:
  bareos-storage:
    call bareos-config setup_sd_user, which
    checks if sd group and user exists, otherwise it creates them,
    and add the sd user (bareos) to the groups tape and disk, if they exists.

Tested on: Debian 6, Ubuntu 12.04 (32bit), SLES11SP2, Centos5

Fixes #99: user bareos unable to operate tape changer due to wrong permissions
---
 autoconf/configure.in               |    4 ++
 debian/bareos-common.preinst        |   66 -----------------------------
 debian/bareos-common.preinst.in     |   63 ++++++++++++++++++++++++++++
 debian/bareos-director.preinst      |   71 -------------------------------
 debian/bareos-director.preinst.in   |   63 ++++++++++++++++++++++++++++
 debian/bareos-filedaemon.preinst    |   71 -------------------------------
 debian/bareos-filedaemon.preinst.in |   63 ++++++++++++++++++++++++++++
 debian/bareos-storage.postinst      |    1 +
 debian/bareos-storage.preinst       |   71 -------------------------------
 debian/bareos-storage.preinst.in    |   63 ++++++++++++++++++++++++++++
 platforms/rpms/bareos.spec          |   78 +++++++++--------------------------
 scripts/bareos-config.in            |   76 +++++++++++++++++++++++++++++++---
 12 Dateien geändert, 347 Zeilen hinzugefügt(+), 343 Zeilen entfernt(-)
 delete mode 100644 debian/bareos-common.preinst
 create mode 100644 debian/bareos-common.preinst.in
 delete mode 100644 debian/bareos-director.preinst
 create mode 100644 debian/bareos-director.preinst.in
 delete mode 100644 debian/bareos-filedaemon.preinst
 create mode 100644 debian/bareos-filedaemon.preinst.in
 delete mode 100644 debian/bareos-storage.preinst
 create mode 100644 debian/bareos-storage.preinst.in

