public_git
/
unpoller_unpoller
mirror of https://github.com/unpoller/unpoller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Run as nobody on macos.

This commit is contained in:
David Newhall II 2019-06-08 03:22:10 -07:00
parent 7a34474d06
commit b3d5840422
3 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile
View File

@ -98,7 +98,7 @@ $(BINARY)-$(VERSION).pkg: check_fpm package_build_osx
package_build_osx: man macos package_build_osx: man macos
# Building package environment for macOS. # Building package environment for macOS.
mkdir -p $@/usr/local/bin $@/usr/local/etc/$(BINARY) $@/Library/LaunchAgents mkdir -p $@/usr/local/bin $@/usr/local/etc/$(BINARY) $@/Library/LaunchAgents
mkdir -p $@/usr/local/share/man/man1 $@/usr/local/share/doc/$(BINARY) $@/usr/local/var/log mkdir -p $@/usr/local/share/man/man1 $@/usr/local/share/doc/$(BINARY) $@/usr/local/var/log/unifi-poller
# Copying the binary, config file and man page into the env. # Copying the binary, config file and man page into the env.
cp $(BINARY).macos $@/usr/local/bin/$(BINARY) cp $(BINARY).macos $@/usr/local/bin/$(BINARY)
cp *.1.gz $@/usr/local/share/man/man1 cp *.1.gz $@/usr/local/share/man/man1
@ -144,6 +144,7 @@ install:
# If you installed with `make install` run `make uninstall` before installing a binary package. # If you installed with `make install` run `make uninstall` before installing a binary package.
# This will remove the package install from macOS, it will not remove a package install from Linux. # This will remove the package install from macOS, it will not remove a package install from Linux.
uninstall: uninstall:
@echo " ==> You must run make uninstall as root on Linux. Recommend not running as root on macOS."
[ -x /bin/systemctl ] && /bin/systemctl disable $(BINARY) || true [ -x /bin/systemctl ] && /bin/systemctl disable $(BINARY) || true
[ -x /bin/systemctl ] && /bin/systemctl stop $(BINARY) || true [ -x /bin/systemctl ] && /bin/systemctl stop $(BINARY) || true
[ -x /bin/launchctl ] && [ -f ~/Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist ] \ [ -x /bin/launchctl ] && [ -f ~/Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist ] \
@ -152,10 +153,10 @@ uninstall:
&& /bin/launchctl unload /Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist || true && /bin/launchctl unload /Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist || true
rm -rf /usr/local/{etc,bin,share/doc}/$(BINARY) rm -rf /usr/local/{etc,bin,share/doc}/$(BINARY)
rm -f ~/Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist rm -f ~/Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist
rm -f /Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist || true
rm -f /etc/systemd/system/$(BINARY).service /usr/local/share/man/man1/$(BINARY).1.gz rm -f /etc/systemd/system/$(BINARY).service /usr/local/share/man/man1/$(BINARY).1.gz
[ -x /bin/systemctl ] && /bin/systemctl --system daemon-reload || true [ -x /bin/systemctl ] && /bin/systemctl --system daemon-reload || true
@[ -f /Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist ] \ @[ -f /Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist ] && echo " ==> Unload and delete this file manually:" && echo " sudo launchctl unload /Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist" && echo " sudo rm -f /Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist" || true
&& echo " ==> Delete this file manually: sudo rm -f /Library/LaunchAgents/com.github.davidnewhall.$(BINARY).plist" || true
# Don't run this unless you're ready to debug untested vendored dependencies. # Don't run this unless you're ready to debug untested vendored dependencies.
deps: deps:

8
init/launchd/com.github.davidnewhall.unifi-poller.plist
View File

@ -15,8 +15,12 @@
<key>KeepAlive</key> <key>KeepAlive</key>
<true/> <true/>
<key>StandardErrorPath</key> <key>StandardErrorPath</key>
<string>/usr/local/var/log/unifi-poller.log</string> <string>/usr/local/var/log/unifi-poller/log</string>
<key>StandardOutPath</key> <key>StandardOutPath</key>
<string>/usr/local/var/log/unifi-poller.log</string> <string>/usr/local/var/log/unifi-poller/log</string>
<key>UserName</key>
<string>nobody</string>
<key>GroupName</key>
<string>nobody</string>
</dict> </dict>
</plist> </plist>

19
scripts/after-install.sh
View File

@ -9,18 +9,21 @@ if [ "$(uname -s)" = "Darwin" ]; then
cp /usr/local/etc/unifi-poller/up.conf.example /usr/local/etc/unifi-poller/up.conf cp /usr/local/etc/unifi-poller/up.conf.example /usr/local/etc/unifi-poller/up.conf
fi fi
# Allow admins to change the configuration and write logs. # Allow admins to change the configuration and delete the docs.
chgrp -R admin /usr/local/etc/unifi-poller chgrp -R admin /usr/local/etc/unifi-poller /usr/local/share/doc/unifi-poller
chmod -R g+wr /usr/local/etc/unifi-poller chmod -R g+wr /usr/local/etc/unifi-poller /usr/local/share/doc/unifi-poller
# Make sure admins can write logs. # Make sure admins can delete logs.
chgrp admin /usr/local/var/log chown -R nobody:admin /usr/local/var/log/unifi-poller
chmod g=rwx /usr/local/var/log chmod 0775 /usr/local/var/log/unifi-poller
chmod -R g+rw /usr/local/var/log/unifi-poller
# This starts it as root. no no no .... not sure how to fix that. # Restart the service - this starts the application as user nobody.
# launchctl load /Library/LaunchAgents/com.github.davidnewhall.unifi-poller.plist launchctl unload /Library/LaunchAgents/com.github.davidnewhall.unifi-poller.plist
launchctl load /Library/LaunchAgents/com.github.davidnewhall.unifi-poller.plist
elif [ -x "/bin/systemctl" ]; then elif [ -x "/bin/systemctl" ]; then
# Reload and restart - this starts the application as user nobody.
/bin/systemctl daemon-reload /bin/systemctl daemon-reload
/bin/systemctl enable unifi-poller /bin/systemctl enable unifi-poller
/bin/systemctl restart unifi-poller /bin/systemctl restart unifi-poller