From b10fff0ea77b6d7bb312f159332b8de2fec5a84c Mon Sep 17 00:00:00 2001
From: jonmv <venstad@gmail.com>
Date: Mon, 24 Oct 2022 14:30:40 +0200
Subject: Revert "Merge pull request #24543 from
 vespa-engine/ean/fix-ulimit-arg"

This reverts commit fa29e75a71b49fc3925349457bb43de03b6d60d8, reversing
changes made to 67bba3a54687664a15998c60a50ec0bae55a30d3.
---
 vespabase/src/common-env.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vespabase/src/common-env.sh b/vespabase/src/common-env.sh
index 00bc6652699..41c25be4ac9 100755
--- a/vespabase/src/common-env.sh
+++ b/vespabase/src/common-env.sh
@@ -234,7 +234,7 @@ fixlimits () {
     else
         # number of open files:
         if [ $file_descriptor -lt $file_descriptor_limit ]; then
-            ulimit -n "$file_descriptor_limit" || exit 1
+            ulimit -n files || exit 1
         fi
 
         # core file size
-- 
cgit v1.2.3


From 866f746d5d608782f6de38af93bf5e2305cbf781 Mon Sep 17 00:00:00 2001
From: jonmv <venstad@gmail.com>
Date: Mon, 24 Oct 2022 14:30:50 +0200
Subject: Revert "Merge pull request #24519 from
 vespa-engine/ean/remove-vespa-unprivileged"

This reverts commit 1afef7d4676c17d70087aeb36df228faf7073afd, reversing
changes made to 2dc4c6b58004d51af887c49760a98804803ab73f.
---
 configserver/src/main/sh/start-configserver |  6 ++--
 metrics-proxy/src/main/sh/start-telegraf.sh |  2 +-
 vespabase/src/common-env.sh                 | 53 +++++++++--------------------
 vespabase/src/rhel-prestart.sh              | 25 ++++----------
 4 files changed, 27 insertions(+), 59 deletions(-)

diff --git a/configserver/src/main/sh/start-configserver b/configserver/src/main/sh/start-configserver
index 8e7a9d7839a..f223c0a8fb9 100755
--- a/configserver/src/main/sh/start-configserver
+++ b/configserver/src/main/sh/start-configserver
@@ -78,7 +78,7 @@ cd ${VESPA_HOME} || { echo "Cannot cd to ${VESPA_HOME}" 1>&2; exit 1; }
 
 fixfile () {
     if [ -f $1 ]; then
-        if [ "${VESPA_USER}" ] && [ "$(id -u)" -eq 0 ]; then
+        if [ "${VESPA_USER}" ] && [ "${VESPA_UNPRIVILEGED}" != yes ]; then
             chown ${VESPA_USER} $1
         fi
         chmod 644 $1
@@ -90,8 +90,8 @@ fixddir () {
        echo "Creating data directory $1"
        mkdir -p $1 || exit 1
     fi
-    if [ "${VESPA_USER}" ] && [ "$(id -u)" -eq 0 ]; then
-        chown ${VESPA_USER} $1
+    if [ "${VESPA_USER}" ] && [ "${VESPA_UNPRIVILEGED}" != yes ]; then
+       chown ${VESPA_USER} $1
     fi
     chmod 755 $1
 }
diff --git a/metrics-proxy/src/main/sh/start-telegraf.sh b/metrics-proxy/src/main/sh/start-telegraf.sh
index 0cdfd784367..ca6549de5f8 100644
--- a/metrics-proxy/src/main/sh/start-telegraf.sh
+++ b/metrics-proxy/src/main/sh/start-telegraf.sh
@@ -79,7 +79,7 @@ fixddir () {
        echo "Creating data directory $1"
        mkdir -p $1 || exit 1
     fi
-    if [ "${VESPA_USER}" ] && [ "$(id -u)" -eq 0 ]; then
+    if [ "${VESPA_USER}" ] && [ "${VESPA_UNPRIVILEGED}" != yes ]; then
        chown ${VESPA_USER} $1
     fi
     chmod 755 $1
diff --git a/vespabase/src/common-env.sh b/vespabase/src/common-env.sh
index 41c25be4ac9..628ebe6b074 100755
--- a/vespabase/src/common-env.sh
+++ b/vespabase/src/common-env.sh
@@ -207,45 +207,26 @@ consider_fallback VESPA_USE_NO_VESPAMALLOC  "vespa-rpc-invoke vespa-get-config v
 
 
 fixlimits () {
-    max_processes_limit=409600
-    if ! varhasvalue file_descriptor_limit; then
-        file_descriptor_limit=262144
+    # Cannot bump limits when not root (for testing)
+    if [ "${VESPA_UNPRIVILEGED}" = yes ]; then
+	return 0
+    fi
+    # number of open files:
+    if varhasvalue file_descriptor_limit; then
+       ulimit -n ${file_descriptor_limit} || exit 1
+    elif [ `ulimit -n` -lt 262144 ]; then
+        ulimit -n 262144 || exit 1
     fi
 
