From b5acc79a80ec4be34cd1aef6dd67c201d69f0a23 Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Mon, 26 Aug 2024 09:50:50 +0200 Subject: [PATCH 1/6] feat: Do not change permissions on existing data directory --- snap/hooks/install | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/snap/hooks/install b/snap/hooks/install index c0f43d2..f90ec20 100755 --- a/snap/hooks/install +++ b/snap/hooks/install @@ -1,15 +1,32 @@ #!/bin/bash +# Installation hook for charmed-mongodb snap set -eux +export CONF="${SNAP_DATA}/etc/mongod" +export PBM_CONF="${SNAP_DATA}/etc/pbm/" +export DATA="${SNAP_COMMON}/var/lib/mongodb" +export LOG="${SNAP_COMMON}/var/log/mongodb" + +# If the $DATA dir is not there yet, create it +if [ stat -c '%u' "$DATA" == 0 -o ! -d "$DATA" ]; then + mkdir -p $DATA + mkdir -p $LOG + chmod g+s "${LOG}"/* + chown -R 584788:root "${SNAP_COMMON}"/* + chgrp root "${LOG}"* +else + mkdir -p $LOG + chmod g+s "$LOG"* + chgrp root "${LOG}"* +fi + # Create the necessary parent directories -mkdir -p "${SNAP_DATA}/etc/pbm/" -mkdir -p "${SNAP_DATA}/etc/mongod/" -mkdir -p "${SNAP_COMMON}/var/lib/mongodb/" -mkdir -p "${SNAP_COMMON}/var/log/mongodb/" +mkdir -p "${PBM_CONF}" +mkdir -p "${CONF}" # Copy over the mongod.conf and create needed directories/files -MONGO_CONFIG_FILE="${SNAP_DATA}/etc/mongod/mongod.conf" +MONGO_CONFIG_FILE="${CONF}/mongod.conf" echo "configuration file does not exist." echo "copying default config to ${MONGO_CONFIG_FILE}" cp -r ${SNAP}/etc/mongod.conf ${MONGO_CONFIG_FILE} @@ -17,12 +34,9 @@ cp -r ${SNAP}/etc/mongod.conf ${MONGO_CONFIG_FILE} # mongod.conf default values are not consistent with the snap directory system. sed -i "s/fork: true/fork: false/g" $MONGO_CONFIG_FILE -sed -i "s:/var/log/mongodb:$SNAP_COMMON/var/log/mongodb:g" $MONGO_CONFIG_FILE -sed -i "s:/var/lib/mongodb:$SNAP_COMMON/var/lib/mongodb:g" $MONGO_CONFIG_FILE +sed -i "s:/var/log/mongodb:$LOG:g" $MONGO_CONFIG_FILE +sed -i "s:/var/lib/mongodb:$DATA:g" $MONGO_CONFIG_FILE sed -i "s:/var/run:/tmp:g" $MONGO_CONFIG_FILE # Change ownership of snap directories to allow snap_daemon to read/write -chmod g+s "${SNAP_COMMON}/var/log/"* chown -R 584788:root "${SNAP_DATA}"/* -chown -R 584788:root "${SNAP_COMMON}"/* -chgrp root "${SNAP_COMMON}/var/log/"* \ No newline at end of file From ebf7ff3effafa3b33be6fe174c3c114aa6eef53a Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Mon, 26 Aug 2024 12:58:29 +0200 Subject: [PATCH 2/6] fix: better file, handle log and lib --- snap/hooks/install | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/snap/hooks/install b/snap/hooks/install index f90ec20..b5fe229 100755 --- a/snap/hooks/install +++ b/snap/hooks/install @@ -1,32 +1,33 @@ -#!/bin/bash +#!/usr/bin/env bash # Installation hook for charmed-mongodb snap set -eux -export CONF="${SNAP_DATA}/etc/mongod" -export PBM_CONF="${SNAP_DATA}/etc/pbm/" -export DATA="${SNAP_COMMON}/var/lib/mongodb" -export LOG="${SNAP_COMMON}/var/log/mongodb" +export CONF="${SNAP_DATA}"/etc/mongod +export PBM_CONF="${SNAP_DATA}"/etc/pbm +export DATA="${SNAP_COMMON}"/var/lib/mongodb +export LOGS="${SNAP_COMMON}"/var/log/mongodb +export MONGO_CONFIG_FILE="${CONF}"/mongod.conf + +# Create the necessary parent directories +mkdir -p $DATA +mkdir -p $LOGS +mkdir -p $PBM_CONF +mkdir -p $CONF -# If the $DATA dir is not there yet, create it if [ stat -c '%u' "$DATA" == 0 -o ! -d "$DATA" ]; then - mkdir -p $DATA - mkdir -p $LOG - chmod g+s "${LOG}"/* - chown -R 584788:root "${SNAP_COMMON}"/* - chgrp root "${LOG}"* -else - mkdir -p $LOG - chmod g+s "$LOG"* - chgrp root "${LOG}"* + chmod -R 770 "${SNAP_COMMON}" + chmod 750 "${DATA}" fi -# Create the necessary parent directories -mkdir -p "${PBM_CONF}" -mkdir -p "${CONF}" +if [ stat -c '%u' "$LOGS" == 0 -o ! -d "$LOGS" ]; then + chmod -R 770 "${LOGS}" + chmod g+s "$LOGS"/* +fi + +chown -R 584788:root "${SNAP_COMMON}"/* # Copy over the mongod.conf and create needed directories/files -MONGO_CONFIG_FILE="${CONF}/mongod.conf" echo "configuration file does not exist." echo "copying default config to ${MONGO_CONFIG_FILE}" cp -r ${SNAP}/etc/mongod.conf ${MONGO_CONFIG_FILE} @@ -34,7 +35,7 @@ cp -r ${SNAP}/etc/mongod.conf ${MONGO_CONFIG_FILE} # mongod.conf default values are not consistent with the snap directory system. sed -i "s/fork: true/fork: false/g" $MONGO_CONFIG_FILE -sed -i "s:/var/log/mongodb:$LOG:g" $MONGO_CONFIG_FILE +sed -i "s:/var/log/mongodb:$LOGS:g" $MONGO_CONFIG_FILE sed -i "s:/var/lib/mongodb:$DATA:g" $MONGO_CONFIG_FILE sed -i "s:/var/run:/tmp:g" $MONGO_CONFIG_FILE From 792224272801d9874c974d2b407a5c327fa90a2e Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Mon, 26 Aug 2024 16:28:44 +0200 Subject: [PATCH 3/6] fix: right permissions to be set --- snap/hooks/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snap/hooks/install b/snap/hooks/install index b5fe229..2f76af2 100755 --- a/snap/hooks/install +++ b/snap/hooks/install @@ -21,7 +21,7 @@ if [ stat -c '%u' "$DATA" == 0 -o ! -d "$DATA" ]; then fi if [ stat -c '%u' "$LOGS" == 0 -o ! -d "$LOGS" ]; then - chmod -R 770 "${LOGS}" + chmod -R 770 "${SNAP_COMMON}" chmod g+s "$LOGS"/* fi From 5486519fffdba305458ec9f0999eb418d1ace128 Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Tue, 27 Aug 2024 16:32:42 +0200 Subject: [PATCH 4/6] fix: add documentation --- snap/hooks/install | 2 ++ 1 file changed, 2 insertions(+) diff --git a/snap/hooks/install b/snap/hooks/install index 2f76af2..999224d 100755 --- a/snap/hooks/install +++ b/snap/hooks/install @@ -15,11 +15,13 @@ mkdir -p $LOGS mkdir -p $PBM_CONF mkdir -p $CONF +# If we just created the directory, we set up permissions if [ stat -c '%u' "$DATA" == 0 -o ! -d "$DATA" ]; then chmod -R 770 "${SNAP_COMMON}" chmod 750 "${DATA}" fi +# If we just created the directory, we set up permissions if [ stat -c '%u' "$LOGS" == 0 -o ! -d "$LOGS" ]; then chmod -R 770 "${SNAP_COMMON}" chmod g+s "$LOGS"/* From 47009dc4251d16e961f1a4852bed7fcb91db1d3b Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Wed, 28 Aug 2024 09:30:04 +0200 Subject: [PATCH 5/6] fix: remove useless checks --- snap/hooks/install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/snap/hooks/install b/snap/hooks/install index 999224d..e65f13e 100755 --- a/snap/hooks/install +++ b/snap/hooks/install @@ -16,13 +16,13 @@ mkdir -p $PBM_CONF mkdir -p $CONF # If we just created the directory, we set up permissions -if [ stat -c '%u' "$DATA" == 0 -o ! -d "$DATA" ]; then +if [ stat -c '%u' "$DATA" == 0 ]; then chmod -R 770 "${SNAP_COMMON}" chmod 750 "${DATA}" fi # If we just created the directory, we set up permissions -if [ stat -c '%u' "$LOGS" == 0 -o ! -d "$LOGS" ]; then +if [ stat -c '%u' "$LOGS" == 0 ]; then chmod -R 770 "${SNAP_COMMON}" chmod g+s "$LOGS"/* fi From e8557605a910c7074a5cf7d3f88ecb49ff851173 Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Wed, 2 Oct 2024 15:26:27 +0200 Subject: [PATCH 6/6] fix: chdir to $SNAP before running command Allows to run the command because mongosh tries to cd to itself with the snap_daemon user. --- snap/local/drop_priv.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/snap/local/drop_priv.sh b/snap/local/drop_priv.sh index 37294bc..a258b23 100755 --- a/snap/local/drop_priv.sh +++ b/snap/local/drop_priv.sh @@ -4,13 +4,14 @@ export PBM_MONGODB_URI="$(snapctl get pbm-uri)" if [[ $(id -u) == "0" ]]; then - -exec "${SNAP}"/usr/bin/setpriv \ + exec bash -c "cd ${SNAP} && \ + ${SNAP}/usr/bin/setpriv \ --clear-groups \ --reuid snap_daemon \ - --regid snap_daemon -- \ - "$SNAP/usr/bin/$@" + --regid snap_daemon \ + -- \ + ${SNAP}/usr/bin/$*" else - -exec "$SNAP/usr/bin/$@" + exec bash -c "cd ${SNAP} && \ + ${SNAP}/usr/bin/$*" fi