diff --git a/autoconf/configure.in b/autoconf/configure.in
index d82dc8c..0332473 100644
--- a/autoconf/configure.in
+++ b/autoconf/configure.in
@@ -3633,6 +3633,10 @@ fi
 AC_OUTPUT([autoconf/Make.common \
 	   Makefile \
 	   manpages/Makefile \
+	   debian/bareos-common.preinst \
+	   debian/bareos-filedaemon.preinst \
+	   debian/bareos-director.preinst \
+	   debian/bareos-storage.preinst \
 	   scripts/bareos-config \
 	   scripts/btraceback \
 	   scripts/bconsole \
diff --git a/debian/bareos-common.preinst b/debian/bareos-common.preinst
deleted file mode 100644
index 98c8b4f..0000000
--- a/debian/bareos-common.preinst
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/bin/sh
-# preinst script for bareos
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <new-preinst> `install'
-#        * <new-preinst> `install' <old-version>
-#        * <new-preinst> `upgrade' <old-version>
-#        * <old-preinst> `abort-upgrade' <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-daemon_user=bareos
-daemon_group=bareos
-
-working_dir=/var/lib/bareos
-
-create_group()
-{
-  # creating group if he isn't already there
-  if ! getent group $daemon_group >/dev/null; then
-        # Adding system group
-        addgroup --system $daemon_group >/dev/null
-  fi
-}
-
-create_user()
-{
-  # creating user if he isn't already there
-  if ! getent passwd $daemon_user >/dev/null; then
-        # Adding system user
-        adduser \
-          --system \
-          --disabled-login \
-          --ingroup $daemon_group \
-          --home $working_dir \
-          --gecos "Bareos" \
-          --shell /bin/false \
-          $daemon_user  >/dev/null
-  fi
-}
-
-case "$1" in
-    install|upgrade)
-      create_group
-      create_user
-    ;;
-
-    abort-upgrade)
-    ;;
-
-    *)
-        echo "preinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/bareos-common.preinst.in b/debian/bareos-common.preinst.in
new file mode 100644
index 0000000..7518a82
--- /dev/null
+++ b/debian/bareos-common.preinst.in
@@ -0,0 +1,63 @@
+#!/bin/sh
+# preinst script for bareos
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+daemon_user=bareos
+daemon_group=bareos
+
+WORKING_DIR="@working_dir@"
+
+
+create_group()
+{
+    [ -z "$1" ] && return
+    # creating group if he isn't already there.
+    # use addgroup instead of groupadd,
+    # because "addgroup" uses the next available number,
+    # while "groupadd" uses uses GID_MIN -1 (999)
+    getent group $1 > /dev/null || addgroup -q --system $1
+}
+
+create_user()
+{
+    [ -z "$1" ] && return
+    # creating user if he isn't already there.
+    # use adduser instead of useradd,
+    # because "adduser" uses the next available number,
+    # while "useradd" uses uses UID_MIN -1 (999)
+    getent passwd $1 > /dev/null || adduser -q --system --ingroup $daemon_group --home "$WORKING_DIR" --no-create-home --gecos "$1" $1
+}
+
+
+case "$1" in
+    install|upgrade)
+      create_group $daemon_group
+      create_user  $daemon_user
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/bareos-director.preinst b/debian/bareos-director.preinst
deleted file mode 100644
index 5b3558e..0000000
--- a/debian/bareos-director.preinst
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/sh
-# preinst script for bareos
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <new-preinst> `install'
-#        * <new-preinst> `install' <old-version>
-#        * <new-preinst> `upgrade' <old-version>
-#        * <old-preinst> `abort-upgrade' <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-daemon_user=bareos
-daemon_group=bareos
-
-director_daemon_user=$daemon_user
-#storage_daemon_user=$daemon_user
-#file_daemon_user=root
-#storage_daemon_group=$daemon_group
-
-working_dir=/var/lib/bareos
-
-create_group()
-{
-  # creating group if he isn't already there
-  if ! getent group $daemon_group >/dev/null; then
-        # Adding system group
-        addgroup --system $daemon_group >/dev/null
-  fi
-}
-
-create_user()
-{
-  # creating user if he isn't already there
-  if ! getent passwd $director_daemon_user >/dev/null; then
-        # Adding system user
-        adduser \
-          --system \
-          --disabled-login \
-          --ingroup $daemon_group \
-          --home $working_dir \
-          --gecos "Bareos" \
-          --shell /bin/false \
-          $director_daemon_user  >/dev/null
-fi
-}
-
-case "$1" in
-    install|upgrade)
-      create_group
-      create_user
-    ;;
-
-    abort-upgrade)
-    ;;
-
-    *)
-        echo "preinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/bareos-director.preinst.in b/debian/bareos-director.preinst.in
new file mode 100644
index 0000000..f788800
--- /dev/null
+++ b/debian/bareos-director.preinst.in
@@ -0,0 +1,63 @@
+#!/bin/sh
+# preinst script for bareos
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+daemon_group=@dir_group@
+daemon_user=@dir_user@
+
+WORKING_DIR="@working_dir@"
+
+
+create_group()
+{
+    [ -z "$1" ] && return
+    # creating group if he isn't already there.
+    # use addgroup instead of groupadd,
+    # because "addgroup" uses the next available number,
+    # while "groupadd" uses uses GID_MIN -1 (999)
+    getent group $1 > /dev/null || addgroup -q --system $1
+}
+
+create_user()
+{
+    [ -z "$1" ] && return
+    # creating user if he isn't already there.
+    # use adduser instead of useradd,
+    # because "adduser" uses the next available number,
+    # while "useradd" uses uses UID_MIN -1 (999)
+    getent passwd $1 > /dev/null || adduser -q --system --ingroup $daemon_group --home "$WORKING_DIR" --no-create-home --gecos "$1" $1
+}
+
+
+case "$1" in
+    install|upgrade)
+      create_group ${daemon_group}
+      create_user  ${daemon_user}
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/bareos-filedaemon.preinst b/debian/bareos-filedaemon.preinst
deleted file mode 100644
index c3b7aba..0000000
--- a/debian/bareos-filedaemon.preinst
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/sh
-# preinst script for bareos
