technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Packages: run non-privileged processes under "unit" user.

Browse Source
This commit is contained in:
Andrei Belov
2020-12-17 14:30:18 +03:00
parent a5fa9673d9
commit 53d847615b
29 changed files with 58 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/deb/debian/unit.example.config
View File

@@ -2,7 +2,6 @@
"applications": {
"example_php": {
"type": "php",
"user": "nobody",
"processes": 2,
"root": "/usr/share/doc/unit/examples/php-app",
"index": "index.php"
@@ -10,7 +9,6 @@
"example_python": {
"type": "python",
"user": "nobody",
"processes": 2,
"path": "/usr/share/doc/unit/examples/python-app",
"module": "wsgi"
@@ -18,13 +16,11 @@
"example_go": {
"type": "external",
"user": "nobody",
"executable": "/tmp/go-app"
},
"example_perl": {
"type": "perl",
"user": "nobody",
"processes": 1,
"working_directory": "/usr/share/doc/unit-perl/examples/perl-app",
"script": "/usr/share/doc/unit-perl/examples/perl-app/index.pl"

34
pkg/deb/debian/unit.postinst
View File

@@ -6,6 +6,40 @@ if [ "$1" != "configure" ]; then
exit 0
fi
if [ -n "$2" ]; then
if dpkg --compare-versions "${2%%-*}" le "1.21.0"; then
cat <<BANNER
----------------------------------------------------------------------
WARNING:
Since version 1.22.0, Unit's non-privileged processes run as unit:unit by
default. Review your system permissions and Unit configuration so apps and
routes that relied on these processes running as nobody:nogroup stay working.
More info: https://unit.nginx.org/installation/#official-packages
----------------------------------------------------------------------
BANNER
fi
fi
if ! getent group unit >/dev/null; then
addgroup --system unit >/dev/null
fi
if ! getent passwd unit >/dev/null; then
adduser \
--system \
--disabled-login \
--ingroup unit \
--no-create-home \
--home /nonexistent \
--gecos "unit user" \
--shell /bin/false \
unit >/dev/null
fi
#DEBHELPER#
exit 0

1
pkg/deb/debian/unit.preinst
View File

@@ -17,6 +17,7 @@ Online documentation is available at https://unit.nginx.org/
----------------------------------------------------------------------
BANNER
;;
upgrade)
;;