Skip to content

Commit

Permalink
Fix permissions at systemd unit file (#7873)
Browse files Browse the repository at this point in the history
Systemd unit has wrong permissions. So systemd logs:

`Configuration file /lib/systemd/system/auditbeat.service is marked executable.
 Please remove executable permission bits. Proceeding anyway`
  • Loading branch information
ppanagiotis authored and andrewkroh committed Aug 7, 2018
1 parent d70fc41 commit 2b6d468
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 5 deletions.
30 changes: 26 additions & 4 deletions dev-tools/packaging/package_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,11 @@ const (
)

var (
configFilePattern = regexp.MustCompile(`.*beat\.yml|apm-server\.yml`)
manifestFilePattern = regexp.MustCompile(`manifest.yml`)
modulesDirPattern = regexp.MustCompile(`modules.d/$`)
modulesFilePattern = regexp.MustCompile(`modules.d/.+`)
configFilePattern = regexp.MustCompile(`.*beat\.yml|apm-server\.yml`)
manifestFilePattern = regexp.MustCompile(`manifest.yml`)
modulesDirPattern = regexp.MustCompile(`modules.d/$`)
modulesFilePattern = regexp.MustCompile(`modules.d/.+`)
systemdUnitFilePattern = regexp.MustCompile(`/lib/systemd/system/.*\.service`)
)

var (
Expand Down Expand Up @@ -101,6 +102,7 @@ func checkRPM(t *testing.T, file string) {
checkManifestOwner(t, p)
checkModulesPermissions(t, p)
checkModulesOwner(t, p)
checkSystemdUnitPermissions(t, p)
}

func checkDeb(t *testing.T, file string, buf *bytes.Buffer) {
Expand All @@ -116,6 +118,7 @@ func checkDeb(t *testing.T, file string, buf *bytes.Buffer) {
checkManifestOwner(t, p)
checkModulesPermissions(t, p)
checkModulesOwner(t, p)
checkSystemdUnitPermissions(t, p)
}

func checkTar(t *testing.T, file string) {
Expand Down Expand Up @@ -246,6 +249,25 @@ func checkModulesOwner(t *testing.T, p *packageFile) {
})
}

// Verify that the systemd unit file has a mode of 0644. It should not be
// executable.
func checkSystemdUnitPermissions(t *testing.T, p *packageFile) {
const expectedMode = os.FileMode(0644)
t.Run(p.Name+" systemd unit file permissions", func(t *testing.T) {
for _, entry := range p.Contents {
if systemdUnitFilePattern.MatchString(entry.File) {
mode := entry.Mode.Perm()
if expectedMode != mode {
t.Errorf("file %v has wrong permissions: expected=%v actual=%v",
entry.File, expectedMode, mode)
}
return
}
}
t.Errorf("no systemd unit file found matching %v", configFilePattern)
})
}

// Helpers

type packageFile struct {
Expand Down
2 changes: 1 addition & 1 deletion dev-tools/packaging/packages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ shared:
mode: 0755
/lib/systemd/system/{{.BeatServiceName}}.service:
template: '{{ elastic_beats_dir }}/dev-tools/packaging/templates/linux/systemd.unit.tmpl'
mode: 0755
mode: 0644
/etc/init.d/{{.BeatServiceName}}:
template: '{{ elastic_beats_dir }}/dev-tools/packaging/templates/{{.PackageType}}/init.sh.tmpl'
mode: 0755
Expand Down

0 comments on commit 2b6d468

Please sign in to comment.