diff options
29 files changed, 58 insertions, 30 deletions
diff --git a/pkg/deb/Makefile b/pkg/deb/Makefile index ada5f35b..6ce7373b 100644 --- a/pkg/deb/Makefile +++ b/pkg/deb/Makefile @@ -157,6 +157,8 @@ CONFIGURE_ARGS=\ --pid=/var/run/unit.pid \ --log=/var/log/unit.log \ --tmp=/var/tmp \ + --user=unit \ + --group=unit \ --tests \ --openssl diff --git a/pkg/deb/debian.module/unit.example-go-config b/pkg/deb/debian.module/unit.example-go-config index a2c91e80..8aa65939 100644 --- a/pkg/deb/debian.module/unit.example-go-config +++ b/pkg/deb/debian.module/unit.example-go-config @@ -2,7 +2,6 @@ "applications": { "example_go": { "type": "external", - "user": "nobody", "executable": "/tmp/go-app" } }, diff --git a/pkg/deb/debian.module/unit.example-perl-config b/pkg/deb/debian.module/unit.example-perl-config index 031928ce..2182fc46 100644 --- a/pkg/deb/debian.module/unit.example-perl-config +++ b/pkg/deb/debian.module/unit.example-perl-config @@ -2,7 +2,6 @@ "applications": { "example_perl": { "type": "perl", - "user": "nobody", "processes": 1, "working_directory": "/usr/share/doc/unit-perl/examples/perl-app", "script": "/usr/share/doc/unit-perl/examples/perl-app/index.pl" diff --git a/pkg/deb/debian.module/unit.example-php-config b/pkg/deb/debian.module/unit.example-php-config index 8f23c984..9673385f 100644 --- a/pkg/deb/debian.module/unit.example-php-config +++ b/pkg/deb/debian.module/unit.example-php-config @@ -2,7 +2,6 @@ "applications": { "example_php": { "type": "php", - "user": "nobody", "processes": 2, "root": "/usr/share/doc/unit-php/examples/phpinfo-app", "index": "index.php" diff --git a/pkg/deb/debian.module/unit.example-python-config b/pkg/deb/debian.module/unit.example-python-config index d612c89d..b3d3a2e5 100644 --- a/pkg/deb/debian.module/unit.example-python-config +++ b/pkg/deb/debian.module/unit.example-python-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python/examples/python-app", "module": "wsgi" diff --git a/pkg/deb/debian.module/unit.example-python2.7-config b/pkg/deb/debian.module/unit.example-python2.7-config index bede8899..4f1d16c9 100644 --- a/pkg/deb/debian.module/unit.example-python2.7-config +++ b/pkg/deb/debian.module/unit.example-python2.7-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 2.7", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python2.7/examples/python-app", "module": "wsgi" diff --git a/pkg/deb/debian.module/unit.example-python3.4-config b/pkg/deb/debian.module/unit.example-python3.4-config index dd496bd8..e6d90acf 100644 --- a/pkg/deb/debian.module/unit.example-python3.4-config +++ b/pkg/deb/debian.module/unit.example-python3.4-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 3.4", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python3.4/examples/python-app", "module": "wsgi" diff --git a/pkg/deb/debian.module/unit.example-python3.5-config b/pkg/deb/debian.module/unit.example-python3.5-config index 2be6de4a..480327ec 100644 --- a/pkg/deb/debian.module/unit.example-python3.5-config +++ b/pkg/deb/debian.module/unit.example-python3.5-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 3.5", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python3.5/examples/python-app", "module": "wsgi" diff --git a/pkg/deb/debian.module/unit.example-python3.6-config b/pkg/deb/debian.module/unit.example-python3.6-config index a77e8e07..543024ff 100644 --- a/pkg/deb/debian.module/unit.example-python3.6-config +++ b/pkg/deb/debian.module/unit.example-python3.6-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 3.6", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python3.6/examples/python-app", "module": "wsgi" diff --git a/pkg/deb/debian.module/unit.example-python3.7-config b/pkg/deb/debian.module/unit.example-python3.7-config index 9b13c058..e7b8dbc3 100644 --- a/pkg/deb/debian.module/unit.example-python3.7-config +++ b/pkg/deb/debian.module/unit.example-python3.7-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 3.7", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python3.7/examples/python-app", "module": "wsgi" diff --git a/pkg/deb/debian.module/unit.example-python3.8-config b/pkg/deb/debian.module/unit.example-python3.8-config index 435e025f..dc649e30 100644 --- a/pkg/deb/debian.module/unit.example-python3.8-config +++ b/pkg/deb/debian.module/unit.example-python3.8-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 3.8", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python3.8/examples/python-app", "module": "wsgi" diff --git a/pkg/deb/debian.module/unit.example-ruby-config b/pkg/deb/debian.module/unit.example-ruby-config index 15a92735..930aa987 100644 --- a/pkg/deb/debian.module/unit.example-ruby-config +++ b/pkg/deb/debian.module/unit.example-ruby-config @@ -2,7 +2,6 @@ "applications": { "example_ruby": { "type": "ruby", - "user": "nobody", "processes": 