[guacd] Run service as user and set $HOME

Simone Caronni slaanesh at fedoraproject.org
Wed Jan 30 15:35:49 UTC 2013 

commit 766598f411591f9c8507050e83db4b486e21f86c
Author: Simone Caronni <negativo17 at gmail.com>
Date:   Wed Jan 30 16:35:35 2013 +0100

    Run service as user and set $HOME

 guacd.init    |    4 ++++
 guacd.service |    3 +++
 guacd.spec    |   16 +++++++++++++++-
 3 files changed, 22 insertions(+), 1 deletions(-)
---
diff --git a/guacd.init b/guacd.init
index b9f1cae..3bc421c 100644
--- a/guacd.init
+++ b/guacd.init
@@ -25,6 +25,10 @@ OPTS="$OPTS -p /var/run/$prog.pid"
 
 [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
 
+# Ensure $HOME is set properly, even if environment is clear
+USER=`whoami`
+export HOME=`sh -c "echo ~$USER"`
+
 lockfile=/var/lock/subsys/$prog
 
 start() {
diff --git a/guacd.service b/guacd.service
index 1178ecf..b87489f 100644
--- a/guacd.service
+++ b/guacd.service
@@ -6,8 +6,11 @@ After=network.target
 
 [Service]
 EnvironmentFile=-/etc/sysconfig/guacd
+Environment=HOME=`sh -c "echo ~%U"`
 ExecStart=/usr/sbin/guacd -f $OPTS
 Restart=always
+User=guacd
+Group=guacd
 
 [Install]
 WantedBy=multi-user.target
diff --git a/guacd.spec b/guacd.spec
index e2fd317..ed91402 100644
--- a/guacd.spec
+++ b/guacd.spec
@@ -1,3 +1,5 @@
+%global username guacd
+
 Name:           guacd
 Version:        0.7.0
 Release:        2%{?dist}
@@ -37,6 +39,8 @@ Requires(preun):        /sbin/service
 Requires(postun):       /sbin/service
 %endif
 
+Requires(pre):          shadow-utils
+
 %description
 Guacamole is an HTML5 web application that provides access to desktop
 environments using remote desktop protocols such as VNC or RDP. A centralized
@@ -61,6 +65,7 @@ make %{?_smp_mflags} CFLAGS="%{optflags}"
 make install DESTDIR=%{buildroot} INSTALL="install -p"
 mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
 install -p -m 644 -D %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
+mkdir -p %{buildroot}%{_sharedstatedir}/%{name}
 
 %if 0%{?fedora} >= 16 || 0%{?rhel} >= 7
 
@@ -78,6 +83,12 @@ install -p -m 755 -D %{SOURCE3} %{buildroot}%{_initrddir}/%{name}
 
 %if 0%{?fedora} == 16 || 0%{?fedora} == 17
 
+%pre
+getent group %username >/dev/null || groupadd -r %username &>/dev/null || :
+getent passwd %username >/dev/null || useradd -r -s /sbin/nologin \
+    -d %{_sharedstatedir}/guacd -M -c 'Guacamole proxy daemon' -g %username %username &>/dev/null || :
+exit 0
+
 %post
 if [ $1 -eq 1 ] ; then
     # Initial installation
@@ -141,11 +152,14 @@ fi
 %else
 %{_initrddir}/%{name}
 %endif
+%attr(750,%{username},%{username}) %{_sharedstatedir}/%{name}
 
 %changelog
-* Wed Jan 09 2013 Simone Caronni <negativo17 at gmail.com> - 0.7.0-2
+* Wed Jan 30 2013 Simone Caronni <negativo17 at gmail.com> - 0.7.0-2
 - Updated init script according to Fedora template.
   https://fedoraproject.org/wiki/Packaging:SysVInitScript?rd=Packaging/SysVInitScript
+- Run daemon as guacd user/group.
+- Make sure $HOME is set before starting the daemon or the child crashes.
 
 * Thu Dec 13 2012 Simone Caronni <negativo17 at gmail.com> - 0.7.0-1
 - Updated to 0.7.0.

More information about the scm-commits mailing list