Setting custom users and groups

Björn Raupach raupach at me.com
Wed Jul 29 01:33:32 PDT 2015


> On 28 Jul 2015, at 16:50, Joshua Root <jmr at macports.org> wrote:
> 
> On 2015-7-29 00:08 , Björn Raupach wrote:
>> hi joshua,
>> 
>>> On 28 Jul 2015, at 15:59, Joshua Root <jmr at macports.org> wrote:
>>> 
>>> On 2015-7-28 22:28 , Björn Raupach wrote:
>>>> Dear group,
>>>> 
>>>> I am new to Portfile development and have a problem with permissions for users and groups. At the moment I am trying to create a Portfile for Apache Tomcat 8. I would like to run Tomcat as non-root with a user `tomcat` and group `tomcat`. I am a bit lost.
>>>> 
>>>> set catalina_home   ${destroot}${prefix}/share/java/${name}
>>>> set tomcat_user      tomcat
>>>> set tomcat_group    tomcat
>>>> add_users ${tomcat_user} group=${tomcat_group}
>>>> 
>>>> I saw these lines in some other ports, for example couchdb, and figured that is the way to go even though I don’t find the macro add_users anywhere in the documentation. 
>>>> 
>>>> My destroot-phase currently looks like this:
>>>> 
>>>> destroot {
>>>>   xinstall -m 755 -g ${tomcat_group} -d ${catalina_home}
>>>> 
>>>>   file copy \
>>>>       ${worksrcpath}/LICENSE \
>>>>       ${worksrcpath}/NOTICE \
>>>>       ${worksrcpath}/RELEASE-NOTES \
>>>>       ${worksrcpath}/RUNNING.txt \
>>>>       ${worksrcpath}/bin \
>>>>       ${worksrcpath}/conf \
>>>>       ${worksrcpath}/lib \
>>>>       ${worksrcpath}/logs \
>>>>       ${worksrcpath}/temp \
>>>>       ${worksrcpath}/webapps \
>>>>       ${worksrcpath}/work \
>>>>       ${catalina_home}
>>>> 
>>>>   xinstall -m 644 ${filespath}/setenv.sh ${catalina_home}/bin/setenv.sh.default
>>>> 
>>>>   # replace @PREFIX@ to ${prefix}
>>>>   reinplace "s|@PREFIX@|${prefix}|g" ${catalina_home}/bin/setenv.sh.default
>>>>   # replace @NAME@ to ${name}
>>>>   reinplace "s|@NAME@|${name}|g" ${catalina_home}/bin/setenv.sh.default
>>>> }
>>>> 
>>>> However `/opt/local/share/java/tomcat8` has the ownership `root:admin` and not `root:tomcat`.
>>> 
>>> First try running the destroot target (rather than install) and check
>>> the permissions on ${destroot}${prefix}/share/java/tomcat8. The destroot
>>> dir will be in the path given by `port work tomcat8` BTW.
>> 
>> Nice. I did not know I could do that. Thanks!
>> 
>> Well, I checked. In the destroot-phase the permissions are like I want them to. The owner of the tomcat8 directory is `root` and the group is `tomcat`. After destroot I only have a post-activate phase that does not touch permissions.
>> 
>> post-activate {
>>    if {![file exists ${prefix}/share/java/${name}/bin/setenv.sh]} {
>>        file copy ${prefix}/share/java/${name}/bin/setenv.sh.default \
>>            ${prefix}/share/java/${name}/bin/setenv.sh
>>    }
>> }
> 
> (Please keep replies on the list.)

Sorry. I just hit reply. This works on my other mailing lists but not here. 

> 
> OK, so the ownership in the port image is probably OK. You can verify
> that by running 'tar -vtjf $archive' where $archive is the .tbz2 file in
> /opt/local/var/macports/software/tomcat8 when the port is installed.
> 
> Does the /opt/local/share/java/tomcat8 directory already exist? If it
> does, it will not be modified when the port is activated. Ports don't
> have exclusive ownership of directories like they do files, since
> multiple ports can install files in the same directory.

Again. So sorry. Josh, you were right. That directory was already present. After I deleted the folder and did a new port install I get the permissions like I want them to. Thanks!

So the approach with add_users is correct?

> 
> - Josh

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-dev/attachments/20150729/df77415a/attachment.html>


More information about the macports-dev mailing list