Changes to allow unprivileged vespa.

3 files changed, 13 insertions, 4 deletions

diff --git a/vespabase/conf/default-env.txt.in b/vespabase/conf/default-env.txt.in
index 3551cec9945..374bbd020dd 100644
--- a/vespabase/conf/default-env.txt.in
+++ b/vespabase/conf/default-env.txt.in
@@ -1,3 +1,4 @@
 # Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 fallback VESPA_HOME @CMAKE_INSTALL_PREFIX@
 override VESPA_USER @VESPA_USER@
+override VESPA_UNPRIVILEGED @VESPA_UNPRIVILEGED@
diff --git a/vespabase/src/common-env.sh b/vespabase/src/common-env.sh
index 76f5d69b3a4..550e902cb55 100755
--- a/vespabase/src/common-env.sh
+++ b/vespabase/src/common-env.sh
@@ -145,6 +145,10 @@ consider_fallback VESPA_USE_NO_VESPAMALLOC  $(get_var "no_vespamalloc_list")
 
 
 fixlimits () {
+    # Cannot bump limits when not root (for testing)
+    if test "${VESPA_UNPRIVILEGED}" = yes; then
+	return 0
+    fi
     # number of open files:
     if varhasvalue file_descriptor_limit; then
        ulimit -n ${file_descriptor_limit} || exit 1
diff --git a/vespabase/src/rhel-prestart.sh b/vespabase/src/rhel-prestart.sh
index ebe9fe16938..b51a7b4e3b6 100755
--- a/vespabase/src/rhel-prestart.sh
+++ b/vespabase/src/rhel-prestart.sh
@@ -71,8 +71,10 @@ fixdir () {
         exit 1
     fi
     mkdir -p "$4"
-    chown $1 "$4"
-    chgrp $2 "$4"
+    if test "${VESPA_UNPRIVILEGED}" != yes; then
+      chown $1 "$4"
+      chgrp $2 "$4"
+    fi
     chmod $3 "$4"
 }
 
@@ -103,8 +105,10 @@ fixdir ${VESPA_USER} wheel  755  var/vespa/bundlecache
 fixdir ${VESPA_USER} wheel  755  var/vespa/bundlecache/configserver
 fixdir ${VESPA_USER} wheel  755  var/vespa/cache/config/
 
-chown -hR ${VESPA_USER} logs/vespa
-chown -hR ${VESPA_USER} var/db/vespa
+if test "${VESPA_UNPRIVILEGED}" != yes; then
+  chown -hR ${VESPA_USER} logs/vespa
+  chown -hR ${VESPA_USER} var/db/vespa
+fi
 
 # END directory fixups