diff options
author | Tor Egge <Tor.Egge@oath.com> | 2018-03-12 11:29:46 +0000 |
---|---|---|
committer | Tor Egge <Tor.Egge@oath.com> | 2018-03-12 11:43:56 +0000 |
commit | 410933939a74e42874dd580bfe0051b3222185a5 (patch) | |
tree | fcc0b90f8766f6515f395234521e4ff6b269b10a /vespabase | |
parent | 3a8b891dcd7f394129a7a7ba700bf525126db44f (diff) |
Changes to allow unprivileged vespa.
Diffstat (limited to 'vespabase')
-rw-r--r-- | vespabase/conf/default-env.txt.in | 1 | ||||
-rwxr-xr-x | vespabase/src/common-env.sh | 4 | ||||
-rwxr-xr-x | vespabase/src/rhel-prestart.sh | 12 |
3 files changed, 13 insertions, 4 deletions
diff --git a/vespabase/conf/default-env.txt.in b/vespabase/conf/default-env.txt.in index 3551cec9945..374bbd020dd 100644 --- a/vespabase/conf/default-env.txt.in +++ b/vespabase/conf/default-env.txt.in @@ -1,3 +1,4 @@ # Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. fallback VESPA_HOME @CMAKE_INSTALL_PREFIX@ override VESPA_USER @VESPA_USER@ +override VESPA_UNPRIVILEGED @VESPA_UNPRIVILEGED@ diff --git a/vespabase/src/common-env.sh b/vespabase/src/common-env.sh index 76f5d69b3a4..550e902cb55 100755 --- a/vespabase/src/common-env.sh +++ b/vespabase/src/common-env.sh @@ -145,6 +145,10 @@ consider_fallback VESPA_USE_NO_VESPAMALLOC $(get_var "no_vespamalloc_list") fixlimits () { + # Cannot bump limits when not root (for testing) + if test "${VESPA_UNPRIVILEGED}" = yes; then + return 0 + fi # number of open files: if varhasvalue file_descriptor_limit; then ulimit -n ${file_descriptor_limit} || exit 1 diff --git a/vespabase/src/rhel-prestart.sh b/vespabase/src/rhel-prestart.sh index ebe9fe16938..b51a7b4e3b6 100755 --- a/vespabase/src/rhel-prestart.sh +++ b/vespabase/src/rhel-prestart.sh @@ -71,8 +71,10 @@ fixdir () { exit 1 fi mkdir -p "$4" - chown $1 "$4" - chgrp $2 "$4" + if test "${VESPA_UNPRIVILEGED}" != yes; then + chown $1 "$4" + chgrp $2 "$4" + fi chmod $3 "$4" } @@ -103,8 +105,10 @@ fixdir ${VESPA_USER} wheel 755 var/vespa/bundlecache fixdir ${VESPA_USER} wheel 755 var/vespa/bundlecache/configserver fixdir ${VESPA_USER} wheel 755 var/vespa/cache/config/ -chown -hR ${VESPA_USER} logs/vespa -chown -hR ${VESPA_USER} var/db/vespa +if test "${VESPA_UNPRIVILEGED}" != yes; then + chown -hR ${VESPA_USER} logs/vespa + chown -hR ${VESPA_USER} var/db/vespa +fi # END directory fixups |