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <new-preinst> `install'
-#        * <new-preinst> `install' <old-version>
-#        * <new-preinst> `upgrade' <old-version>
-#        * <old-preinst> `abort-upgrade' <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-daemon_user=bareos
-daemon_group=bareos
-
-#director_daemon_user=$daemon_user
-#storage_daemon_user=$daemon_user
-#file_daemon_user=root
-#storage_daemon_group=$daemon_group
-
-working_dir=/var/lib/bareos
-
-create_group()
-{
-  # creating group if he isn't already there
-  if ! getent group $daemon_group >/dev/null; then
-        # Adding system group
-        addgroup --system $daemon_group >/dev/null
-  fi
-}
-
-create_user()
-{
-  # creating user if he isn't already there
-  if ! getent passwd $director_daemon_use >/dev/null; then
-        # Adding system user
-        adduser \
-          --system \
-          --disabled-login \
-          --ingroup $daemon_group \
-          --home $working_dir \
-          --gecos "Bareos" \
-          --shell /bin/false \
-          $director_daemon_user  >/dev/null
-fi
-}
-
-case "$1" in
-    install|upgrade)
-      create_group
-      #create_user
-    ;;
-
-    abort-upgrade)
-    ;;
-
-    *)
-        echo "preinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/bareos-filedaemon.preinst.in b/debian/bareos-filedaemon.preinst.in
new file mode 100644
index 0000000..f788800
--- /dev/null
+++ b/debian/bareos-filedaemon.preinst.in
@@ -0,0 +1,63 @@
+#!/bin/sh
+# preinst script for bareos
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+daemon_group=@dir_group@
+daemon_user=@dir_user@
+
+WORKING_DIR="@working_dir@"
+
+
+create_group()
+{
+    [ -z "$1" ] && return
+    # creating group if he isn't already there.
+    # use addgroup instead of groupadd,
+    # because "addgroup" uses the next available number,
+    # while "groupadd" uses uses GID_MIN -1 (999)
+    getent group $1 > /dev/null || addgroup -q --system $1
+}
+
+create_user()
+{
+    [ -z "$1" ] && return
+    # creating user if he isn't already there.
+    # use adduser instead of useradd,
+    # because "adduser" uses the next available number,
+    # while "useradd" uses uses UID_MIN -1 (999)
+    getent passwd $1 > /dev/null || adduser -q --system --ingroup $daemon_group --home "$WORKING_DIR" --no-create-home --gecos "$1" $1
+}
+
+
+case "$1" in
+    install|upgrade)
+      create_group ${daemon_group}
+      create_user  ${daemon_user}
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/bareos-storage.postinst b/debian/bareos-storage.postinst
index 71eac88..252d105 100644
--- a/debian/bareos-storage.postinst
+++ b/debian/bareos-storage.postinst
@@ -40,6 +40,7 @@ enable_rc_scripts()
 case "$1" in
     configure)
         permissions
+        /usr/lib/bareos/scripts/bareos-config setup_sd_user
         /usr/lib/bareos/scripts/bareos-config initialize_local_hostname
         /usr/lib/bareos/scripts/bareos-config initialize_passwords
         enable_rc_scripts
diff --git a/debian/bareos-storage.preinst b/debian/bareos-storage.preinst
deleted file mode 100644
index d8c898a..0000000
--- a/debian/bareos-storage.preinst
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/sh
-# preinst script for bareos
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <new-preinst> `install'
-#        * <new-preinst> `install' <old-version>
-#        * <new-preinst> `upgrade' <old-version>
-#        * <old-preinst> `abort-upgrade' <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-daemon_user=bareos
-daemon_group=bareos
-
-#director_daemon_user=$daemon_user
-storage_daemon_user=$daemon_user
-#file_daemon_user=root
-storage_daemon_group=$daemon_group
-
-working_dir=/var/lib/bareos
-
-create_group()
-{
-  # creating group if he isn't already there
-  if ! getent group $daemon_group >/dev/null; then
-        # Adding system group
-        addgroup --system $daemon_group >/dev/null
-  fi
-}
-
-create_user()
-{
-  # creating user if he isn't already there
-  if ! getent passwd $storage_daemon_user >/dev/null; then
-        # Adding system user
-        adduser \
-          --system \
-          --disabled-login \
-          --ingroup $storage_daemon_group \
-          --home $working_dir \
-          --gecos "Bareos" \
-          --shell /bin/false \
-          $storage_daemon_user  >/dev/null
-  fi
-}
-
-case "$1" in
-    install|upgrade)
-      create_group
-      create_user
-    ;;
-
-    abort-upgrade)
-    ;;
-
-    *)
-        echo "preinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/bareos-storage.preinst.in b/debian/bareos-storage.preinst.in
new file mode 100644
index 0000000..f788800
--- /dev/null
+++ b/debian/bareos-storage.preinst.in
@@ -0,0 +1,63 @@
+#!/bin/sh
+# preinst script for bareos
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+daemon_group=@dir_group@
+daemon_user=@dir_user@
+
+WORKING_DIR="@working_dir@"
+
+
+create_group()
+{
+    [ -z "$1" ] && return
+    # creating group if he isn't already there.
+    # use addgroup instead of groupadd,
+    # because "addgroup" uses the next available number,
+    # while "groupadd" uses uses GID_MIN -1 (999)
+    getent group $1 > /dev/null || addgroup -q --system $1
+}
+
+create_user()
+{
+    [ -z "$1" ] && return
+    # creating user if he isn't already there.
+    # use adduser instead of useradd,
+    # because "adduser" uses the next available number,
+    # while "useradd" uses uses UID_MIN -1 (999)
+    getent passwd $1 > /dev/null || adduser -q --system --ingroup $daemon_group --home "$WORKING_DIR" --no-create-home --gecos "$1" $1
+}
+
+
+case "$1" in
+    install|upgrade)
+      create_group ${daemon_group}
+      create_user  ${daemon_user}
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/platforms/rpms/bareos.spec b/platforms/rpms/bareos.spec
index d99dde1..78dcbe9 100644
--- a/platforms/rpms/bareos.spec
+++ b/platforms/rpms/bareos.spec
@@ -824,6 +824,15 @@ echo "This is a meta package to install a full bareos system" > %{buildroot}%{_d
 %nil
 %endif
 
