View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000099 | bareos-core | installer / packages | public | 2013-02-26 10:15 | 2015-03-25 19:18 |
| Reporter | Assigned To | ||||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | Linux | OS | Ubuntu | OS Version | 12.10 |
| Product Version | 12.4.2 | ||||
| Fixed in Version | 12.4.3 | ||||
| Summary | 0000099: user bareos unable to operate tape changer due to wrong permissions | ||||
| Description | Bareos is not able to mount, label, do backup to tape because he is not allowed to: Results=cannot open SCSI device '/dev/sg3' - Permission denied | ||||
| Steps To Reproduce | root@cardtech01:/etc/bareos# bconsole Connecting to Director cardtech01:9101 1000 OK: cardtech01-dir Version: 12.4.1 (06 February 2013) Enter a period to cancel a command. *unmount storage=L700 Automatically selected Catalog: MyCatalog Using Catalog "MyCatalog" Connecting to Storage daemon L700 at cardtech01:9103 ... Connecting to Storage daemon L700 at cardtech01:9103 ... 3991 Bad autochanger "loaded? drive 0" command: ERR=Child exited with code 1. Results=cannot open SCSI device '/dev/sg3' - Permission denied *mount storage=L700 Enter autochanger slot: 1 Connecting to Storage daemon L700 at cardtech01:9103 ... 3991 Bad autochanger "loaded? drive 0" command: ERR=Child exited with code 1. Results=cannot open SCSI device '/dev/sg3' - Permission denied 3991 Bad autochanger "loaded? drive 0" command: ERR=Child exited with code 1. Results=cannot open SCSI device '/dev/sg3' - Permission denied 3304 Issuing autochanger "load slot 1, drive 0" command. 3992 Bad autochanger "load slot 1, drive 0": ERR=Child died from signal 15: Termination. Results=Program killed by BAREOS (timeout) | ||||
| Additional Information | root@cardtech01:/etc/bareos# ps aux | grep bareos root 1456 0.0 0.2 272672 2044 ? Ssl Feb25 0:09 /usr/sbin/bareos-fd -c /etc/bareos/bareos-fd.conf bareos 29563 0.0 0.2 553740 2660 ? Ssl Feb25 0:09 /usr/sbin/bareos-sd -c /etc/bareos/bareos-sd.conf bareos 30007 0.0 0.4 567280 4852 ? Ssl Feb25 0:12 /usr/sbin/bareos-dir -c /etc/bareos/bareos-dir.conf ls -lh /dev/sg3 crw-rw---- 1 root tape 21, 3 Feb 25 15:04 /dev/sg3 root@cardtech01:/etc/bareos# ls -lh insgesamt 116K -rw-r----- 1 bareos bareos 9,2K Feb 25 19:02 bareos-dir.conf -rw-r----- 1 root bareos 1006 Feb 25 12:36 bareos-fd.conf -rw-r----- 1 bareos bareos 2,5K Feb 25 15:10 bareos-sd.conf -rw-r----- 1 root bareos 194 Feb 25 12:36 bconsole.conf -rw-r--r-- 1 root root 78K Feb 25 16:06 btape_segmentation_violation.txt lrwxrwxrwx 1 root root 20 Feb 25 15:40 btraceback -> /usr/sbin/btraceback -rw-r--r-- 1 root root 6,9K Feb 25 19:08 bugs.txt -rw-r--r-- 1 root root 1,5K Feb 20 09:26 mtx-changer.conf by the way: root@cardtech01:/etc/bareos# grep -in kern /etc/init.d/bareos* /etc/init.d/bareos-dir:7:# Kern E. Sibbald - 21 March 2008 /etc/init.d/bareos-fd:7:# Kern E. Sibbald - 21 March 2008 /etc/init.d/bareos-sd:7:# Kern E. Sibbald - 21 March 2008 | ||||
| Tags | No tags attached. | ||||
 |
About the last entries, Yes Kern is the Author of the original scripts you cannot just remove that (copyright etc.) About the actual problem what does id -a bareos show because I guess its missing being added to the tape group as secondary group but for that we need the output of id -a. |
|
|
root@cardtech01:/etc/bareos# id -a bareos uid=106(bareos) gid=113(bareos) Gruppen=113(bareos) |
|
|
See specfile there is code there in the post action of the storage daemon to setup the secondary groups maybe this should be moved to bareos-config so it can be reused on debian based systems. |
|
|
0001-add-daemon-user-to-required-groups.patch (24,697 bytes)
From ad386a5f5a088cf7b500ac26fb36ba5791237294 Mon Sep 17 00:00:00 2001
From: Marco van Wieringen <marco.van.wieringen@bareos.com>
Date: Wed, 27 Feb 2013 10:44:06 +0100
Subject: [PATCH 1/2] add daemon user to required groups
bareos storage daemon user must be in groups tape and/or disk
to be able to access tape devices.
Due to different behavior of different distributions
(install order if not always the same),
every package that requires a specific group/user set this up on its own.
preinstall:
bareos-common: setup default daemon group bareos and user bareos
bareos-filedaemon: setup fd group (bareos) and user (root)
bareos-storage: setup sd group (bareos) and user (bareos)
bareos-director: setup dir group (bareos) and user (bareos)
postinstall:
bareos-storage:
call bareos-config setup_sd_user, which
checks if sd group and user exists, otherwise it creates them,
and add the sd user (bareos) to the groups tape and disk, if they exists.
