From f603a49d1d4c8df8ce78af5477ea10605de17420 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Wed, 15 Nov 2017 11:24:53 +0100 Subject: [PATCH] Deals with already existing user/group backuppc --- files/entrypoint.sh | 26 +++++++++++++++++++------- files/lighttpd.conf | 4 ++-- files/supervisord.conf | 2 +- 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/files/entrypoint.sh b/files/entrypoint.sh index d85f53d..37216e7 100755 --- a/files/entrypoint.sh +++ b/files/entrypoint.sh @@ -10,14 +10,26 @@ if [ -f /firstrun ]; then cp /usr/share/zoneinfo/$TZ /etc/localtime fi - # Create backuppc user - addgroup -S -g ${BACKUPPC_GUID:-1000} backuppc - adduser -D -S -h /home/backuppc -G backuppc -u ${BACKUPPC_UUID:-1000} backuppc - chown backuppc:backuppc /home/backuppc + # Create backuppc user/group if needed + BACKUPPC_GROUPNAME=`getent group "${BACKUPPC_GUID:-1000}" | cut -d: -f1` + if [ -z "$BACKUPPC_GROUPNAME" ]; then + groupadd -r -g "${BACKUPPC_GUID:-1000}" backuppc + BACKUPPC_GROUPNAME="backuppc" + fi + BACKUPPC_USERNAME=`getent group "${BACKUPPC_UUID:-1000}" | cut -d: -f1` + if [ -z "$BACKUPPC_USERNAME" ]; then + useradd -r -d /home/backuppc -g "${BACKUPPC_GUID:-1000}" -u ${BACKUPPC_UUID:-1000} -M -N backuppc + BACKUPPC_USERNAME="backuppc" + else + usermod -d /home/backuppc "$BACKUPPC_USERNAME" + fi + chown "$BACKUPPC_USERNAME":"$BACKUPPC_GROUPNAME" /home/backuppc + export BACKUPPC_USERNAME + export BACKUPPC_GROUPNAME # Generate cryptographic key if [ ! -f /home/backuppc/.ssh/id_rsa ]; then - su backuppc -s /bin/sh -c "ssh-keygen -t rsa -N '' -f /home/backuppc/.ssh/id_rsa" + su "$BACKUPPC_USERNAME" -s /bin/sh -c "ssh-keygen -t rsa -N '' -f /home/backuppc/.ssh/id_rsa" fi # Extract BackupPC @@ -59,14 +71,14 @@ if [ -f /firstrun ]; then -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com" openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt cat server.key server.crt > server.pem - chown backuppc:backuppc server.pem + chown "$BACKUPPC_USERNAME":"$BACKUPPC_GROUPNAME" server.pem chmod 0600 server.pem rm -f server.pass.key server.key server.csr server.crt # Reconfigure lighttpd to use ssl echo "ssl.engine = \"enable\"" >> /etc/lighttpd/lighttpd.conf echo "ssl.pemfile = \"/etc/lighttpd/server.pem\"" >> /etc/lighttpd/lighttpd.conf fi - touch /var/log/lighttpd/error.log && chown -R backuppc:backuppc /var/log/lighttpd + touch /var/log/lighttpd/error.log && chown -R "$BACKUPPC_USERNAME":"$BACKUPPC_GROUPNAME" /var/log/lighttpd # Configure standard mail delivery parameters (may be overriden by backuppc user-wide config) echo "account default" > /etc/msmtprc diff --git a/files/lighttpd.conf b/files/lighttpd.conf index 1d98e88..d2209c8 100644 --- a/files/lighttpd.conf +++ b/files/lighttpd.conf @@ -1,6 +1,6 @@ server.port = 8080 -server.username = "backuppc" -server.groupname = "backuppc" +server.username = env.BACKUPPC_USERNAME +server.groupname = env.BACKUPPC_GROUPNAME server.document-root = "/srv/http" server.errorlog = "/var/log/lighttpd/error.log" dir-listing.activate = "enable" diff --git a/files/supervisord.conf b/files/supervisord.conf index e3deabb..a5e559f 100644 --- a/files/supervisord.conf +++ b/files/supervisord.conf @@ -30,4 +30,4 @@ killasgroup = true [program:backuppc] command = /usr/local/BackupPC/bin/BackupPC redirect_stderr = true -user = backuppc +user = %(ENV_BACKUPPC_USERNAME)s