Skip to content

Commit

Permalink
don't start the zabbix server as root
Browse files Browse the repository at this point in the history 
the service got started as root, which is really bad. We now provide the
correct default user based on the operatingsystem, the user can
overwrite it and even start it as root if he wants (by passing
zabbix_user => undef).
  • Loading branch information
@bastelfreak
bastelfreak committed Jun 5, 2017
1 parent 3e38b3f commit aa53836
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 0 deletions.
1 change: 1 addition & 0 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,7 @@
$loadmodule = $zabbix::params::server_loadmodule,
Boolean $manage_selinux = $zabbix::params::manage_selinux,
String $additional_service_params = $zabbix::params::additional_service_params,
Optional[String[1]] $zabbix_user = $zabbix::params::server_zabbix_user,
) inherits zabbix::params {

class { '::zabbix::web':
Expand Down
4 changes: 4 additions & 0 deletions manifests/params.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
$agent_zabbix_user = 'zabbix'
$agent_config_group = 'zabbix'
$agent_pidfile = '/var/run/zabbix/zabbix_agentd.pid'
$server_zabbix_user = 'zabbix'
}
'Archlinux': {
$server_fpinglocation = '/usr/bin/fping'
Expand All @@ -38,6 +39,7 @@
$agent_zabbix_user = 'zabbix-agent'
$agent_config_group = 'zabbix-agent'
$agent_pidfile = undef
$server_zabbix_user = 'zabbix-server'
}
'Fedora': {
$server_fpinglocation = '/usr/sbin/fping'
Expand All @@ -51,6 +53,7 @@
$agent_zabbix_user = 'zabbix'
$agent_config_group = 'zabbix'
$agent_pidfile = '/var/run/zabbix/zabbix_agentd.pid'
$server_zabbix_user = 'zabbix'
}
default : {
$server_fpinglocation = '/usr/sbin/fping'
Expand All @@ -64,6 +67,7 @@
$agent_zabbix_user = 'zabbix'
$agent_config_group = 'zabbix'
$agent_pidfile = '/var/run/zabbix/zabbix_agentd.pid'
$server_zabbix_user = 'zabbix'
}
}

Expand Down
2 changes: 2 additions & 0 deletions manifests/server.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -373,6 +373,7 @@
$sslkeylocation_dir = $zabbix::params::server_sslkeylocation,
Boolean $manage_selinux = $zabbix::params::manage_selinux,
String $additional_service_params = $zabbix::params::additional_service_params,
Optional[String[1]] $zabbix_user = $zabbix::params::server_zabbix_user,
) inherits zabbix::params {

# the following codeblock is a bit blargh. The correct default value for
Expand Down Expand Up @@ -457,6 +458,7 @@
pidfile => $pidfile,
database_type => $database_type,
server_configfile_path => $server_configfile_path,
zabbix_user => $zabbix_user,
additional_service_params => $real_additional_service_params,
require => Package["zabbix-server-${db}"],
}
Expand Down
1 change: 1 addition & 0 deletions templates/zabbix-server-systemd.init.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ PrivateDevices=yes
PrivateTmp=yes
ProtectSystem=full
ProtectHome=yes
<% if @zabbix_user %>User=<%= @zabbix_user %><% end %>

[Install]
WantedBy=multi-user.target

0 comments on commit aa53836

Please sign in to comment.