Date: Sat, 16 Dec 2017 22:10:09 +0200 From: Dmytro Bilokha <dmytro@posteo.net> To: Kevin Oberman <rkoberman@gmail.com> Cc: Miroslav Lachman <000.fbsd@quip.cz>, FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: Setting system user home directory Message-ID: <20171216200959.GA97697@wstan> In-Reply-To: <20171216185317.GA87289@wstan> References: <20171216094058.GA37778@wstan> <5A351515.1080805@quip.cz> <20171216135919.GA17551@wstan> <5A352BA5.9070403@quip.cz> <20171216170411.GA85559@wstan> <CAN6yY1u-RumzVkAe1TGvR64=SYuY6c-FptW4GnsMX344oyk%2BxA@mail.gmail.com> <20171216185317.GA87289@wstan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 16, 2017 at 08:53:17PM +0200, Dmytro Bilokha wrote:
>On Sat, Dec 16, 2017 at 10:48:34AM -0800, Kevin Oberman wrote:
>>On Sat, Dec 16, 2017 at 9:04 AM, Dmytro Bilokha <dmytro@posteo.net> wrote:
>>
>>> On Sat, Dec 16, 2017 at 03:20:21PM +0100, Miroslav Lachman wrote:
>>>
>>>> Dmytro Bilokha wrote on 2017/12/16 14:59:
>>>>
>>>>> On Sat, Dec 16, 2017 at 01:44:05PM +0100, Miroslav Lachman wrote:
>>>>>
>>>>>> Dmytro Bilokha wrote on 2017/12/16 10:40:
>>>>>>
>>>>>>> Hello, Everyone!
>>>>>>>
>>>>>>> I'm trying to change www/payara port to make it run under the payara
>>>>>>> user instead of root.
>>>>>>> I've added the following line to the UIDs file:
>>>>>>>
>>>>>>> payara:*:221:221::0:0:Payara Application Server
>>>>>>> user:/nonexistent:/usr/sbin/nologin
>>>>>>>
>>>>>>> And this line to the port makefile:
>>>>>>>
>>>>>>> USERS= payara
>>>>>>>
>>>>>>> Also, I've made some another changes to the port's scripts to start
>>>>>>> service under payara user.
>>>>>>> Everything seems to be fine, but the service on start/shutdown creates
>>>>>>> some preferences files,
>>>>>>> caches, etc in the payara user's homedir.
>>>>>>> The problem is, that it is impossible to create these files in
>>>>>>> /nonexistent. This fact makes
>>>>>>> service to show some annoying warnings on every startup/shutdown.
>>>>>>> To make service to work properly I want to create directory writable by
>>>>>>> the payara user and
>>>>>>> set it as payara's homedir.
>>>>>>> And I don't want to put these dir under the /usr/home/, it should be
>>>>>>> somewhere in the application,
>>>>>>> like /usr/local/payara-4.1.2.173/prefs.
>>>>>>> As far as I understand, payara user will be created automatically by
>>>>>>> the
>>>>>>> bsd.port.pre.mk file included in the port's makefile. But, during
>>>>>>> every
>>>>>>> installation somehow payara user's homedir
>>>>>>> should be changed. I can do it with the following one-liner:
>>>>>>>
>>>>>>> /usr/sbin/pw usermod payara -d ${DATADIR}/prefs
>>>>>>>
>>>>>>> So, the questions are:
>>>>>>> 1. Is it a proper way of doing such kind of things?
>>>>>>> 2. Where in the port's makefile should I put my one-liner? Will it be
>>>>>>> OK
>>>>>>> to make it like this:
>>>>>>>
>>>>>>> .......head of the make file with setting variables and so on is
>>>>>>> here......
>>>>>>> .include <bsd.port.pre.mk>
>>>>>>> do-install:
>>>>>>> .........doing some work here......
>>>>>>> @/usr/sbin/pw usermod payara -d ${DATADIR}/prefs
>>>>>>> .include <bsd.port.post.mk>
>>>>>>> ....end of the makefile.....
>>>>>>>
>>>>>>> Many thanks for your attention and help.
>>>>>>>
>>>>>>
>>>>>> I don't know Payara but applications should not write its files to
>>>>>> /usr/local. This should work even if /usr/local is mounted Read Only.
>>>>>> If you need to store configuration (preferences) then it should be in
>>>>>> /usr/local/etc/payara.
>>>>>> If the application writes some data files like databases, it goes under
>>>>>> /var/db/payara and log in to /var/log/payara.log or /var/log/payara
>>>>>> (directory)
>>>>>>
>>>>>> Miroslav Lachman
>>>>>>
>>>>>
>>>>> Thanks for the information. Now I'm a little bit confused.
>>>>> I've checked and seems to me that nither www/tomcat85 (servlet
>>>>> container) nor www/glassfish and java/wildfly10 (application servers)
>>>>> ports follow this convention.
>>>>> All of them has directories for logs, configuration and Java
>>>>> applications under the
>>>>> /usr/local. Is there something special in Java servers ports?
>>>>>
>>>>
>>>>
>>>> I know there are ports not following this convention (and I don't
>>>> understand why). Those ports are making troubles if you want to serve
>>>> /usr/local as read only NFS for example.
>>>>
>>>> Miroslav Lachman
>>>>
>>>
>>> Ok, than I'll try to move everything writable from /usr/local to /var.
>>> I plan to put system user's caches and properties to the
>>> /var/payara/X.Y.Z/prefs,
>>> where X.Y.Z is an application's version.
>>> And this returns me to the first question: how to properly change user's
>>> home
>>> directory on port installation?
>>>
>>> --
>>> Dmytro Bilokha
>>> dmytro@posteo.net
>>> +38-050-607-41-43
>>>
>>
>>How did you add the user? If you did not use the adduser script or vipw,
>>you must rebuild the database. pwd_mkdb. I would suggest always using vipw
>>as it automatically does everything
>>
>>Kevin Oberman, Part time kid herder and retired Network Engineer
>>E-mail: rkoberman@gmail.com
>>PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
>
>I've add following lines to the port's makefile:
>USERS= payara
>GROUPS= payara
>
>And user is created automatically during port installation process.
>--
>Dmytro Bilokha
>dmytro@posteo.net
>+38-050-607-41-43
Guys, thanks for your help. I've managed to adjust user's homedir
using pkg-install script. Now I'll try to move everything writable
from /usr/local to /var (as Miroslav suggested), test and submit
the new port version.
--
Dmytro Bilokha
dmytro@posteo.net
+38-050-607-41-43
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171216200959.GA97697>