yatinkarel
c64ea4f213
RHEL based distros set homedir permissions to 700, and Ubuntu 21.04+ to 750[1], i.e missing executable permission for group or others, this results into failures as defined in the below bug. Since in doc we add useradd command, it's good to add instructions to fix the permissions there itself instead of getting failures during installation and then fixing it. Also update user create script to fix permissions by adding executable bit to DEST directory if missing. [1] https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533 Closes-Bug: #1966858 Change-Id: Id2787886433281238eb95ee11a75eddeef514293
64 lines
2.1 KiB
Bash
Executable File
64 lines
2.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# **create-stack-user.sh**
|
|
|
|
# Create a user account suitable for running DevStack
|
|
# - create a group named $STACK_USER if it does not exist
|
|
# - create a user named $STACK_USER if it does not exist
|
|
#
|
|
# - home is $DEST
|
|
#
|
|
# - configure sudo for $STACK_USER
|
|
|
|
# ``stack.sh`` was never intended to run as root. It had a hack to do what is
|
|
# now in this script and re-launch itself, but that hack was less than perfect
|
|
# and it was time for this nonsense to stop. Run this script as root to create
|
|
# the user and configure sudo.
|
|
|
|
set -o errexit
|
|
|
|
# Keep track of the DevStack directory
|
|
TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
|
|
|
|
# Import common functions
|
|
source $TOP_DIR/functions
|
|
|
|
# Determine what system we are running on. This provides ``os_VENDOR``,
|
|
# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
|
|
# and ``DISTRO``
|
|
GetDistro
|
|
|
|
# Needed to get ``ENABLED_SERVICES`` and ``STACK_USER``
|
|
source $TOP_DIR/stackrc
|
|
|
|
# Give the non-root user the ability to run as **root** via ``sudo``
|
|
is_package_installed sudo || is_package_installed sudo-ldap || install_package sudo
|
|
|
|
[[ -z "$STACK_USER" ]] && die "STACK_USER is not set. Exiting."
|
|
|
|
if ! getent group $STACK_USER >/dev/null; then
|
|
echo "Creating a group called $STACK_USER"
|
|
groupadd $STACK_USER
|
|
fi
|
|
|
|
if ! getent passwd $STACK_USER >/dev/null; then
|
|
echo "Creating a user called $STACK_USER"
|
|
useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
|
|
# RHEL based distros create home dir with 700 permissions,
|
|
# And Ubuntu 21.04+ with 750, i.e missing executable
|
|
# permission for either group or others
|
|
# Devstack deploy will have issues with this, fix it by
|
|
# adding executable permission
|
|
if [[ $(stat -c '%A' $DEST|grep -o x|wc -l) -lt 3 ]]; then
|
|
echo "Executable permission missing for $DEST, adding it"
|
|
chmod +x $DEST
|
|
fi
|
|
fi
|
|
|
|
echo "Giving stack user passwordless sudo privileges"
|
|
# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
|
|
grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
|
|
echo "#includedir /etc/sudoers.d" >> /etc/sudoers
|
|
( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
|
|
> /etc/sudoers.d/50_stack_sh )
|