+%define create_group() \
+getent group %1 > /dev/null || groupadd -r %1 \
+%nil
+
+# shell: use /bin/false, because nologin has different paths on different distributions
+%define create_user() \
+getent passwd %1 > /dev/null || useradd -r --comment "%1" --home %{working_dir} -g %{daemon_group} --shell /bin/false %1 \
+%nil
+
 %post director
 %{script_dir}/bareos-config initialize_local_hostname
 %{script_dir}/bareos-config initialize_passwords
@@ -831,6 +840,9 @@ echo "This is a meta package to install a full bareos system" > %{buildroot}%{_d
 %add_service_start bareos-dir
 
 %post storage
+# pre script has already generated the storage daemon user,
+# but here we add the user to additional groups
+%{script_dir}/bareos-config setup_sd_user
 %{script_dir}/bareos-config initialize_local_hostname
 %{script_dir}/bareos-config initialize_passwords
 %add_service_start bareos-sd
@@ -889,73 +901,23 @@ echo "This is a meta package to install a full bareos system" > %{buildroot}%{_d
 %endif
 
 %pre director
-if [ "%{director_daemon_user}" != "root" -a "%{director_daemon_user}" != "%{daemon_user}" ]; then
-   getent passwd %{director_daemon_user} > /dev/null || useradd -r -c "Bareos" -d %{working_dir} -g %{daemon_group} -M -s /sbin/nologin %{director_daemon_user}
-fi
+%create_group %{daemon_group}
+%create_user  %{director_daemon_user}
 exit 0
 
 %pre storage
-#
-# See what secondary groups exist for the sd user to be added to.
-#
-SEC_GROUPS="tape disk"
-ADD_GROUPS=""
-for sec_group in ${SEC_GROUPS}
-do
-   cnt=`getent group ${sec_group} | wc -l`
-   if [ ${cnt} -gt 0 ]; then
-      [ -z ${ADD_GROUPS} ] && ADD_GROUPS="${sec_group}" || ADD_GROUPS="${ADD_GROUPS},${sec_group}"
-   fi
-done
-
-if [ "%{storage_daemon_group}" != "%{daemon_group}" ]; then
-   getent group %{storage_daemon_group} > /dev/null || groupadd -r %{storage_daemon_group}
-fi
-
-#
-# If the user doesn't exist create a new one otherwise modify it to have
-# the wanted secondary groups.
-#
-if [ "%{storage_daemon_user}" != "root" -a "%{storage_daemon_user}" != "%{daemon_user}" ]; then
-   getent passwd %{storage_daemon_user} > /dev/null
-   if [ $? = 0 ]; then
-      #
-      # Make sure the correct primary group is set otherwise fix it.
-      #
-      if [ `id -gn %{storage_daemon_user}` != %{storage_daemon_group} ]; then
-         usermod -g %{storage_daemon_group} %{storage_daemon_user}
-      fi
-      #
-      # Make sure storage_daemon_user is part of the wanted secondary groups
-      #
-      usermod -G ${ADD_GROUPS} %{storage_daemon_user}
-   else
-      #
-      # Create a new storage_daemon_user
-      #
-      useradd -r -c "Bareos" -d %{working_dir} -g %{storage_daemon_group} -M -s /sbin/nologin %{storage_daemon_user}
-      #
-      # Make sure storage_daemon_user is part of the wanted secondary groups
-      #
-      usermod -G ${ADD_GROUPS} %{storage_daemon_user}
-   fi
-else
-   #
-   # Make sure storage_daemon_user is part of the wanted secondary groups
-   #
-   usermod -G ${ADD_GROUPS} %{storage_daemon_user}
-fi
+%create_group %{daemon_group}
+%create_user  %{storage_daemon_user}
 exit 0
 