Tested on: Debian 6, Ubuntu 12.04 (32bit), SLES11SP2, Centos5
Fixes #99: user bareos unable to operate tape changer due to wrong permissions
---
autoconf/configure.in | 4 ++
debian/bareos-common.preinst | 66 -----------------------------
debian/bareos-common.preinst.in | 63 ++++++++++++++++++++++++++++
debian/bareos-director.preinst | 71 -------------------------------
debian/bareos-director.preinst.in | 63 ++++++++++++++++++++++++++++
debian/bareos-filedaemon.preinst | 71 -------------------------------
debian/bareos-filedaemon.preinst.in | 63 ++++++++++++++++++++++++++++
debian/bareos-storage.postinst | 1 +
debian/bareos-storage.preinst | 71 -------------------------------
debian/bareos-storage.preinst.in | 63 ++++++++++++++++++++++++++++
platforms/rpms/bareos.spec | 78 +++++++++--------------------------
scripts/bareos-config.in | 76 +++++++++++++++++++++++++++++++---
12 Dateien geändert, 347 Zeilen hinzugefügt(+), 343 Zeilen entfernt(-)
delete mode 100644 debian/bareos-common.preinst
create mode 100644 debian/bareos-common.preinst.in
delete mode 100644 debian/bareos-director.preinst
create mode 100644 debian/bareos-director.preinst.in
delete mode 100644 debian/bareos-filedaemon.preinst
create mode 100644 debian/bareos-filedaemon.preinst.in
delete mode 100644 debian/bareos-storage.preinst
create mode 100644 debian/bareos-storage.preinst.in
diff --git a/autoconf/configure.in b/autoconf/configure.in
index d82dc8c..0332473 100644
--- a/autoconf/configure.in
+++ b/autoconf/configure.in
@@ -3633,6 +3633,10 @@ fi
AC_OUTPUT([autoconf/Make.common \
Makefile \
manpages/Makefile \
+ debian/bareos-common.preinst \
+ debian/bareos-filedaemon.preinst \
+ debian/bareos-director.preinst \
+ debian/bareos-storage.preinst \
scripts/bareos-config \
scripts/btraceback \
scripts/bconsole \
diff --git a/debian/bareos-common.preinst b/debian/bareos-common.preinst
deleted file mode 100644
index 98c8b4f..0000000
--- a/debian/bareos-common.preinst
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/bin/sh
-# preinst script for bareos
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <new-preinst> `install'
-# * <new-preinst> `install' <old-version>
-# * <new-preinst> `upgrade' <old-version>
-# * <old-preinst> `abort-upgrade' <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-daemon_user=bareos
-daemon_group=bareos
-
-working_dir=/var/lib/bareos
-
-create_group()
-{
- # creating group if he isn't already there
- if ! getent group $daemon_group >/dev/null; then
- # Adding system group
- addgroup --system $daemon_group >/dev/null
- fi
-}
-
-create_user()
-{
- # creating user if he isn't already there
- if ! getent passwd $daemon_user >/dev/null; then
- # Adding system user
- adduser \
- --system \
- --disabled-login \
- --ingroup $daemon_group \
- --home $working_dir \
- --gecos "Bareos" \
- --shell /bin/false \
- $daemon_user >/dev/null
- fi
-}
-
-case "$1" in
- install|upgrade)
- create_group
- create_user
- ;;
-
- abort-upgrade)
- ;;
-
- *)
- echo "preinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/bareos-common.preinst.in b/debian/bareos-common.preinst.in
new file mode 100644
index 0000000..7518a82
--- /dev/null
+++ b/debian/bareos-common.preinst.in
@@ -0,0 +1,63 @@
+#!/bin/sh
+# preinst script for bareos
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <new-preinst> `install'
+# * <new-preinst> `install' <old-version>
+# * <new-preinst> `upgrade' <old-version>
+# * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+daemon_user=bareos
+daemon_group=bareos
+
+WORKING_DIR="@working_dir@"
+
+
+create_group()
+{
+ [ -z "$1" ] && return
+ # creating group if he isn't already there.
+ # use addgroup instead of groupadd,
+ # because "addgroup" uses the next available number,
+ # while "groupadd" uses uses GID_MIN -1 (999)
+ getent group $1 > /dev/null || addgroup -q --system $1
+}
+
+create_user()
+{
+ [ -z "$1" ] && return
+ # creating user if he isn't already there.
