[med-svn] [conquest-dicom-server] 01/17: Creating a non-root user to run/own conquest
Pablo Lorenzzoni
spectra at moszumanska.debian.org
Mon Feb 3 16:47:50 UTC 2014
This is an automated email from the git hooks/post-receive script.
spectra pushed a commit to branch master
in repository conquest-dicom-server.
commit 1bb84bad634801f9b179121912b8eff2c4a178fb
Author: Pablo Lorenzzoni <spectra at debian.org>
Date: Wed Jan 29 14:46:39 2014 +0000
Creating a non-root user to run/own conquest
---
debian/README.Debian | 2 +-
debian/TODO | 4 +++-
debian/conquest-dicom-server.init | 21 ++++++++++++++++++---
debian/conquest-dicom-server.postinst | 19 +++++++++++++++++--
debian/control | 3 +--
5 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/debian/README.Debian b/debian/README.Debian
index bec8ad9..16ca7e7 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -17,7 +17,7 @@ The packaged software listen on 11112/TCP by default.
Running User
------------
-The main software runs under an unpriviledged user (dicom) as daemon
+The main software runs under an unpriviledged user (conquest) as daemon
(initscripts were provided).
CGI Interface
diff --git a/debian/TODO b/debian/TODO
index beb7f12..e67bca2 100644
--- a/debian/TODO
+++ b/debian/TODO
@@ -1,9 +1,11 @@
[ ] Add support for MySQL
[ ] Add support for DBIII
[ ] Add support for PostgreSQL
-[ ] Add Manpage
+[ ] Add Manpage (asciidoc?)
[ ] Replace get-orig-source
[ ] Run as non-root user
[ ] Bind to 127.0.0.1 by default (probably have to patch source code)
+[ ] Change the expected path for dicom.ini by default (probably have to
+ patch source code)
[**] Convert Repository layout to git-buildpackage
diff --git a/debian/conquest-dicom-server.init b/debian/conquest-dicom-server.init
index eeeb099..f0b769d 100755
--- a/debian/conquest-dicom-server.init
+++ b/debian/conquest-dicom-server.init
@@ -18,6 +18,8 @@ DAEMON=/usr/bin/$NAME # Introduce the server's location here
DAEMON_ARGS="-w/etc/conquest-dicom-server -^/var/log/conquest-dicom-server/dgate.log" # Arguments to run the daemon with
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
+USER=conquest
+GROUP=conquest
# Exit if the package is not installed
[ -x $DAEMON ] || exit 0
@@ -29,6 +31,16 @@ SCRIPTNAME=/etc/init.d/$NAME
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
+# Does not run if there's no user/group conquest
+if ! getent passwd | grep -q "^conquest:"; then
+ echo "Conquest user does not exist. Aborting" >&2
+ exit 1
+fi
+if ! getent group | grep -q "^conquest:"; then
+ echo "Conquest group does not exist. Aborting" >&2
+ exit 1
+fi
+
#
# Function that starts the daemon/service
#
@@ -40,7 +52,7 @@ do_start()
# 2 if daemon could not be started
#start-stop-daemon --start --verbose --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
# || return 1
- start-stop-daemon --background --start --verbose --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- \
+ start-stop-daemon --background --start --verbose --make-pidfile --pidfile $PIDFILE --chuid conquest:conquest --exec $DAEMON -- \
$DAEMON_ARGS
# Add code here, if necessary, that waits for the process to be ready
# to handle requests from services started subsequently which depend
@@ -66,7 +78,7 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop --verbose --oknodo --pidfile $PIDFILE
+ start-stop-daemon --stop --verbose --oknodo --pidfile $PIDFILE --user conquest
RETVAL="$?"
#[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
@@ -104,6 +116,9 @@ case "$1" in
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
+ regen)
+ $DAEMON $DAEMON_ARGS -v -r
+ ;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
@@ -140,7 +155,7 @@ case "$1" in
;;
*)
#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
- echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|status|regen|restart|force-reload}" >&2
exit 3
;;
esac
diff --git a/debian/conquest-dicom-server.postinst b/debian/conquest-dicom-server.postinst
index e3c1716..20cb67e 100644
--- a/debian/conquest-dicom-server.postinst
+++ b/debian/conquest-dicom-server.postinst
@@ -3,13 +3,28 @@
set -e
#DEBHELPER#
-
if [ "$1" != "configure" -a "$1" != "purge" ]; then
exit 0
fi
+# Create conquest user and group
+if ! getent passwd conquest >/dev/null 2>&1; then
+ if ! getent group conquest > /dev/null 2>&1; then
+ echo "Adding \`conquest' group to system ..."
+ addgroup --quiet --system conquest || true
+ fi
+ echo "Adding \`conquest' user to system ..."
+ adduser --quiet --system --ingroup conquest --home \
+ /etc/conquest-dicom-server --shell /bin/false \
+ --disabled-password conquest || true
+fi
+
# DICOM db setup
-/usr/bin/dgate -w/etc/conquest-dicom-server -v -r
+if which invoke-rc.d >/dev/null 2>&1; then
+ invoke-rc.d conquest-dicom-server regen
+else
+ /etc/init.d/conquest-dicom-server regen
+fi
exit 0
diff --git a/debian/control b/debian/control
index cdddefa..de83b81 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,6 @@
Source: conquest-dicom-server
Section: web
Maintainer: Debian Med Packaging Team <debian-med-packaging at lists.alioth.debian.org>
-DM-Upload-Allowed: yes
Uploaders: Pablo Lorenzzoni <spectra at debian.org>, Mathieu Malaterre <malat at debian.org>
Priority: extra
Build-Depends: debhelper (>= 9), liblua5.1-dev, libsqlite3-dev, autotools-dev, dh-autoreconf
@@ -12,7 +11,7 @@ Homepage: http://ingenium.home.xs4all.nl/dicom.html
Package: conquest-dicom-server
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser (>= 3.11)
Description: DICOM Server with storage, verification, query and retrieve
A full featured DICOM server that has been developed based on and heavily
extending the public domain UCDMC DICOM code. Some possible applications of
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-med/conquest-dicom-server.git
More information about the debian-med-commit
mailing list