prometheus-snap

Merge ~jsimpso/prometheus-snap:master into prometheus-snap:master

  1. Git
  2. lp:~jsimpso/prometheus-snap
  3. master
  4. Merge into master
Proposed by James Simpson
Status: Merged
Approved by: James Simpson
Approved revision: 9ea7b9554d3658220614fd588ad4ac68ba260963
Merged at revision: 91ba2f7aba62a4e1aeeffbd7f1683515c668f091
Proposed branch: ~jsimpso/prometheus-snap:master
Merge into: prometheus-snap:master
Diff against target: 54 lines (+13/-10)
1 file modified
snap_config_wrapper (+13/-10)
Reviewer Review Type Date Requested Status
Barry Price Approve
prometheus-snap-developers Pending
Review via email: mp+430092@code.launchpad.net

Commit message

Improvements to file permissions for non-root user

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Barry Price (barryprice) wrote :

LGTM +1

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 91ba2f7aba62a4e1aeeffbd7f1683515c668f091

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/snap_config_wrapper b/snap_config_wrapper
2index 7505fd5..a3a85ae 100755
3--- a/snap_config_wrapper
4+++ b/snap_config_wrapper
5@@ -6,6 +6,8 @@
6 SNAP_DATA_DIRS=""
7 SNAP_DATA_FILES="prometheus.yml daemon_arguments"
8 SNAP_DB_DIR="${SNAP_COMMON}/tsdb"
9+OWNER_USER="snap_daemon"
10+OWNER_GROUP="root"
11
12 # Snaps can't manage ownership of SNAP_COMMON directly, so we'll move the DB
13 # to a subdir of SNAP_COMMON -- https://forum.snapcraft.io/t/system-usernames/13386/12
14@@ -14,20 +16,17 @@ if [ ! -d "${SNAP_DB_DIR}" ]; then
15 # If we're making the dir for the first time, move any existing content into it
16 find "${SNAP_COMMON}" -maxdepth 1 -mindepth 1 -not -name tsdb -exec mv -t "${SNAP_DB_DIR}" {} +
17 fi
18-chmod 775 "${SNAP_DB_DIR}"
19-find "${SNAP_DB_DIR}" -type d -exec chmod 775 {} \;
20-find "${SNAP_DB_DIR}" -type f -exec chmod 664 {} \;
21-chown -R snap_daemon: "${SNAP_DB_DIR}"
22+
23+find "${SNAP_DB_DIR}" -type d \( ! -user "${OWNER_USER}" -o ! -group "${OWNER_GROUP}" \) -exec chmod 775 {} \; -exec chown "${OWNER_USER}:${OWNER_GROUP}" {} \;
24+find "${SNAP_DB_DIR}" -type f \( ! -user "${OWNER_USER}" -o ! -group "${OWNER_GROUP}" \) -exec chmod 664 {} \; -exec chown "${OWNER_USER}:${OWNER_GROUP}" {} \;
25
26 for DIR in ${SNAP_DATA_DIRS}
27 do
28 if [ ! -d "${SNAP_DATA}/${DIR}" ]; then
29 mkdir "${SNAP_DATA}/${DIR}"
30 fi
31- chmod 775 "${SNAP_DATA}/${DIR}"
32- find "${SNAP_DATA}/${DIR}" -type d -exec chmod 775 {} \;
33- find "${SNAP_DATA}/${DIR}" -type f -exec chmod 664 {} \;
34- chown -R snap_daemon: "${SNAP_DATA}/${DIR}"
35+ find "${SNAP_DATA}/${DIR}" -type d \( ! -user "${OWNER_USER}" -o ! -group "${OWNER_GROUP}" \) -exec chmod 775 {} \; -exec chown "${OWNER_USER}:${OWNER_GROUP}" {} \;
36+ find "${SNAP_DATA}/${DIR}" -type f \( ! -user "${OWNER_USER}" -o ! -group "${OWNER_GROUP}" \) -exec chmod 664 {} \; -exec chown "${OWNER_USER}:${OWNER_GROUP}" {} \;
37 done
38
39 for FILE in ${SNAP_DATA_FILES}
40@@ -35,8 +34,12 @@ do
41 if [ ! -f "${SNAP_DATA}/${FILE}" ]; then
42 cp "${SNAP}/etc/prometheus/${FILE}.example" "${SNAP_DATA}/${FILE}"
43 fi
44- chmod 664 "${SNAP_DATA}/${FILE}"
45- chown snap_daemon: "${SNAP_DATA}/${FILE}"
46+ file_user=$(stat "${SNAP_DATA}/${FILE}" --format '%U')
47+ file_group=$(stat "${SNAP_DATA}/${FILE}" --format '%G')
48+ if [ "${file_user}" != "${OWNER_USER}" ] || [ "${file_group}" != "${OWNER_GROUP}" ]; then
49+ chmod 664 "${SNAP_DATA}/${FILE}" && chown "${OWNER_USER}:${OWNER_GROUP}" "${SNAP_DATA}/${FILE}"
50+ fi
51+
52 done
53
54 ulimit -n 65536

Subscribers

People subscribed via source and target branches