+ # use adduser instead of useradd,
+ # because "adduser" uses the next available number,
+ # while "useradd" uses uses UID_MIN -1 (999)
+ getent passwd $1 > /dev/null || adduser -q --system --ingroup $daemon_group --home "$WORKING_DIR" --no-create-home --gecos "$1" $1
+}
+
+
+case "$1" in
+ install|upgrade)
+ create_group $daemon_group
+ create_user $daemon_user
+ ;;
+
+ abort-upgrade)
+ ;;
+
+ *)
+ echo "preinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/bareos-director.preinst b/debian/bareos-director.preinst
deleted file mode 100644
index 5b3558e..0000000
--- a/debian/bareos-director.preinst
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/sh
-# preinst script for bareos
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <new-preinst> `install'
-# * <new-preinst> `install' <old-version>
-# * <new-preinst> `upgrade' <old-version>
-# * <old-preinst> `abort-upgrade' <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-daemon_user=bareos
-daemon_group=bareos
-
-director_daemon_user=$daemon_user
-#storage_daemon_user=$daemon_user
-#file_daemon_user=root
-#storage_daemon_group=$daemon_group
-
-working_dir=/var/lib/bareos
-
-create_group()
-{
- # creating group if he isn't already there
- if ! getent group $daemon_group >/dev/null; then
- # Adding system group
- addgroup --system $daemon_group >/dev/null
- fi
-}
-
-create_user()
-{
- # creating user if he isn't already there
- if ! getent passwd $director_daemon_user >/dev/null; then
- # Adding system user
- adduser \
- --system \
- --disabled-login \
- --ingroup $daemon_group \
- --home $working_dir \
- --gecos "Bareos" \
- --shell /bin/false \
- $director_daemon_user >/dev/null
-fi
-}
-
-case "$1" in
- install|upgrade)
- create_group
- create_user
- ;;
-
- abort-upgrade)
- ;;
-
- *)
- echo "preinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/bareos-director.preinst.in b/debian/bareos-director.preinst.in
new file mode 100644
index 0000000..f788800
--- /dev/null
+++ b/debian/bareos-director.preinst.in
@@ -0,0 +1,63 @@
+#!/bin/sh
+# preinst script for bareos
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <new-preinst> `install'
+# * <new-preinst> `install' <old-version>
+# * <new-preinst> `upgrade' <old-version>
+# * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+daemon_group=@dir_group@
+daemon_user=@dir_user@
+
+WORKING_DIR="@working_dir@"
+
+
+create_group()
+{
+ [ -z "$1" ] && return
+ # creating group if he isn't already there.
+ # use addgroup instead of groupadd,
+ # because "addgroup" uses the next available number,
+ # while "groupadd" uses uses GID_MIN -1 (999)
+ getent group $1 > /dev/null || addgroup -q --system $1
+}
+
+create_user()
+{
+ [ -z "$1" ] && return
+ # creating user if he isn't already there.
+ # use adduser instead of useradd,
+ # because "adduser" uses the next available number,
+ # while "useradd" uses uses UID_MIN -1 (999)
+ getent passwd $1 > /dev/null || adduser -q --system --ingroup $daemon_group --home "$WORKING_DIR" --no-create-home --gecos "$1" $1
+}
+
+
+case "$1" in
+ install|upgrade)
+ create_group ${daemon_group}
+ create_user ${daemon_user}
+ ;;
+
+ abort-upgrade)
+ ;;
+
+ *)
+ echo "preinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/bareos-filedaemon.preinst b/debian/bareos-filedaemon.preinst
deleted file mode 100644
index c3b7aba..0000000
--- a/debian/bareos-filedaemon.preinst
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/sh
-# preinst script for bareos
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <new-preinst> `install'
-# * <new-preinst> `install' <old-version>
-# * <new-preinst> `upgrade' <old-version>
-# * <old-preinst> `abort-upgrade' <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-daemon_user=bareos
-daemon_group=bareos
-
-#director_daemon_user=$daemon_user
-#storage_daemon_user=$daemon_user
-#file_daemon_user=root
-#storage_daemon_group=$daemon_group
-
-working_dir=/var/lib/bareos
-
-create_group()
-{
- # creating group if he isn't already there
- if ! getent group $daemon_group >/dev/null; then
- # Adding system group
- addgroup --system $daemon_group >/dev/null
- fi
-}
-
-create_user()
-{
- # creating user if he isn't already there
- if ! getent passwd $director_daemon_use >/dev/null; then
- # Adding system user
- adduser \
- --system \
- --disabled-login \
- --ingroup $daemon_group \
- --home $working_dir \
- --gecos "Bareos" \
- --shell /bin/false \
- $director_daemon_user >/dev/null
-fi
-}
-
-case "$1" in
- install|upgrade)
- create_group
- #create_user
- ;;
-
- abort-upgrade)
- ;;
-
- *)
- echo "preinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/bareos-filedaemon.preinst.in b/debian/bareos-filedaemon.preinst.in
new file mode 100644
index 0000000..f788800
--- /dev/null
+++ b/debian/bareos-filedaemon.preinst.in
@@ -0,0 +1,63 @@
+#!/bin/sh
+# preinst script for bareos
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <new-preinst> `install'
+# * <new-preinst> `install' <old-version>
+# * <new-preinst> `upgrade' <old-version>
+# * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+daemon_group=@dir_group@
+daemon_user=@dir_user@
+
+WORKING_DIR="@working_dir@"
+
+
+create_group()
+{
+ [ -z "$1" ] && return
+ # creating group if he isn't already there.
+ # use addgroup instead of groupadd,
+ # because "addgroup" uses the next available number,
+ # while "groupadd" uses uses GID_MIN -1 (999)
+ getent group $1 > /dev/null || addgroup -q --system $1
+}
+
+create_user()
+{
+ [ -z "$1" ] && return
+ # creating user if he isn't already there.
