fix(packaging): init.sh should run buildtsi as influxdb user (#26699) #26862
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* fix(packaging): init.sh should run buildtsi as influxdb user The init.sh script assumes that it being run as root so thus we can use sudo to switch user to the influxdb user to run buildtsi; otherwise the files are owned by root and influxdb can't start. * fixes #26698 * chore: switch from sudo to su; update comment * chore: switch to runuser as the su syntax and debugging is difficult * chore: switch to setpriv to avoid PAM We want to run a command as another user but su has a frustrating syntax for calling a command and escaping, runuser is simpiler but delegates to su so both use PAM which is not needed in this case. It was recommended to use setpriv which a full toolkit for setting privilege bits and can mimic su/runuser by setting privilege to a specific user for running a command. It seems to work and be easy to use in a script. * chore: update comment to reflect setpriv usage (cherry picked from commit 7ca78d1)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The init.sh script assumes that it being run as root so thus we can use sudo to switch user to the influxdb user to run buildtsi; otherwise the files are owned by root and influxdb can't start.
fixes [1.x] ubuntu packaging - the service init.sh script for SystemV requires root but it runs
buildtsiwhich shouldn't be run with root #26698chore: switch from sudo to su; update comment
chore: switch to runuser as the su syntax and debugging is difficult
chore: switch to setpriv to avoid PAM
We want to run a command as another user but su has a frustrating syntax for calling a command and escaping, runuser is simpiler but delegates to su so both use PAM which is not needed in this case. It was recommended to use setpriv which a full toolkit for setting privilege bits and can mimic su/runuser by setting privilege to a specific user for running a command. It seems to work and be easy to use in a script.
(cherry picked from commit 7ca78d1)