2, "script": "/usr/share/doc/unit-ruby/examples/ruby-app.ru" } diff --git a/pkg/deb/debian/unit.example.config b/pkg/deb/debian/unit.example.config index 5610cb3a..66695327 100644 --- a/pkg/deb/debian/unit.example.config +++ b/pkg/deb/debian/unit.example.config @@ -2,7 +2,6 @@ "applications": { "example_php": { "type": "php", - "user": "nobody", "processes": 2, "root": "/usr/share/doc/unit/examples/php-app", "index": "index.php" @@ -10,7 +9,6 @@ "example_python": { "type": "python", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit/examples/python-app", "module": "wsgi" @@ -18,13 +16,11 @@ "example_go": { "type": "external", - "user": "nobody", "executable": "/tmp/go-app" }, "example_perl": { "type": "perl", - "user": "nobody", "processes": 1, "working_directory": "/usr/share/doc/unit-perl/examples/perl-app", "script": "/usr/share/doc/unit-perl/examples/perl-app/index.pl" diff --git a/pkg/deb/debian/unit.postinst b/pkg/deb/debian/unit.postinst index 76375a2b..8aa476b3 100755 --- a/pkg/deb/debian/unit.postinst +++ b/pkg/deb/debian/unit.postinst @@ -6,6 +6,40 @@ if [ "$1" != "configure" ]; then exit 0 fi +if [ -n "$2" ]; then + if dpkg --compare-versions "${2%%-*}" le "1.21.0"; then + cat <<BANNER +---------------------------------------------------------------------- + +WARNING: + +Since version 1.22.0, Unit's non-privileged processes run as unit:unit by +default. Review your system permissions and Unit configuration so apps and +routes that relied on these processes running as nobody:nogroup stay working. + +More info: https://unit.nginx.org/installation/#official-packages + +---------------------------------------------------------------------- +BANNER + fi +fi + +if ! getent group unit >/dev/null; then + addgroup --system unit >/dev/null +fi + +if ! getent passwd unit >/dev/null; then + adduser \ + --system \ + --disabled-login \ + --ingroup unit \ + --no-create-home \ + --home /nonexistent \ + --gecos "unit user" \ + --shell /bin/false \ + unit >/dev/null +fi + #DEBHELPER# exit 0 diff --git a/pkg/deb/debian/unit.preinst b/pkg/deb/debian/unit.preinst index d4be468d..bd513788 100644 --- a/pkg/deb/debian/unit.preinst +++ b/pkg/deb/debian/unit.preinst @@ -17,6 +17,7 @@ Online documentation is available at https://unit.nginx.org/ ---------------------------------------------------------------------- BANNER ;; + upgrade) ;; diff --git a/pkg/rpm/Makefile b/pkg/rpm/Makefile index 98a8ce97..1fefb262 100644 --- a/pkg/rpm/Makefile +++ b/pkg/rpm/Makefile @@ -149,6 +149,8 @@ CONFIGURE_ARGS=\ --pid=/var/run/unit/unit.pid \ --log=/var/log/unit/unit.log \ --tmp=/var/tmp \ + --user=unit \ + --group=unit \ --tests \ --openssl diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-go-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-go-config index a2c91e80..8aa65939 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-go-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-go-config @@ -2,7 +2,6 @@ "applications": { "example_go": { "type": "external", - "user": "nobody", "executable": "/tmp/go-app" } }, diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-perl-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-perl-config index 031928ce..2182fc46 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-perl-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-perl-config @@ -2,7 +2,6 @@ "applications": { "example_perl": { "type": "perl", - "user": "nobody", "processes": 1, "working_directory": "/usr/share/doc/unit-perl/examples/perl-app", "script": "/usr/share/doc/unit-perl/examples/perl-app/index.pl" diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-php-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-php-config index 8f23c984..9673385f 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-php-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-php-config @@ -2,7 +2,6 @@ "applications": { "example_php": { "type": "php", - "user": "nobody", "processes": 2, "root": "/usr/share/doc/unit-php/examples/phpinfo-app", "index": "index.php" diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-python-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-python-config index d612c89d..b3d3a2e5 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-python-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-python-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python/examples/python-app", "module": "wsgi" diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-python27-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-python27-config index 7541fcb3..094e6621 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-python27-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-python27-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 