+ # use adduser instead of useradd,
+ # because "adduser" uses the next available number,
+ # while "useradd" uses uses UID_MIN -1 (999)
+ getent passwd $1 > /dev/null || adduser -q --system --ingroup $daemon_group --home "$WORKING_DIR" --no-create-home --gecos "$1" $1
+}
+
+
+case "$1" in
+ install|upgrade)
+ create_group ${daemon_group}
+ create_user ${daemon_user}
+ ;;
+
+ abort-upgrade)
+ ;;
+
+ *)
+ echo "preinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/bareos-storage.postinst b/debian/bareos-storage.postinst
index 71eac88..252d105 100644
--- a/debian/bareos-storage.postinst
+++ b/debian/bareos-storage.postinst
@@ -40,6 +40,7 @@ enable_rc_scripts()
case "$1" in
configure)
permissions
+ /usr/lib/bareos/scripts/bareos-config setup_sd_user
/usr/lib/bareos/scripts/bareos-config initialize_local_hostname
/usr/lib/bareos/scripts/bareos-config initialize_passwords
enable_rc_scripts
diff --git a/debian/bareos-storage.preinst b/debian/bareos-storage.preinst
deleted file mode 100644
index d8c898a..0000000
--- a/debian/bareos-storage.preinst
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/sh
-# preinst script for bareos
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <new-preinst> `install'
-# * <new-preinst> `install' <old-version>
-# * <new-preinst> `upgrade' <old-version>
-# * <old-preinst> `abort-upgrade' <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-daemon_user=bareos
-daemon_group=bareos
-
-#director_daemon_user=$daemon_user
-storage_daemon_user=$daemon_user
-#file_daemon_user=root
-storage_daemon_group=$daemon_group
-
-working_dir=/var/lib/bareos
-
-create_group()
-{
- # creating group if he isn't already there
- if ! getent group $daemon_group >/dev/null; then
- # Adding system group
- addgroup --system $daemon_group >/dev/null
- fi
-}
-
-create_user()
-{
- # creating user if he isn't already there
- if ! getent passwd $storage_daemon_user >/dev/null; then
- # Adding system user
- adduser \
- --system \
- --disabled-login \
- --ingroup $storage_daemon_group \
- --home $working_dir \
- --gecos "Bareos" \
- --shell /bin/false \
- $storage_daemon_user >/dev/null
- fi
-}
-
-case "$1" in
- install|upgrade)
- create_group
- create_user
- ;;
-
- abort-upgrade)
- ;;
-
- *)
- echo "preinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/bareos-storage.preinst.in b/debian/bareos-storage.preinst.in
new file mode 100644
index 0000000..f788800
--- /dev/null
+++ b/debian/bareos-storage.preinst.in
@@ -0,0 +1,63 @@
+#!/bin/sh
+# preinst script for bareos
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <new-preinst> `install'
+# * <new-preinst> `install' <old-version>
+# * <new-preinst> `upgrade' <old-version>
+# * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+daemon_group=@dir_group@
+daemon_user=@dir_user@
+
+WORKING_DIR="@working_dir@"
+
+
+create_group()
+{
+ [ -z "$1" ] && return
+ # creating group if he isn't already there.
+ # use addgroup instead of groupadd,
+ # because "addgroup" uses the next available number,
+ # while "groupadd" uses uses GID_MIN -1 (999)
+ getent group $1 > /dev/null || addgroup -q --system $1
+}
+
+create_user()
+{
+ [ -z "$1" ] && return
+ # creating user if he isn't already there.
+ # use adduser instead of useradd,
+ # because "adduser" uses the next available number,
+ # while "useradd" uses uses UID_MIN -1 (999)
+ getent passwd $1 > /dev/null || adduser -q --system --ingroup $daemon_group --home "$WORKING_DIR" --no-create-home --gecos "$1" $1
+}
+
+
+case "$1" in
+ install|upgrade)
+ create_group ${daemon_group}
+ create_user ${daemon_user}
+ ;;
+
+ abort-upgrade)
+ ;;
+
+ *)
+ echo "preinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/platforms/rpms/bareos.spec b/platforms/rpms/bareos.spec
index d99dde1..78dcbe9 100644
--- a/platforms/rpms/bareos.spec
+++ b/platforms/rpms/bareos.spec
@@ -824,6 +824,15 @@ echo "This is a meta package to install a full bareos system" > %{buildroot}%{_d
%nil
%endif
+%define create_group() \
+getent group %1 > /dev/null || groupadd -r %1 \
+%nil
+
+# shell: use /bin/false, because nologin has different paths on different distributions
+%define create_user() \
+getent passwd %1 > /dev/null || useradd -r --comment "%1" --home %{working_dir} -g %{daemon_group} --shell /bin/false %1 \
+%nil
+
%post director
%{script_dir}/bareos-config initialize_local_hostname
%{script_dir}/bareos-config initialize_passwords
@@ -831,6 +840,9 @@ echo "This is a meta package to install a full bareos system" > %{buildroot}%{_d
%add_service_start bareos-dir
%post storage
+# pre script has already generated the storage daemon user,
+# but here we add the user to additional groups
+%{script_dir}/bareos-config setup_sd_user
%{script_dir}/bareos-config initialize_local_hostname
%{script_dir}/bareos-config initialize_passwords
%add_service_start bareos-sd
@@ -889,73 +901,23 @@ echo "This is a meta package to install a full bareos system" > %{buildroot}%{_d
%endif
%pre director
-if [ "%{director_daemon_user}" != "root" -a "%{director_daemon_user}" != "%{daemon_user}" ]; then
- getent passwd %{director_daemon_user} > /dev/null || useradd -r -c "Bareos" -d %{working_dir} -g %{daemon_group} -M -s /sbin/nologin %{director_daemon_user}
-fi
+%create_group %{daemon_group}
+%create_user %{director_daemon_user}
exit 0
%pre storage
-#
-# See what secondary groups exist for the sd user to be added to.
