Skip to content

Commit c306aae

Browse files
committed
tests: create intelmq user & group if running privileged
if the tests already run with an unprivileged user, all is good, but if running as root, intelmq won't be able to un-privilege itself if there's no intelmq user
1 parent 071f52e commit c306aae

File tree

2 files changed

+11
-1
lines changed

2 files changed

+11
-1
lines changed

.github/workflows/scripts/setup-full.sh

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,16 @@ done
3838
# Setup sudo and install intelmq
3939
sudo sed -i '/^Defaults\tsecure_path.*$/ d' /etc/sudoers
4040
sudo pip install .
41-
sudo intelmqsetup --skip-ownership
41+
42+
intelmq_user_exists=$(getent passwd intelmq ||:)
43+
if [[ "$UID" -eq '0' && -z "$intelmq_user_exists" ]]; then
44+
# create an unprivileged user, if currently running as root. Otherwise dropping privileges won't work
45+
groupadd -r intelmq
46+
useradd -r -d /var/lib/intelmq/ -c "user running intelmq" -g intelmq -s /bin/bash intelmq
47+
sudo intelmqsetup
48+
else
49+
sudo intelmqsetup --skip-ownership
50+
fi
4251

4352
# Initialize the postgres database
4453
intelmq_psql_initdb

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@
4242
### Tests
4343
- Install build dependencies for `pymssql` on Python 3.8 as there are no wheels available for this Python version (PR#2542 by Sebastian Wagner).
4444
- Install `psql` explicitly for workflow support on other platforms such as act (PR#2542 by Sebastian Wagner).
45+
- Create intelmq user & group if running privileged to allow dropping privileges (PR#2542 by Sebastian Wagner).
4546

4647
### Tools
4748

0 commit comments

Comments
 (0)