[JENKINS-23273] Change ownership only if needed

* Now /var/cache%{name} /var/log/%{name} and workdir files are chowned only if parent folder is not already owned by appropriate user * Also added sticky bit to that folders so only the appropriate user can create files there
jenkinsci · Jan 16, 2017 · 679fbfe · 679fbfe
1 parent 5083f2e
commit 679fbfe
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/rpm/build/SPECS/jenkins.spec b/rpm/build/SPECS/jenkins.spec
@@ -79,6 +79,23 @@ rm -rf "%{buildroot}"
 %post
 /sbin/chkconfig --add %{name}
 
+# Ensure the right ownership on files only if not owned by JENKINS_USER
+. /etc/sysconfig/%{name}
+if test x"$JENKINS_INSTALL_SKIP_CHOWN" != "xtrue"; then
+    owner=$(ls -ld /var/cache/%{name} | awk 'NR==1 {print $3}')
+    if [ "$owner" != "${JENKINS_USER:-%{name}}" ] ; then
+        chown -R ${JENKINS_USER:-%{name}} /var/cache/%{name}
+    fi
+    owner=$(ls -ld /var/log/%{name} | awk 'NR==1 {print $3}')
+    if [ "$owner" != "${JENKINS_USER:-%{name}}" ] ; then
+        chown -R ${JENKINS_USER:-%{name}} /var/log/%{name}
+    fi
+    owner=$(ls -ld ${JENKINS_HOME:-%{workdir}}| awk 'NR==1 {print $3}')
+    if [ "$owner" != "${JENKINS_USER:-%{name}}" ] ; then
+        chown -R ${JENKINS_USER:-%{name}} ${JENKINS_HOME:-%{workdir}}
+    fi
+fi
+
 %preun
 if [ "$1" = 0 ] ; then
     # if this is uninstallation as opposed to upgrade, delete the service