-#
-SEC_GROUPS="tape disk"
-ADD_GROUPS=""
-for sec_group in ${SEC_GROUPS}
-do
- cnt=`getent group ${sec_group} | wc -l`
- if [ ${cnt} -gt 0 ]; then
- [ -z ${ADD_GROUPS} ] && ADD_GROUPS="${sec_group}" || ADD_GROUPS="${ADD_GROUPS},${sec_group}"
- fi
-done
-
-if [ "%{storage_daemon_group}" != "%{daemon_group}" ]; then
- getent group %{storage_daemon_group} > /dev/null || groupadd -r %{storage_daemon_group}
-fi
-
-#
-# If the user doesn't exist create a new one otherwise modify it to have
-# the wanted secondary groups.
-#
-if [ "%{storage_daemon_user}" != "root" -a "%{storage_daemon_user}" != "%{daemon_user}" ]; then
- getent passwd %{storage_daemon_user} > /dev/null
- if [ $? = 0 ]; then
- #
- # Make sure the correct primary group is set otherwise fix it.
- #
- if [ `id -gn %{storage_daemon_user}` != %{storage_daemon_group} ]; then
- usermod -g %{storage_daemon_group} %{storage_daemon_user}
- fi
- #
- # Make sure storage_daemon_user is part of the wanted secondary groups
- #
- usermod -G ${ADD_GROUPS} %{storage_daemon_user}
- else
- #
- # Create a new storage_daemon_user
- #
- useradd -r -c "Bareos" -d %{working_dir} -g %{storage_daemon_group} -M -s /sbin/nologin %{storage_daemon_user}
- #
- # Make sure storage_daemon_user is part of the wanted secondary groups
- #
- usermod -G ${ADD_GROUPS} %{storage_daemon_user}
- fi
-else
- #
- # Make sure storage_daemon_user is part of the wanted secondary groups
- #
- usermod -G ${ADD_GROUPS} %{storage_daemon_user}
-fi
+%create_group %{daemon_group}
+%create_user %{storage_daemon_user}
exit 0
%pre filedaemon
-if [ "%{file_daemon_user}" != "root" -a "%{file_daemon_user}" != "%{daemon_user}" ]; then
- getent passwd %{file_daemon_user} > /dev/null || useradd -r -c "Bareos" -d %{working_dir} -g %{daemon_group} -M -s /sbin/nologin %{file_daemon_user}
-fi
+%create_group %{daemon_group}
+%create_user %{storage_daemon_user}
exit 0
%pre common
-getent group %{daemon_group} > /dev/null || groupadd -r %{daemon_group}
-getent passwd %{daemon_user} > /dev/null || useradd -r -c "Bareos" -d %{working_dir} -g %{daemon_group} -M -s /sbin/nologin %{daemon_user}
+%create_group %{daemon_group}
+%create_user %{daemon_user}
exit 0
%preun director
diff --git a/scripts/bareos-config.in b/scripts/bareos-config.in
index e410837..0d20d8f 100644
--- a/scripts/bareos-config.in
+++ b/scripts/bareos-config.in
@@ -4,6 +4,16 @@ DIR_CFG=@sysconfdir@
CFG_DIR=${DIR_CFG}/bareos-dir.conf
DIR_SCRIPTS=@scriptdir@
+SEC_GROUPS="tape disk"
+
+WORKING_DIR="@working_dir@"
+FILE_DAEMON_USER="@fd_user@"
+FILE_DAEMON_GROUP="@fd_group@"
+STORAGE_DAEMON_USER="@sd_user@"
+STORAGE_DAEMON_GROUP="@sd_group@"
+DIRECTOR_DAEMON_USER="@dir_user@"
+DIRECTOR_DAEMON_GROUP="@dir_group@"
+
PASSWORD_SUBST="\
XXX_REPLACE_WITH_DIRECTOR_PASSWORD_XXX \
XXX_REPLACE_WITH_CLIENT_PASSWORD_XXX \
@@ -13,6 +23,8 @@ XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX \
XXX_REPLACE_WITH_STORAGE_MONITOR_PASSWORD_XXX \
"
+os_type=`uname -s`
+
usage()
{
cat <<-EOT
@@ -48,32 +60,84 @@ is_function()
get_user_fd()
{
- echo "@fd_user@"
+ echo "${FILE_DAEMON_USER}"
}
get_group_fd()
{
- echo "@fd_group@"
+ echo "${FILE_DAEMON_GROUP}"
}
get_user_sd()
{
- echo "@sd_user@"
+ echo "${STORAGE_DAEMON_USER}"
}
get_group_sd()
{
- echo "@sd_group@"
+ echo "${STORAGE_DAEMON_GROUP}"
}
get_user_dir()
{
- echo "@dir_user@"
+ echo "${DIRECTOR_DAEMON_USER}"
}
get_group_dir()
{
- echo "@dir_group@"
+ echo "${DIRECTOR_DAEMON_GROUP}"
+}
+
+[ ${os_type} = Linux ] && \
+setup_sd_user()
+{
+ #
+ # guaranties that storage-daemon user and group exists
+ # and storage-daemon user belongs to the required groups.