 %pre filedaemon
-if [ "%{file_daemon_user}" != "root" -a "%{file_daemon_user}" != "%{daemon_user}" ]; then
-   getent passwd %{file_daemon_user} > /dev/null || useradd -r -c "Bareos" -d %{working_dir} -g %{daemon_group} -M -s /sbin/nologin %{file_daemon_user}
-fi
+%create_group %{daemon_group}
+%create_user  %{storage_daemon_user}
 exit 0
 
 %pre common
-getent group %{daemon_group} > /dev/null || groupadd -r %{daemon_group}
-getent passwd %{daemon_user} > /dev/null || useradd -r -c "Bareos" -d %{working_dir} -g %{daemon_group} -M -s /sbin/nologin %{daemon_user}
+%create_group %{daemon_group}
+%create_user  %{daemon_user}
 exit 0
 
 %preun director
diff --git a/scripts/bareos-config.in b/scripts/bareos-config.in
index e410837..0d20d8f 100644
--- a/scripts/bareos-config.in
+++ b/scripts/bareos-config.in
@@ -4,6 +4,16 @@ DIR_CFG=@sysconfdir@
 CFG_DIR=${DIR_CFG}/bareos-dir.conf
 DIR_SCRIPTS=@scriptdir@
 
+SEC_GROUPS="tape disk"
+
+WORKING_DIR="@working_dir@"
+FILE_DAEMON_USER="@fd_user@"
+FILE_DAEMON_GROUP="@fd_group@"
+STORAGE_DAEMON_USER="@sd_user@"
+STORAGE_DAEMON_GROUP="@sd_group@"
+DIRECTOR_DAEMON_USER="@dir_user@"
+DIRECTOR_DAEMON_GROUP="@dir_group@"
+
 PASSWORD_SUBST="\
 XXX_REPLACE_WITH_DIRECTOR_PASSWORD_XXX \
 XXX_REPLACE_WITH_CLIENT_PASSWORD_XXX \
@@ -13,6 +23,8 @@ XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX \
 XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX \
 "
 
+os_type=`uname -s`
+
 usage()
 {
 cat <<-EOT
@@ -48,32 +60,84 @@ is_function()
 
 get_user_fd()
 {
-    echo "@fd_user@"
+    echo "${FILE_DAEMON_USER}"
 }
 
 get_group_fd()
 {
-    echo "@fd_group@"
+    echo "${FILE_DAEMON_GROUP}"
 }
 
 get_user_sd()
 {
-    echo "@sd_user@"
+    echo "${STORAGE_DAEMON_USER}"
 }
 
 get_group_sd()
 {
-    echo "@sd_group@"
+    echo "${STORAGE_DAEMON_GROUP}"
 }
 
 get_user_dir()
 {
-    echo "@dir_user@"
+    echo "${DIRECTOR_DAEMON_USER}"
 }
 
 get_group_dir()
 {
-    echo "@dir_group@"
+    echo "${DIRECTOR_DAEMON_GROUP}"
+}
+
+[ ${os_type} = Linux ] && \
+setup_sd_user()
+{
+    #
+    # guaranties that storage-daemon user and group exists
+    # and storage-daemon user belongs to the required groups.
+    #
+    # normally, storage-daemon user
+    # is already installed by the package preinstall script.
+    #
+
+    #
+    # See what secondary groups exist for the sd user to be added to.
+    #
+    ADD_GROUPS=""
+    for sec_group in ${SEC_GROUPS}; do
+        cnt=`getent group ${sec_group} | wc -l`
+        if [ ${cnt} -gt 0 ]; then
+            [ -z "${ADD_GROUPS}" ] && ADD_GROUPS="-G ${sec_group}" || ADD_GROUPS="${ADD_GROUPS},${sec_group}"
+        fi
+    done
+
+    getent group ${STORAGE_DAEMON_GROUP} > /dev/null || groupadd -r ${STORAGE_DAEMON_GROUP}
+
+    #
+    # If the user doesn't exist create a new one otherwise modify it to have the wanted secondary groups.
+    #
+    if [ "${STORAGE_DAEMON_USER}" != "root" ]; then
+        getent passwd ${STORAGE_DAEMON_USER} > /dev/null
+        if [ $? -ne 0 ]; then
+            # create a new storage_daemon_user
+            useradd -r --comment "bareos" --home ${WORKING_DIR} -g ${STORAGE_DAEMON_GROUP} ${ADD_GROUPS} --shell /bin/false ${STORAGE_DAEMON_USER}
+        fi
+
+        # if the user has already created before,
+        # make sure the correct primary group is set otherwise fix it.
+        if [ "`id -gn ${STORAGE_DAEMON_USER}`" != "${STORAGE_DAEMON_GROUP}" ]; then
+            usermod -g ${STORAGE_DAEMON_GROUP} ${STORAGE_DAEMON_USER}
+        fi
+
+        # add the storage_daemon_user to additional groups (if defined)
+        [ "${ADD_GROUPS}" ] && usermod ${ADD_GROUPS} ${STORAGE_DAEMON_USER}
+    fi
+}
+
+[ ${os_type} != Linux ] && \
+setup_sd_user()
+{
+   echo "setup_sd_user() is not supported on this platform"
+   exit 1
 }
 
