Fix doc and user create script to set homedir permissions

RHEL based distros set homedir permissions to 700,
and Ubuntu 21.04+ to 750[1], i.e missing executable
permission for group or others, this results into failures
as defined in the below bug.

Since in doc we add useradd command, it's good to
add instructions to fix the permissions there itself
instead of getting failures during installation and then
fixing it.

Also update user create script to fix permissions
by adding executable bit to DEST directory if missing.

[1] https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533

Closes-Bug: #1966858
Change-Id: Id2787886433281238eb95ee11a75eddeef514293
This commit is contained in:
yatinkarel 2022-04-20 12:30:09 +05:30 committed by Dr. Jens Harbott
parent d380858b2d
commit c64ea4f213
4 changed files with 33 additions and 0 deletions

View File

@ -75,6 +75,14 @@ Otherwise create the stack user:
useradd -s /bin/bash -d /opt/stack -m stack useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
::
chmod +x /opt/stack
This user will be making many changes to your system during installation This user will be making many changes to your system during installation
and operation so it needs to have sudo privileges to root without a and operation so it needs to have sudo privileges to root without a
password: password:

View File

@ -49,6 +49,14 @@ below)
$ sudo useradd -s /bin/bash -d /opt/stack -m stack $ sudo useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
.. code-block:: console
$ sudo chmod +x /opt/stack
Since this user will be making many changes to your system, it will need Since this user will be making many changes to your system, it will need
to have sudo privileges: to have sudo privileges:

View File

@ -57,6 +57,14 @@ to run DevStack with
$ sudo useradd -s /bin/bash -d /opt/stack -m stack $ sudo useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
.. code-block:: console
$ sudo chmod +x /opt/stack
Since this user will be making many changes to your system, it should Since this user will be making many changes to your system, it should
have sudo privileges: have sudo privileges:

View File

@ -44,6 +44,15 @@ fi
if ! getent passwd $STACK_USER >/dev/null; then if ! getent passwd $STACK_USER >/dev/null; then
echo "Creating a user called $STACK_USER" echo "Creating a user called $STACK_USER"
useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
# RHEL based distros create home dir with 700 permissions,
# And Ubuntu 21.04+ with 750, i.e missing executable
# permission for either group or others
# Devstack deploy will have issues with this, fix it by
# adding executable permission
if [[ $(stat -c '%A' $DEST|grep -o x|wc -l) -lt 3 ]]; then
echo "Executable permission missing for $DEST, adding it"
chmod +x $DEST
fi
fi fi
echo "Giving stack user passwordless sudo privileges" echo "Giving stack user passwordless sudo privileges"