+ #
+ # normally, storage-daemon user
+ # is already installed by the package preinstall script.
+ #
+
+ #
+ # See what secondary groups exist for the sd user to be added to.
+ #
+ ADD_GROUPS=""
+ for sec_group in ${SEC_GROUPS}; do
+ cnt=`getent group ${sec_group} | wc -l`
+ if [ ${cnt} -gt 0 ]; then
+ [ -z "${ADD_GROUPS}" ] && ADD_GROUPS="-G ${sec_group}" || ADD_GROUPS="${ADD_GROUPS},${sec_group}"
+ fi
+ done
+
+ getent group ${STORAGE_DAEMON_GROUP} > /dev/null || groupadd -r ${STORAGE_DAEMON_GROUP}
+
+ #
+ # If the user doesn't exist create a new one otherwise modify it to have the wanted secondary groups.
+ #
+ if [ "${STORAGE_DAEMON_USER}" != "root" ]; then
+ getent passwd ${STORAGE_DAEMON_USER} > /dev/null
+ if [ $? -ne 0 ]; then
+ # create a new storage_daemon_user
+ useradd -r --comment "bareos" --home ${WORKING_DIR} -g ${STORAGE_DAEMON_GROUP} ${ADD_GROUPS} --shell /bin/false ${STORAGE_DAEMON_USER}
+ fi
+
+ # if the user has already created before,
+ # make sure the correct primary group is set otherwise fix it.
+ if [ "`id -gn ${STORAGE_DAEMON_USER}`" != "${STORAGE_DAEMON_GROUP}" ]; then
+ usermod -g ${STORAGE_DAEMON_GROUP} ${STORAGE_DAEMON_USER}
+ fi
+
+ # add the storage_daemon_user to additional groups (if defined)
+ [ "${ADD_GROUPS}" ] && usermod ${ADD_GROUPS} ${STORAGE_DAEMON_USER}
+ fi
+}
+
+[ ${os_type} != Linux ] && \
+setup_sd_user()
+{
+ echo "setup_sd_user() is not supported on this platform"
+ exit 1
}
get_database_driver()
--
1.7.10.4
|
|
|
Hi Marco, what do you think about the patch, I attached to this ticket? |
|
|
Why not have an extra function in bareos-config to create the user ? And why coding on debian the user creation so many times. What I did for the Solaris packages is create the users only once in the package with the libraries and as any package depends on that and its in the preinstall of that package you are sure it always exists. I understand maybe some redhat platforms are playing games with ordering (which is a bug if you ask me) but this is for debian which I thought didn't play games. It just looks now we have the same code "shell scripting" many times which if it needs changing means changing in many places. |
|
|
Intention have been, that RPM and DEB packages are as similar as possible. Okay, this point looses significance, after I had to change back useradd to adduser on Debian. This is also the reason, why group and user creation is still in preinstall. On Debian it should be enough, if user creation is done in postinstall. Options: - remove user creation from dir, sd and fd, as the group and user bareos are already created in bareos-common. When we decide to add additional users later on (lets say for the storage daemon), we have to add the preinstall-scripts again. - I can move user creation functions to bareos-config and call them from Debian postinstall. However, the new function must distinguish between Linux/other Unixes and Debian and other Linux. Also here, you can decide if this should be done from every package or only bareos-common. The RPM stuff should stay as in the patch, to avoid problems. |
|
|
Discussed the options and decided to leave it as its now and take the duplication of code as an unwanted side effect. |
|
|
Does this mean, that when installing bareos, the admin has to type "usermod -a -G tape bareos" to be able to operate his tape drive? In Bareos 12.4.2 it is the case - this is not going to change? |
|
|
bareos user should be in group tape, when installing bareos-storagedaemon - what do you think? |
|
|
This bug is still being worked on, the decision was based on the question before the response and has to do with the wanted solution direction not that we won't add the user to the right group but that we will leave some code in the final solution so that its in theory possible to use different users for fd/sd/dir etc. |
|
|
Marco, I'm not sure what to do here. I've included the patch into this ticket and we agreed, that this is a usable way to handle it. Of course, we both also see that it is far from being perfect. So: will you add this patch to the code? If not: what option should I implement? |
|
|
Fix committed to bareos bareos-12.4 branch with changesetid 973. |
|
|
Fix committed to bareos2015 bareos-13.2 branch with changesetid 4294. |
|
|
Due to the reimport of the Github repository to bugs.bareos.org, the status of some tickets have been changed. These tickets will be closed again. Sorry for the noise. |
|
bareos: bareos-12.4 05dde077 2013-05-04 13:14
Ported: N/A Details Diff |