 get_database_driver()
-- 
1.7.10.4

joergs

joergs

2013-03-01 10:07

developer   ~0000218

Hi Marco, what do you think about the patch, I attached to this ticket?
mvwieringen

mvwieringen

2013-03-01 10:23

developer   ~0000219

Why not have an extra function in bareos-config to create the user ?

And why coding on debian the user creation so many times. What I did for
the Solaris packages is create the users only once in the package with the
libraries and as any package depends on that and its in the preinstall of
that package you are sure it always exists. I understand maybe some redhat
platforms are playing games with ordering (which is a bug if you ask me) but
this is for debian which I thought didn't play games. It just looks now we
have the same code "shell scripting" many times which if it needs changing
means changing in many places.
joergs

joergs

2013-03-01 10:44

developer   ~0000220

Intention have been, that RPM and DEB packages are as similar as possible.
Okay, this point looses significance, after I had to change back useradd to adduser on Debian.
This is also the reason, why group and user creation is still in preinstall. On Debian it should be enough, if user creation is done in postinstall.

Options:
- remove user creation from dir, sd and fd, as the group and user bareos are already created in bareos-common. When we decide to add additional users later on (lets say for the storage daemon), we have to add the preinstall-scripts again.
- I can move user creation functions to bareos-config and call them from Debian postinstall. However, the new function must distinguish between Linux/other Unixes and Debian and other Linux. Also here, you can decide if this should be done from every package or only bareos-common.

The RPM stuff should stay as in the patch, to avoid problems.
mvwieringen

mvwieringen

2013-03-01 15:55

developer   ~0000224

Discussed the options and decided to leave it as its now and take the
duplication of code as an unwanted side effect.

user12

2013-03-08 10:15

  ~0000253

Does this mean, that when installing bareos, the admin has to type "usermod -a -G tape bareos" to be able to operate his tape drive? In Bareos 12.4.2 it is the case - this is not going to change?

user12

2013-03-08 10:19

  ~0000254

bareos user should be in group tape, when installing bareos-storagedaemon - what do you think?
mvwieringen

mvwieringen

2013-03-08 10:29

developer   ~0000256

This bug is still being worked on, the decision was based on the question
before the response and has to do with the wanted solution direction not
that we won't add the user to the right group but that we will leave some
code in the final solution so that its in theory possible to use different
users for fd/sd/dir etc.
joergs

joergs

2013-03-08 13:58

developer   ~0000257

Marco, I'm not sure what to do here. I've included the patch into this ticket and we agreed, that this is a usable way to handle it. Of course, we both also see that it is far from being perfect.

So: will you add this patch to the code? If not: what option should I implement?
mvwieringen adm

mvwieringen adm

2013-08-13 03:12

administrator   ~0000605

Fix committed to bareos bareos-12.4 branch with changesetid 973.
mvwieringen

mvwieringen

2015-03-25 16:51

developer   ~0001386

Fix committed to bareos2015 bareos-13.2 branch with changesetid 4294.
joergs

joergs

2015-03-25 19:18

developer   ~0001541

Due to the reimport of the Github repository to bugs.bareos.org, the status of some tickets have been changed. These tickets will be closed again.
Sorry for the noise.

Related Changesets

bareos: bareos-12.4 05dde077

2013-05-04 13:14

mvwieringen adm

Ported: N/A

Details Diff
add daemon user to required groups

bareos storage daemon user must be in groups tape and/or disk
to be able to access tape devices.
Due to different behavior of different distributions
(install order if not always the same),
every package that requires a specific group/user set this up on its own.

preinstall:
bareos-common: setup default daemon group bareos and user bareos
bareos-filedaemon: setup fd group (bareos) and user (root)
bareos-storage: setup sd group (bareos) and user (bareos)
bareos-director: setup dir group (bareos) and user (bareos)

postinstall:
bareos-storage:
call bareos-config setup_sd_user, which
checks if sd group and user exists, otherwise it creates them,
and add the sd user (bareos) to the groups tape and disk, if they exists.

