technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Packages: run non-privileged processes under "unit" user.

Browse Source
This commit is contained in:
Andrei Belov
2020-12-17 14:30:18 +03:00
parent a5fa9673d9
commit 53d847615b
29 changed files with 58 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/rpm/unit.spec.in
View File

@@ -145,6 +145,10 @@ cat /dev/null > debugsourcefiles.list
%post
if [ $1 -eq 1 ]; then
getent group unit >/dev/null || groupadd -r unit
getent passwd unit >/dev/null || \
useradd -r -g unit -s /sbin/nologin \
-d /nonexistent -c "unit user" unit
/usr/bin/systemctl preset unit.service >/dev/null 2>&1 ||:
cat <<BANNER
----------------------------------------------------------------------
@@ -172,6 +176,21 @@ if [ $1 -ge 1 ]; then
/usr/bin/systemctl try-restart unit.service >/dev/null 2>&1 ||:
fi
%triggerpostun -- unit < 1.22.0
cat <<BANNER
----------------------------------------------------------------------
WARNING:
Since version 1.22.0, Unit's non-privileged processes run as unit:unit by
default. Review your system permissions and Unit configuration so apps and
routes that relied on these processes running as nobody:nogroup stay working.
More info: https://unit.nginx.org/installation/#official-packages
----------------------------------------------------------------------
BANNER
%files
%defattr(-,root,root,-)
%attr(0755,root,root) %{_sbindir}/unitd