add daemon user to required groups bareos storage daemon user must be in groups tape and/or disk to be able to access tape devices. Due to different behavior of different distributions (install order if not always the same), every package that requires a specific group/user set this up on its own. preinstall: bareos-common: setup default daemon group bareos and user bareos bareos-filedaemon: setup fd group (bareos) and user (root) bareos-storage: setup sd group (bareos) and user (bareos) bareos-director: setup dir group (bareos) and user (bareos) postinstall: bareos-storage: call bareos-config setup_sd_user, which checks if sd group and user exists, otherwise it creates them, and add the sd user (bareos) to the groups tape and disk, if they exists. Tested on: Debian 6, Ubuntu 12.04 (32bit), SLES11SP2, Centos5 Fixes 0000099: user bareos unable to operate tape changer due to wrong permissions Signed-off-by: Marco van Wieringen <marco.van.wieringen@bareos.com> |
Affected Issues 0000099 |
|
| mod - autoconf/configure.in | Diff File | ||
| rm - debian/bareos-director.preinst | Diff File | ||
| add - debian/bareos-director.preinst.in | Diff File | ||
| rm - debian/bareos-filedaemon.preinst | Diff File | ||
| add - debian/bareos-filedaemon.preinst.in | Diff File | ||
| mod - debian/bareos-storage.postinst | Diff File | ||
| rm - debian/bareos-storage.preinst | Diff File | ||
| add - debian/bareos-storage.preinst.in | Diff File | ||
| mod - platforms/rpms/bareos.spec | Diff File | ||
| mod - scripts/bareos-config.in | Diff File | ||
|
bareos2015: bareos-12.4 6dcf8c33 2013-05-04 15:14 Ported: N/A Details Diff |
add daemon user to required groups bareos storage daemon user must be in groups tape and/or disk to be able to access tape devices. Due to different behavior of different distributions (install order if not always the same), every package that requires a specific group/user set this up on its own. preinstall: bareos-common: setup default daemon group bareos and user bareos bareos-filedaemon: setup fd group (bareos) and user (root) bareos-storage: setup sd group (bareos) and user (bareos) bareos-director: setup dir group (bareos) and user (bareos) postinstall: bareos-storage: call bareos-config setup_sd_user, which checks if sd group and user exists, otherwise it creates them, and add the sd user (bareos) to the groups tape and disk, if they exists. Tested on: Debian 6, Ubuntu 12.04 (32bit), SLES11SP2, Centos5 Fixes 0000099: user bareos unable to operate tape changer due to wrong permissions Signed-off-by: Marco van Wieringen <marco.van.wieringen@bareos.com> |
Affected Issues 0000099 |
|
| mod - autoconf/configure.in | Diff File | ||
| rm - debian/bareos-director.preinst | Diff File | ||
| add - debian/bareos-director.preinst.in | Diff File | ||
| rm - debian/bareos-filedaemon.preinst | Diff File | ||
| add - debian/bareos-filedaemon.preinst.in | Diff File | ||
| mod - debian/bareos-storage.postinst | Diff File | ||
| rm - debian/bareos-storage.preinst | Diff File | ||
| add - debian/bareos-storage.preinst.in | Diff File | ||
| mod - platforms/rpms/bareos.spec | Diff File | ||
| mod - scripts/bareos-config.in | Diff File | ||
|
bareos: master 86b7b807 2013-05-04 21:11
Ported: N/A Details Diff |
add daemon user to required groups bareos storage daemon user must be in groups tape and/or disk to be able to access tape devices. Due to different behavior of different distributions (install order if not always the same), every package that requires a specific group/user set this up on its own. preinstall: bareos-common: setup default daemon group bareos and user bareos bareos-filedaemon: setup fd group (bareos) and user (root) bareos-storage: setup sd group (bareos) and user (bareos) bareos-director: setup dir group (bareos) and user (bareos) postinstall: bareos-storage: call bareos-config setup_sd_user, which checks if sd group and user exists, otherwise it creates them, and add the sd user (bareos) to the groups tape and disk, if they exists. Tested on: Debian 6, Ubuntu 12.04 (32bit), SLES11SP2, Centos5 Fixes 0000099: user bareos unable to operate tape changer due to wrong permissions Signed-off-by: Marco van Wieringen <marco.van.wieringen@bareos.com> |
Affected Issues 0000099 |
|
| mod - scripts/bareos-config.in | Diff File | ||
| mod - platforms/rpms/bareos.spec | Diff File | ||
| add - debian/bareos-storage.preinst.in | Diff File | ||
| rm - debian/bareos-storage.preinst | Diff File | ||
| mod - debian/bareos-storage.postinst | Diff File | ||
| add - debian/bareos-filedaemon.preinst.in | Diff File | ||
| rm - debian/bareos-filedaemon.preinst | Diff File | ||
| add - debian/bareos-director.preinst.in | Diff File | ||