Tested on: Debian 6, Ubuntu 12.04 (32bit), SLES11SP2, Centos5

Fixes 0000099: user bareos unable to operate tape changer due to wrong permissions

Signed-off-by: Marco van Wieringen <marco.van.wieringen@bareos.com>
Affected Issues
0000099
mod - autoconf/configure.in Diff File
rm - debian/bareos-director.preinst Diff File
add - debian/bareos-director.preinst.in Diff File
rm - debian/bareos-filedaemon.preinst Diff File
add - debian/bareos-filedaemon.preinst.in Diff File
mod - debian/bareos-storage.postinst Diff File
rm - debian/bareos-storage.preinst Diff File
add - debian/bareos-storage.preinst.in Diff File
mod - platforms/rpms/bareos.spec Diff File
mod - scripts/bareos-config.in Diff File

bareos2015: bareos-12.4 6dcf8c33

2013-05-04 15:14

mvwieringen

Ported: N/A

Details Diff
add daemon user to required groups

bareos storage daemon user must be in groups tape and/or disk
to be able to access tape devices.
Due to different behavior of different distributions
(install order if not always the same),
every package that requires a specific group/user set this up on its own.

preinstall:
bareos-common: setup default daemon group bareos and user bareos
bareos-filedaemon: setup fd group (bareos) and user (root)
bareos-storage: setup sd group (bareos) and user (bareos)
bareos-director: setup dir group (bareos) and user (bareos)

postinstall:
bareos-storage:
call bareos-config setup_sd_user, which
checks if sd group and user exists, otherwise it creates them,
and add the sd user (bareos) to the groups tape and disk, if they exists.

Tested on: Debian 6, Ubuntu 12.04 (32bit), SLES11SP2, Centos5

Fixes 0000099: user bareos unable to operate tape changer due to wrong permissions

Signed-off-by: Marco van Wieringen <marco.van.wieringen@bareos.com>
Affected Issues
0000099
mod - autoconf/configure.in Diff File
rm - debian/bareos-director.preinst Diff File
add - debian/bareos-director.preinst.in Diff File
rm - debian/bareos-filedaemon.preinst Diff File
add - debian/bareos-filedaemon.preinst.in Diff File
mod - debian/bareos-storage.postinst Diff File
rm - debian/bareos-storage.preinst Diff File
add - debian/bareos-storage.preinst.in Diff File
mod - platforms/rpms/bareos.spec Diff File
mod - scripts/bareos-config.in Diff File

bareos: master 86b7b807

2013-05-04 21:11

mvwieringen adm

Ported: N/A

Details Diff
add daemon user to required groups

bareos storage daemon user must be in groups tape and/or disk
to be able to access tape devices.
Due to different behavior of different distributions
(install order if not always the same),
every package that requires a specific group/user set this up on its own.

preinstall:
bareos-common: setup default daemon group bareos and user bareos
bareos-filedaemon: setup fd group (bareos) and user (root)
bareos-storage: setup sd group (bareos) and user (bareos)
bareos-director: setup dir group (bareos) and user (bareos)

postinstall:
bareos-storage:
call bareos-config setup_sd_user, which
checks if sd group and user exists, otherwise it creates them,
and add the sd user (bareos) to the groups tape and disk, if they exists.

Tested on: Debian 6, Ubuntu 12.04 (32bit), SLES11SP2, Centos5

Fixes 0000099: user bareos unable to operate tape changer due to wrong permissions

Signed-off-by: Marco van Wieringen <marco.van.wieringen@bareos.com>
Affected Issues
0000099
mod - scripts/bareos-config.in Diff File
mod - platforms/rpms/bareos.spec Diff File
add - debian/bareos-storage.preinst.in Diff File
rm - debian/bareos-storage.preinst Diff File
mod - debian/bareos-storage.postinst Diff File
add - debian/bareos-filedaemon.preinst.in Diff File
rm - debian/bareos-filedaemon.preinst Diff File
add - debian/bareos-director.preinst.in Diff File
rm - debian/bareos-director.preinst Diff File
mod - autoconf/configure.in Diff File

bareos2015: bareos-13.2 9a69ea9e

2013-05-04 23:11

mvwieringen

Ported: N/A

Details Diff
add daemon user to required groups

bareos storage daemon user must be in groups tape and/or disk
to be able to access tape devices.
Due to different behavior of different distributions
(install order if not always the same),
every package that requires a specific group/user set this up on its own.

preinstall:
bareos-common: setup default daemon group bareos and user bareos
bareos-filedaemon: setup fd group (bareos) and user (root)
bareos-storage: setup sd group (bareos) and user (bareos)
bareos-director: setup dir group (bareos) and user (bareos)

postinstall:
bareos-storage:
call bareos-config setup_sd_user, which
checks if sd group and user exists, otherwise it creates them,
and add the sd user (bareos) to the groups tape and disk, if they exists.

