diff options
| author | Andrei Belov <defan@nginx.com> | 2020-12-17 14:30:18 +0300 |
|---|---|---|
| committer | Andrei Belov <defan@nginx.com> | 2020-12-17 14:30:18 +0300 |
| commit | 53d847615b270daf706373d65ac5f5d2101f36d9 (patch) | |
| tree | 545781339f41332b48c6a25f812ecf437676bbc1 /pkg/rpm/unit.spec.in | |
| parent | a5fa9673d98c9c814c01ddfce8bcfbec6fcc02e8 (diff) | |
| download | unit-53d847615b270daf706373d65ac5f5d2101f36d9.tar.gz unit-53d847615b270daf706373d65ac5f5d2101f36d9.tar.bz2 | |
Packages: run non-privileged processes under "unit" user.
Diffstat (limited to '')
| -rw-r--r-- | pkg/rpm/unit.spec.in | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/pkg/rpm/unit.spec.in b/pkg/rpm/unit.spec.in index 506d1964..15853cf1 100644 --- a/pkg/rpm/unit.spec.in +++ b/pkg/rpm/unit.spec.in @@ -145,6 +145,10 @@ cat /dev/null > debugsourcefiles.list %post if [ $1 -eq 1 ]; then + getent group unit >/dev/null || groupadd -r unit + getent passwd unit >/dev/null || \ + useradd -r -g unit -s /sbin/nologin \ + -d /nonexistent -c "unit user" unit /usr/bin/systemctl preset unit.service >/dev/null 2>&1 ||: cat <<BANNER ---------------------------------------------------------------------- @@ -172,6 +176,21 @@ if [ $1 -ge 1 ]; then /usr/bin/systemctl try-restart unit.service >/dev/null 2>&1 ||: fi +%triggerpostun -- unit < 1.22.0 +cat <<BANNER +---------------------------------------------------------------------- + +WARNING: + +Since version 1.22.0, Unit's non-privileged processes run as unit:unit by +default. Review your system permissions and Unit configuration so apps and +routes that relied on these processes running as nobody:nogroup stay working. + +More info: https://unit.nginx.org/installation/#official-packages + +---------------------------------------------------------------------- +BANNER + %files %defattr(-,root,root,-) %attr(0755,root,root) %{_sbindir}/unitd |