| rm - debian/bareos-director.preinst | Diff File | ||
| mod - autoconf/configure.in | Diff File | ||
|
bareos2015: bareos-13.2 9a69ea9e 2013-05-04 23:11 Ported: N/A Details Diff |
add daemon user to required groups bareos storage daemon user must be in groups tape and/or disk to be able to access tape devices. Due to different behavior of different distributions (install order if not always the same), every package that requires a specific group/user set this up on its own. preinstall: bareos-common: setup default daemon group bareos and user bareos bareos-filedaemon: setup fd group (bareos) and user (root) bareos-storage: setup sd group (bareos) and user (bareos) bareos-director: setup dir group (bareos) and user (bareos) postinstall: bareos-storage: call bareos-config setup_sd_user, which checks if sd group and user exists, otherwise it creates them, and add the sd user (bareos) to the groups tape and disk, if they exists. Tested on: Debian 6, Ubuntu 12.04 (32bit), SLES11SP2, Centos5 Fixes 0000099: user bareos unable to operate tape changer due to wrong permissions Signed-off-by: Marco van Wieringen <marco.van.wieringen@bareos.com> |
Affected Issues 0000099 |
|
| mod - autoconf/configure.in | Diff File | ||
| rm - debian/bareos-director.preinst | Diff File | ||
| add - debian/bareos-director.preinst.in | Diff File | ||
| rm - debian/bareos-filedaemon.preinst | Diff File | ||
| add - debian/bareos-filedaemon.preinst.in | Diff File | ||
| mod - debian/bareos-storage.postinst | Diff File | ||
| rm - debian/bareos-storage.preinst | Diff File | ||
| add - debian/bareos-storage.preinst.in | Diff File | ||
| mod - platforms/rpms/bareos.spec | Diff File | ||
| mod - scripts/bareos-config.in | Diff File | ||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-02-26 10:15 |
|
New Issue | |
| 2013-02-26 10:15 |
|
Status | new => assigned |
| 2013-02-26 10:15 |
|
Assigned To | => joergs |
| 2013-02-26 10:24 | mvwieringen | Note Added: 0000173 | |
| 2013-02-26 10:25 |
|
Note Added: 0000174 | |
| 2013-02-26 10:59 | mvwieringen | Note Added: 0000179 | |
| 2013-02-27 10:07 | mvwieringen | Assigned To | joergs => mvwieringen |
| 2013-02-28 10:25 | mvwieringen | Assigned To | mvwieringen => joergs |
| 2013-03-01 10:06 | joergs | File Added: 0001-add-daemon-user-to-required-groups.patch | |
| 2013-03-01 10:06 | joergs | Assigned To | joergs => mvwieringen |
| 2013-03-01 10:07 | joergs | Note Added: 0000218 | |
| 2013-03-01 10:23 | mvwieringen | Note Added: 0000219 | |
| 2013-03-01 10:23 | mvwieringen | Assigned To | mvwieringen => joergs |
| 2013-03-01 10:44 | joergs | Note Added: 0000220 | |
| 2013-03-01 10:47 | joergs | Assigned To | joergs => mvwieringen |
| 2013-03-01 15:55 | mvwieringen | Note Added: 0000224 | |
| 2013-03-01 15:55 | mvwieringen | Assigned To | mvwieringen => joergs |
| 2013-03-08 10:15 |
|
Note Added: 0000253 | |
| 2013-03-08 10:19 |
|
Note Added: 0000254 | |
| 2013-03-08 10:19 |
|
Status | assigned => feedback |
| 2013-03-08 10:29 | mvwieringen | Note Added: 0000256 | |
| 2013-03-08 13:58 | joergs | Note Added: 0000257 | |
| 2013-03-08 13:58 | joergs | Assigned To | joergs => mvwieringen |
| 2013-03-08 15:59 | maik | Severity | block => major |
| 2013-03-08 15:59 | maik | Status | feedback => resolved |
| 2013-03-08 15:59 | maik | Product Version | 12.4.1 => 12.4.2 |
| 2013-03-08 16:51 | mvwieringen | Changeset attached | => bareos master 6727d249 |
| 2013-03-08 16:51 | mvwieringen | Status | resolved => closed |
| 2013-03-08 16:51 | mvwieringen | Resolution | open => fixed |
| 2013-03-09 10:26 | mvwieringen | Changeset attached | => bareos Branch-12.4 5d879d3a |
| 2013-03-09 10:27 | mvwieringen | Assigned To | mvwieringen => |
| 2013-03-09 10:27 | mvwieringen | Fixed in Version | => 12.4.3 |
| 2013-08-13 03:12 |
|
Changeset attached | => bareos master 86b7b807 |
| 2013-08-13 03:12 |
|
Changeset attached | => bareos bareos-12.4 05dde077 |
| 2013-08-13 03:12 |
|
Note Added: 0000605 | |
| 2013-08-13 03:12 |
|
Assigned To | => mvwieringen adm |
| 2013-08-13 03:12 |
|
Status | closed => resolved |
| 2013-08-13 09:16 |
|
Assigned To | mvwieringen adm => |
| 2013-08-13 09:16 |
|
Status | resolved => closed |
| 2015-03-25 16:51 | mvwieringen | Changeset attached | => bareos2015 bareos-12.4 6dcf8c33 |
| 2015-03-25 16:51 | mvwieringen | Changeset attached | => bareos2015 bareos-13.2 9a69ea9e |
| 2015-03-25 16:51 | mvwieringen | Note Added: 0001386 | |
| 2015-03-25 16:51 | mvwieringen | Status | closed => resolved |
| 2015-03-25 19:18 | joergs | Note Added: 0001541 | |
| 2015-03-25 19:18 | joergs | Status | resolved => closed |