Tested on: Debian 6, Ubuntu 12.04 (32bit), SLES11SP2, Centos5

Fixes 0000099: user bareos unable to operate tape changer due to wrong permissions

Signed-off-by: Marco van Wieringen <marco.van.wieringen@bareos.com>
Affected Issues
0000099
mod - autoconf/configure.in Diff File
rm - debian/bareos-director.preinst Diff File
add - debian/bareos-director.preinst.in Diff File
rm - debian/bareos-filedaemon.preinst Diff File
add - debian/bareos-filedaemon.preinst.in Diff File
mod - debian/bareos-storage.postinst Diff File
rm - debian/bareos-storage.preinst Diff File
add - debian/bareos-storage.preinst.in Diff File
mod - platforms/rpms/bareos.spec Diff File
mod - scripts/bareos-config.in Diff File

Issue History

Date Modified Username Field Change
2013-02-26 10:15 user12 New Issue
2013-02-26 10:15 user12 Status new => assigned
2013-02-26 10:15 user12 Assigned To => joergs
2013-02-26 10:24 mvwieringen Note Added: 0000173
2013-02-26 10:25 user12 Note Added: 0000174
2013-02-26 10:59 mvwieringen Note Added: 0000179
2013-02-27 10:07 mvwieringen Assigned To joergs => mvwieringen
2013-02-28 10:25 mvwieringen Assigned To mvwieringen => joergs
2013-03-01 10:06 joergs File Added: 0001-add-daemon-user-to-required-groups.patch
2013-03-01 10:06 joergs Assigned To joergs => mvwieringen
2013-03-01 10:07 joergs Note Added: 0000218
2013-03-01 10:23 mvwieringen Note Added: 0000219
2013-03-01 10:23 mvwieringen Assigned To mvwieringen => joergs
2013-03-01 10:44 joergs Note Added: 0000220
2013-03-01 10:47 joergs Assigned To joergs => mvwieringen
2013-03-01 15:55 mvwieringen Note Added: 0000224
2013-03-01 15:55 mvwieringen Assigned To mvwieringen => joergs
2013-03-08 10:15 user12 Note Added: 0000253
2013-03-08 10:19 user12 Note Added: 0000254
2013-03-08 10:19 user12 Status assigned => feedback
2013-03-08 10:29 mvwieringen Note Added: 0000256
2013-03-08 13:58 joergs Note Added: 0000257
2013-03-08 13:58 joergs Assigned To joergs => mvwieringen
2013-03-08 15:59 maik Severity block => major
2013-03-08 15:59 maik Status feedback => resolved
2013-03-08 15:59 maik Product Version 12.4.1 => 12.4.2
2013-03-08 16:51 mvwieringen Changeset attached => bareos master 6727d249
2013-03-08 16:51 mvwieringen Status resolved => closed
2013-03-08 16:51 mvwieringen Resolution open => fixed
2013-03-09 10:26 mvwieringen Changeset attached => bareos Branch-12.4 5d879d3a
2013-03-09 10:27 mvwieringen Assigned To mvwieringen =>
2013-03-09 10:27 mvwieringen Fixed in Version => 12.4.3
2013-08-13 03:12 mvwieringen adm Changeset attached => bareos master 86b7b807
2013-08-13 03:12 mvwieringen adm Changeset attached => bareos bareos-12.4 05dde077
2013-08-13 03:12 mvwieringen adm Note Added: 0000605
2013-08-13 03:12 mvwieringen adm Assigned To => mvwieringen adm
2013-08-13 03:12 mvwieringen adm Status closed => resolved
2013-08-13 09:16 mvwieringen adm Assigned To mvwieringen adm =>
2013-08-13 09:16 mvwieringen adm Status resolved => closed
2015-03-25 16:51 mvwieringen Changeset attached => bareos2015 bareos-12.4 6dcf8c33
2015-03-25 16:51 mvwieringen Changeset attached => bareos2015 bareos-13.2 9a69ea9e
2015-03-25 16:51 mvwieringen Note Added: 0001386
2015-03-25 16:51 mvwieringen Status closed => resolved
2015-03-25 19:18 joergs Note Added: 0001541
2015-03-25 19:18 joergs Status resolved => closed