-    max_processes=$(ulimit -u)
-    core_size=$(ulimit -c)
-    file_descriptor=$(ulimit -n)
-    # Warn if we Cannot bump limits when not root
-    if [ "$(id -u)" -ne 0 ]; then
-        # number of open files:
-        if [ $file_descriptor -lt $file_descriptor_limit ]; then
-            echo "Expected file descriptor limit to be at least $file_descriptor_limit, was $file_descriptor"
-        fi
-
-        # core file size
-        if [ "$core_size" != "unlimited" ]; then
-            echo "Expected core file size to be unlimited, was $core_size"
-        fi
-
-        # number of processes/threads
-        if [ "$max_processes" != "unlimited" ] && [ "$max_processes" -lt "$max_processes_limit" ]; then
-            echo "Expected max processes to be at least $max_processes_limit, was $max_processes"
-        fi
-    else
-        # number of open files:
-        if [ $file_descriptor -lt $file_descriptor_limit ]; then
-            ulimit -n files || exit 1
-        fi
-
-        # core file size
-        if [ "$core_size" != "unlimited" ]; then
-            ulimit -c unlimited
-        fi
+    # core file size
+    if [ `ulimit -c` != "unlimited" ]; then
+        ulimit -c unlimited
+    fi
 
-        # number of processes/threads
-        if [ "$max_processes" != "unlimited" ] && [ "$max_processes" -lt "$max_processes_limit" ]; then
-            ulimit -u "$max_processes_limit"
-        fi
+    # number of processes/threads
+    max_processes=`ulimit -u`
+    if [ "$max_processes" != "unlimited" ] && [ "$max_processes" -lt 409600 ]; then
+        ulimit -u 409600
     fi
 }
 
diff --git a/vespabase/src/rhel-prestart.sh b/vespabase/src/rhel-prestart.sh
index 0aedfb4622d..79a8e61848c 100755
--- a/vespabase/src/rhel-prestart.sh
+++ b/vespabase/src/rhel-prestart.sh
@@ -85,7 +85,6 @@ fi
 if [ "$VESPA_GROUP" = "" ]; then
     VESPA_GROUP=$(id -rgn)
 fi
-IS_ROOT=$([ "$(id -ru)" == "0" ] && echo true || echo false)
 
 cd $VESPA_HOME || { echo "Cannot cd to $VESPA_HOME" 1>&2; exit 1; }
 
@@ -95,21 +94,9 @@ fixdir () {
         exit 1
     fi
     mkdir -p "$4"
-    if ! $IS_ROOT; then
-        local stat="$(stat -c "%U %G" $4)"
-        local user=${stat% *}
-        local group=${stat#* }
-        if [ "$1" != "$user" ]; then
-            echo "Wrong owner for $VESPA_HOME/$4, expected $1, was $user"
-            exit 1
-        fi
-        if [ "$2" != "$group" ]; then
-            echo "Wrong group for $VESPA_HOME/$4, expected $2, was $group"
-            exit 1
-        fi
-    else
-        chown $1 "$4"
-        chgrp $2 "$4"
+    if [ "${VESPA_UNPRIVILEGED}" != yes ]; then
+      chown $1 "$4"
+      chgrp $2 "$4"
     fi
     chmod $3 "$4"
 }
@@ -143,9 +130,9 @@ fixdir ${VESPA_USER} ${VESPA_GROUP}   755  var/vespa/bundlecache
 fixdir ${VESPA_USER} ${VESPA_GROUP}   755  var/vespa/bundlecache/configserver
 fixdir ${VESPA_USER} ${VESPA_GROUP}   755  var/vespa/cache/config
 
-if [ "$(id -u)" -eq 0 ]; then
-    chown -hR ${VESPA_USER} logs/vespa
-    chown -hR ${VESPA_USER} var/db/vespa
+if [ "${VESPA_UNPRIVILEGED}" != yes ]; then
+  chown -hR ${VESPA_USER} logs/vespa
+  chown -hR ${VESPA_USER} var/db/vespa
 fi
 
 # END directory fixups
-- 
cgit v1.2.3