diff options
| author | Andrei Belov <defan@nginx.com> | 2020-12-17 14:30:18 +0300 |
|---|---|---|
| committer | Andrei Belov <defan@nginx.com> | 2020-12-17 14:30:18 +0300 |
| commit | 53d847615b270daf706373d65ac5f5d2101f36d9 (patch) | |
| tree | 545781339f41332b48c6a25f812ecf437676bbc1 /pkg/deb/debian | |
| parent | a5fa9673d98c9c814c01ddfce8bcfbec6fcc02e8 (diff) | |
| download | unit-53d847615b270daf706373d65ac5f5d2101f36d9.tar.gz unit-53d847615b270daf706373d65ac5f5d2101f36d9.tar.bz2 | |
Packages: run non-privileged processes under "unit" user.
Diffstat (limited to 'pkg/deb/debian')
| -rw-r--r-- | pkg/deb/debian/unit.example.config | 4 | ||||
| -rwxr-xr-x | pkg/deb/debian/unit.postinst | 34 | ||||
| -rw-r--r-- | pkg/deb/debian/unit.preinst | 1 |
3 files changed, 35 insertions, 4 deletions
diff --git a/pkg/deb/debian/unit.example.config b/pkg/deb/debian/unit.example.config index 5610cb3a..66695327 100644 --- a/pkg/deb/debian/unit.example.config +++ b/pkg/deb/debian/unit.example.config @@ -2,7 +2,6 @@ "applications": { "example_php": { "type": "php", - "user": "nobody", "processes": 2, "root": "/usr/share/doc/unit/examples/php-app", "index": "index.php" @@ -10,7 +9,6 @@ "example_python": { "type": "python", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit/examples/python-app", "module": "wsgi" @@ -18,13 +16,11 @@ "example_go": { "type": "external", - "user": "nobody", "executable": "/tmp/go-app" }, "example_perl": { "type": "perl", - "user": "nobody", "processes": 1, "working_directory": "/usr/share/doc/unit-perl/examples/perl-app", "script": "/usr/share/doc/unit-perl/examples/perl-app/index.pl" diff --git a/pkg/deb/debian/unit.postinst b/pkg/deb/debian/unit.postinst index 76375a2b..8aa476b3 100755 --- a/pkg/deb/debian/unit.postinst +++ b/pkg/deb/debian/unit.postinst @@ -6,6 +6,40 @@ if [ "$1" != "configure" ]; then exit 0 fi +if [ -n "$2" ]; then + if dpkg --compare-versions "${2%%-*}" le "1.21.0"; then + cat <<BANNER +---------------------------------------------------------------------- + +WARNING: + +Since version 1.22.0, Unit's non-privileged processes run as unit:unit by +default. Review your system permissions and Unit configuration so apps and +routes that relied on these processes running as nobody:nogroup stay working. + +More info: https://unit.nginx.org/installation/#official-packages + +---------------------------------------------------------------------- +BANNER + fi +fi + +if ! getent group unit >/dev/null; then + addgroup --system unit >/dev/null +fi + +if ! getent passwd unit >/dev/null; then + adduser \ + --system \ + --disabled-login \ + --ingroup unit \ + --no-create-home \ + --home /nonexistent \ + --gecos "unit user" \ + --shell /bin/false \ + unit >/dev/null +fi + #DEBHELPER# exit 0 diff --git a/pkg/deb/debian/unit.preinst b/pkg/deb/debian/unit.preinst index d4be468d..bd513788 100644 --- a/pkg/deb/debian/unit.preinst +++ b/pkg/deb/debian/unit.preinst @@ -17,6 +17,7 @@ Online documentation is available at https://unit.nginx.org/ ---------------------------------------------------------------------- BANNER ;; + upgrade) ;; |