rpm,deb: add cephdaemon user and sudoers file

Signed-off-by: Sage Weil <sage@redhat.com>

1 files changed, 24 insertions, 0 deletions

diff --git a/ceph.spec.in b/ceph.spec.in
index 9584d68f33d..dd771a04be3 100644
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -1345,6 +1345,7 @@ install -m 0644 -D udev/50-rbd.rules %{buildroot}%{_udevrulesdir}/50-rbd.rules
 
 # sudoers.d
 install -m 0600 -D sudoers.d/ceph-osd-smartctl %{buildroot}%{_sysconfdir}/sudoers.d/ceph-osd-smartctl
+install -m 0600 -D sudoers.d/cephdaemon %{buildroot}%{_sysconfdir}/sudoers.d/cephdaemon
 
 %if 0%{?rhel} >= 8
 pathfix.py -pni "%{__python3} %{py3_shbang_opts}" %{buildroot}%{_bindir}/*
@@ -1492,8 +1493,31 @@ if [ $1 -ge 1 ] ; then
   fi
 fi
 
+%pre daemon
+# create user
+if ! getent passwd | grep -q '^cephdaemon:'; then
+   useradd -r -s /bin/bash -c "Ceph-daemon user for mgr/ssh" -m cephdaemon
+fi
+# set up (initially empty) .ssh/authorized_keys file
+if ! test -d /home/cephdaemon/.ssh; then
+   mkdir /home/cephdaemon/.ssh
+   chown --reference /home/cephdaemon /home/cephdaemon/.ssh
+   chmod 0700 /home/cephdaemon/.ssh
+fi
+if ! test -e /home/cephdaemon/.ssh/authorized_keys; then
+   touch /home/cephdaemon/.ssh/authorized_keys
+   chown --reference /home/cephdaemon /home/cephdaemon/.ssh/authorized_keys
+   chmod 0600 /home/cephdaemon/.ssh/authorized_keys
+fi
+exit 0
+
+%postun daemon
+userdel -r cephdaemon || true
+exit 0
+
 %files daemon
 %{_sbindir}/ceph-daemon
+%{_sysconfdir}/sudoers.d/cephdaemon
 
 %files common
 %dir %{_docdir}/ceph