On 2015-7-29 00:08 , Björn Raupach wrote:
> hi joshua,
>
>> On 28 Jul 2015, at 15:59, Joshua Root <j...@macports.org> wrote:
>>
>> On 2015-7-28 22:28 , Björn Raupach wrote:
>>> Dear group,
>>>
>>> I am new to Portfile development and have a problem with permissions for
>>> users and groups. At the moment I am trying to create a Portfile for Apache
>>> Tomcat 8. I would like to run Tomcat as non-root with a user `tomcat` and
>>> group `tomcat`. I am a bit lost.
>>>
>>> set catalina_home ${destroot}${prefix}/share/java/${name}
>>> set tomcat_user tomcat
>>> set tomcat_group tomcat
>>> add_users ${tomcat_user} group=${tomcat_group}
>>>
>>> I saw these lines in some other ports, for example couchdb, and figured
>>> that is the way to go even though I don’t find the macro add_users anywhere
>>> in the documentation.
>>>
>>> My destroot-phase currently looks like this:
>>>
>>> destroot {
>>> xinstall -m 755 -g ${tomcat_group} -d ${catalina_home}
>>>
>>> file copy \
>>> ${worksrcpath}/LICENSE \
>>> ${worksrcpath}/NOTICE \
>>> ${worksrcpath}/RELEASE-NOTES \
>>> ${worksrcpath}/RUNNING.txt \
>>> ${worksrcpath}/bin \
>>> ${worksrcpath}/conf \
>>> ${worksrcpath}/lib \
>>> ${worksrcpath}/logs \
>>> ${worksrcpath}/temp \
>>> ${worksrcpath}/webapps \
>>> ${worksrcpath}/work \
>>> ${catalina_home}
>>>
>>> xinstall -m 644 ${filespath}/setenv.sh
>>> ${catalina_home}/bin/setenv.sh.default
>>>
>>> # replace @PREFIX@ to ${prefix}
>>> reinplace "s|@PREFIX@|${prefix}|g" ${catalina_home}/bin/setenv.sh.default
>>> # replace @NAME@ to ${name}
>>> reinplace "s|@NAME@|${name}|g" ${catalina_home}/bin/setenv.sh.default
>>> }
>>>
>>> However `/opt/local/share/java/tomcat8` has the ownership `root:admin` and
>>> not `root:tomcat`.
>>
>> First try running the destroot target (rather than install) and check
>> the permissions on ${destroot}${prefix}/share/java/tomcat8. The destroot
>> dir will be in the path given by `port work tomcat8` BTW.
>
> Nice. I did not know I could do that. Thanks!
>
> Well, I checked. In the destroot-phase the permissions are like I want them
> to. The owner of the tomcat8 directory is `root` and the group is `tomcat`.
> After destroot I only have a post-activate phase that does not touch
> permissions.
>
> post-activate {
> if {![file exists ${prefix}/share/java/${name}/bin/setenv.sh]} {
> file copy ${prefix}/share/java/${name}/bin/setenv.sh.default \
> ${prefix}/share/java/${name}/bin/setenv.sh
> }
> }
(Please keep replies on the list.)
OK, so the ownership in the port image is probably OK. You can verify
that by running 'tar -vtjf $archive' where $archive is the .tbz2 file in
/opt/local/var/macports/software/tomcat8 when the port is installed.
Does the /opt/local/share/java/tomcat8 directory already exist? If it
does, it will not be modified when the port is activated. Ports don't
have exclusive ownership of directories like they do files, since
multiple ports can install files in the same directory.
- Josh
_______________________________________________
macports-dev mailing list
macports-dev@lists.macosforge.org
https://lists.macosforge.org/mailman/listinfo/macports-dev
