If the QMF broker is not installed, there may be no qpidd user on the system (unless qpid is also installed). However, we need to ensure that the qpidd user can access /var/lib/matahari and /var/run/matahari without changing the permissions if it is installed at a later time.
The solution is to create the group qpidd if it does not exist and set the ownership of /var/lib/matahari to root:qpidd with mode 770. This avoids the need to create the qpidd user's home directory, which should be /var/lib/qpidd. We leave that to the qpid-cpp-server package.
Note that /var/lib/matahari is no longer world-readable (/var/run/matahari remains world-readable).
Signed-off-by: Zane Bitter zbitter@redhat.com --- matahari-broker.init.in | 3 ++- matahari.spec.in | 19 +++++++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/matahari-broker.init.in b/matahari-broker.init.in index 13a535d..aee1d6d 100755 --- a/matahari-broker.init.in +++ b/matahari-broker.init.in @@ -53,7 +53,8 @@ RETVAL=0
start() { echo -n $"Starting Matahari broker daemon: " - install -o qpidd -g qpidd -d @localstatedir@/{run,lib}/matahari + install -o root -g qpidd -m 770 -d @localstatedir@/lib/matahari + install -o root -g qpidd -m 775 -d @localstatedir@/run/matahari daemon --pidfile $pidfile --check $prog --user qpidd /usr/sbin/$prog --daemon --pid-dir @localstatedir@/run/matahari --data-dir @localstatedir@/lib/matahari $QPIDD_OPTIONS RETVAL=$? echo diff --git a/matahari.spec.in b/matahari.spec.in index 374730a..3d60bad 100644 --- a/matahari.spec.in +++ b/matahari.spec.in @@ -99,6 +99,7 @@ Summary: C++ library used by Matahari agents Group: Applications/System Requires: %{name}-lib = %{version}-%{release} Requires: qpid-cpp-client-ssl > 0.7 +Requires(pre): shadow-utils
%description agent-lib C++ library containing the base class for Matahari agents @@ -202,8 +203,8 @@ make DESTDIR=%{buildroot} install %{__install} matahari-broker.sysconf $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/matahari-broker %{__ln_s} qpidd $RPM_BUILD_ROOT/%{_sbindir}/matahari-brokerd
-%{__install} -d -m0755 $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name} -%{__install} -d -m0755 $RPM_BUILD_ROOT/%{_localstatedir}/run/%{name} +%{__install} -d -m0770 $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name} +%{__install} -d -m0775 $RPM_BUILD_ROOT/%{_localstatedir}/run/%{name} %endif
%post -n matahari-lib -p /sbin/ldconfig @@ -304,6 +305,12 @@ if [ "$1" -ge "1" ]; then /sbin/service matahari-broker condrestart >/dev/null 2>&1 || : fi
+#== Agent Lib + +%pre agent-lib +getent group qpidd >/dev/null || groupadd -r qpidd +exit 0 + %endif
%clean @@ -314,15 +321,15 @@ test "x%{buildroot}" != "x" && rm -rf %{buildroot} %doc AUTHORS COPYING
%files agent-lib -%defattr(644, root, root, 755) -%dir %{_datadir}/matahari/ +%defattr(644, root, root) +%attr(755, -, -) %dir %{_datadir}/matahari/ %config(noreplace) %{_sysconfdir}/sysconfig/matahari %doc AUTHORS COPYING
%if %{with qmf} %{_libdir}/libmcommon_qmf.so.* -%attr(755, qpidd, qpidd) %{_localstatedir}/lib/%{name} -%ghost %attr(755, qpidd, qpidd) %{_localstatedir}/run/%{name} +%dir %attr(0770, root, qpidd) %{_localstatedir}/lib/%{name} +%ghost %dir %attr(0775, root, qpidd) %{_localstatedir}/run/%{name} %endif
%if %{with dbus}
This looks zane, I mean sane to me. Ack
matahari@lists.fedorahosted.org