2.7", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python27/examples/python-app", "module": "wsgi" diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-python34-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-python34-config index b64e570c..15063c5e 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-python34-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-python34-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 3.4", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python34/examples/python-app", "module": "wsgi" diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-python35-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-python35-config index 025f3428..f9923a49 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-python35-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-python35-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 3.5", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python35/examples/python-app", "module": "wsgi" diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-python36-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-python36-config index 825cabc4..ef31c781 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-python36-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-python36-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 3.6", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python36/examples/python-app", "module": "wsgi" diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-python37-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-python37-config index 7f5e52f1..904af440 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-python37-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-python37-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 3.7", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python37/examples/python-app", "module": "wsgi" diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-python38-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-python38-config index 25003869..c98d1a52 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-python38-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-python38-config @@ -2,7 +2,6 @@ "applications": { "example_python": { "type": "python 3.8", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python38/examples/python-app", "module": "wsgi" diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example-ruby-config b/pkg/rpm/rpmbuild/SOURCES/unit.example-ruby-config index 15a92735..930aa987 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example-ruby-config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example-ruby-config @@ -2,7 +2,6 @@ "applications": { "example_ruby": { "type": "ruby", - "user": "nobody", "processes": 2, "script": "/usr/share/doc/unit-ruby/examples/ruby-app.ru" } diff --git a/pkg/rpm/rpmbuild/SOURCES/unit.example.config b/pkg/rpm/rpmbuild/SOURCES/unit.example.config index 6fe35e2f..4855a954 100644 --- a/pkg/rpm/rpmbuild/SOURCES/unit.example.config +++ b/pkg/rpm/rpmbuild/SOURCES/unit.example.config @@ -2,7 +2,6 @@ "applications": { "example_php": { "type": "php", - "user": "nobody", "processes": 2, "root": "/usr/share/doc/unit-php/examples/phpinfo-app", "index": "index.php" @@ -10,7 +9,6 @@ "example_python": { "type": "python", - "user": "nobody", "processes": 2, "path": "/usr/share/doc/unit-python/examples/python-app", "module": "wsgi" @@ -18,13 +16,11 @@ "example_go": { "type": "external", - "user": "nobody", "executable": "/tmp/go-app" }, "example_perl": { "type": "perl", - "user": "nobody", "processes": 1, "working_directory": "/usr/share/doc/unit-perl/examples/perl-app", "script": "/usr/share/doc/unit-perl/examples/perl-app/index.pl" diff --git a/pkg/rpm/unit.spec.in b/pkg/rpm/unit.spec.in index 506d1964..15853cf1 100644 --- a/pkg/rpm/unit.spec.in +++ b/pkg/rpm/unit.spec.in @@ -145,6 +145,10 @@ cat /dev/null > debugsourcefiles.list %post if [ $1 -eq 1 ]; then + getent group unit >/dev/null || groupadd -r unit + getent passwd unit >/dev/null || \ + useradd -r -g unit -s /sbin/nologin \ + -d /nonexistent -c "unit user" unit /usr/bin/systemctl preset unit.service >/dev/null 2>&1 ||: cat <<BANNER ---------------------------------------------------------------------- @@ -172,6 +176,21 @@ if [ $1 -ge 1 ]; then /usr/bin/systemctl try-restart unit.service >/dev/null 2>&1 ||: fi +%triggerpostun -- unit < 1.22.0 +cat <<BANNER +---------------------------------------------------------------------- + +WARNING: + +Since version 1.22.0, Unit's non-privileged processes run as unit:unit by +default. Review your system permissions and Unit configuration so apps and +routes that relied on these processes running as nobody:nogroup stay working. + +More info: https://unit.nginx.org/installation/#official-packages + +---------------------------------------------------------------------- +BANNER + %files %defattr(-,root,root,-) %attr(0755,root,root) %{_sbindir}/unitd |