Dynamically allocate users using sysusers.d format

Resolves: #2095403
Signed-off-by: Antonio Torres <antorres@redhat.com>
This commit is contained in:
Antonio Torres 2022-06-24 15:57:34 +02:00
parent a9061bf663
commit a45a010a91
No known key found for this signature in database
GPG Key ID: 359FAF777296F653
2 changed files with 12 additions and 9 deletions

View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
Version: 3.0.21
Release: 32%{?dist}
Release: 33%{?dist}
License: GPLv2+ and LGPLv2+
URL: http://www.freeradius.org/
@ -19,6 +19,7 @@ Source100: radiusd.service
Source102: freeradius-logrotate
Source103: freeradius-pam-conf
Source104: freeradius-tmpfiles.conf
Source105: freeradius.sysusers
Patch1: freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch
Patch2: freeradius-Use-system-crypto-policy-by-default.patch
@ -48,6 +49,7 @@ BuildRequires: systemd-units
BuildRequires: libtalloc-devel
BuildRequires: pcre-devel
BuildRequires: chrpath
BuildRequires: systemd-rpm-macros
%if ! 0%{?rhel}
BuildRequires: libyubikey-devel
@ -285,6 +287,7 @@ mkdir -p %{buildroot}%{_localstatedir}/run/
install -d -m 0710 %{buildroot}%{_localstatedir}/run/radiusd/
install -d -m 0700 %{buildroot}%{_localstatedir}/run/radiusd/tmp
install -m 0644 %{SOURCE104} %{buildroot}%{_tmpfilesdir}/radiusd.conf
install -p -D -m 0644 %{SOURCE105} %{buildroot}%{_sysusersdir}/freeradius.conf
# install SNMP MIB files
mkdir -p $RPM_BUILD_ROOT%{_datadir}/snmp/mibs/
@ -368,20 +371,13 @@ EOF
# Make sure our user/group is present prior to any package or subpackage installation
%pre
getent group radiusd >/dev/null || /usr/sbin/groupadd -r -g 95 radiusd > /dev/null 2>&1
getent passwd radiusd >/dev/null || /usr/sbin/useradd -r -g radiusd -u 95 -c "radiusd user" -d %{_localstatedir}/lib/radiusd -s /sbin/nologin radiusd > /dev/null 2>&1
exit 0
%sysusers_create_compat %{SOURCE105}
%preun
%systemd_preun radiusd.service
%postun
%systemd_postun_with_restart radiusd.service
if [ $1 -eq 0 ]; then # uninstall
getent passwd radiusd >/dev/null && /usr/sbin/userdel radiusd > /dev/null 2>&1
getent group radiusd >/dev/null && /usr/sbin/groupdel radiusd > /dev/null 2>&1
fi
exit 0
/bin/systemctl try-restart radiusd.service >/dev/null 2>&1 || :
@ -400,6 +396,7 @@ exit 0
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
%{_unitdir}/radiusd.service
%{_tmpfilesdir}/radiusd.conf
%{_sysusersdir}/freeradius.conf
%dir %attr(710,radiusd,radiusd) %{_localstatedir}/run/radiusd
%dir %attr(700,radiusd,radiusd) %{_localstatedir}/run/radiusd/tmp
%dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd
@ -861,6 +858,10 @@ exit 0
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
%changelog
* Fri Jun 24 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-33
- Dynamically allocate users using sysusers.d format
Resolves: #2095403
* Mon May 30 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-32
- Add WITH_FIPS macro to CFLAGS
Related: rhbz#2083699

2
freeradius.sysusers Normal file
View File

@ -0,0 +1,2 @@
#Type Name ID GECOS Home directory Shell
u radiusd - "radiusd user" /var/lib/radiusd /sbin/nologin