From a95d8002d5826c4d0f5ada12ba82fb74c3e33783 Mon Sep 17 00:00:00 2001 From: ljf Date: Mon, 29 Mar 2021 10:26:15 +0200 Subject: [PATCH] [fix] Run borg with a specific user --- conf/sudoer | 1 + conf/systemd.service | 6 +++--- scripts/backup | 1 + scripts/install | 11 ++++++++++- scripts/restore | 1 - scripts/upgrade | 3 ++- 6 files changed, 17 insertions(+), 6 deletions(-) create mode 100644 conf/sudoer diff --git a/conf/sudoer b/conf/sudoer new file mode 100644 index 0000000..7945669 --- /dev/null +++ b/conf/sudoer @@ -0,0 +1 @@ +__APP__ ALL=(root) /usr/local/bin/backup-with-__APP__, /usr/local/bin/borg diff --git a/conf/systemd.service b/conf/systemd.service index 4c8271b..b2d0080 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -4,9 +4,9 @@ After=network.target [Service] Type=oneshot -ExecStart=/usr/local/bin/backup-with-__APP__ __APP__ -User=root -Group=root +ExecStart=/usr/bin/sudo /usr/local/bin/backup-with-__APP__ __APP__ +User=__APP__ +Group=__APP__ #[Install] #WantedBy=multi-user.target diff --git a/scripts/backup b/scripts/backup index 9a0f189..61e6920 100755 --- a/scripts/backup +++ b/scripts/backup @@ -28,6 +28,7 @@ app=$YNH_APP_INSTANCE_NAME ynh_print_info --message="Declaring files to be backed up..." ynh_backup "/usr/local/bin/backup-with-$app" +ynh_backup "/etc/sudoers.d/$app" ynh_backup "/etc/systemd/system/$app.service" ynh_backup "/etc/systemd/system/$app.timer" ynh_backup "/etc/yunohost/hooks.d/backup_method/05-${app}_app" diff --git a/scripts/install b/scripts/install index 89090b8..2be84fd 100755 --- a/scripts/install +++ b/scripts/install @@ -46,6 +46,14 @@ ynh_script_progression --message="Installing dependencies..." ynh_install_app_dependencies $pkg_dependencies install_borg_with_pip +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --time --weight=1 + +# Create a system user +ynh_system_user_create --username=$app + #================================================= # SPECIFIC SETUP #================================================= @@ -64,6 +72,7 @@ chmod go=--- "/etc/yunohost/hooks.d/backup_method/05-${app}_app" ynh_add_config --template="backup-with-borg" --destination="/usr/local/bin/backup-with-$app" chmod u+x "/usr/local/bin/backup-with-$app" +ynh_add_config --template="sudoer" --destination="/etc/sudoers.d/$app" if [ ! -z "$server" ]; then #================================================= @@ -103,7 +112,7 @@ fi #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Configuring a systemd service..." --time --weight=1 +ynh_script_progression --message="Configuring a systemd service..." --weight=1 # Create a dedicated systemd config ynh_add_systemd_config diff --git a/scripts/restore b/scripts/restore index 31a35cf..f05ed7c 100755 --- a/scripts/restore +++ b/scripts/restore @@ -47,7 +47,6 @@ ynh_restore #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add $app systemctl enable $app.timer --quiet systemctl start $app.timer diff --git a/scripts/upgrade b/scripts/upgrade index 5a4ae19..b160e27 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -97,10 +97,11 @@ ynh_script_progression --message="Setting up backup method..." --weight=1 ynh_add_config --template="backup_method" --destination="/etc/yunohost/hooks.d/backup_method/05-${app}_app" chmod go=--- "/etc/yunohost/hooks.d/backup_method/05-${app}_app" - ynh_add_config --template="backup-with-borg" --destination="/usr/local/bin/backup-with-$app" chmod u+x "/usr/local/bin/backup-with-$app" +ynh_add_config --template="sudoer" --destination="/etc/sudoers.d/$app" + #================================================= # SETUP SYSTEMD #=================================================