Packaging: Remove permission editing in postinst (#37242)

This commit removes permission editing commands from the postinst
scriptlet. Instead, we now fully configure the owner/group (as well as
sticky bit) for these files and directories.

closes #37143

distribution/packages/build.gradle

@@ -72,7 +72,7 @@ void addProcessFilesTask(String type, boolean oss) {
       MavenFilteringHack.filter(it, expansionsForDistribution(type, oss))
     }
 
-    into('config') {
+    into('etc/elasticsearch') {
       with configFiles(type, oss)
     }
     MavenFilteringHack.filter(it, expansionsForDistribution(type, oss))
@@ -173,19 +173,20 @@ Closure commonPackageConfig(String type, boolean oss) {
       configurationFile '/etc/elasticsearch/users'
       configurationFile '/etc/elasticsearch/users_roles'
     }
-    into('/etc/elasticsearch') {
-      dirMode 0750
+    into('/etc') {
+      dirMode 02750
       fileMode 0660
       permissionGroup 'elasticsearch'
       includeEmptyDirs true
       createDirectoryEntry true
       fileType CONFIG | NOREPLACE
-      from "${packagingFiles}/config"
+      from "${packagingFiles}/etc"
     }
     String envFile = expansionsForDistribution(type, false)['path.env']
     configurationFile envFile
     into(new File(envFile).getParent()) {
       fileType CONFIG | NOREPLACE
+      permissionGroup 'elasticsearch'
       fileMode 0660
       from "${packagingFiles}/env/elasticsearch"
     }
@@ -229,8 +230,8 @@ Closure commonPackageConfig(String type, boolean oss) {
       }
     }
     copyEmptyDir('/var/run/elasticsearch', 'elasticsearch', 'elasticsearch', 0755)
-    copyEmptyDir('/var/log/elasticsearch', 'elasticsearch', 'elasticsearch', 0750)
-    copyEmptyDir('/var/lib/elasticsearch', 'elasticsearch', 'elasticsearch', 0750)
+    copyEmptyDir('/var/log/elasticsearch', 'elasticsearch', 'elasticsearch', 02750)
+    copyEmptyDir('/var/lib/elasticsearch', 'elasticsearch', 'elasticsearch', 02750)
     copyEmptyDir('/usr/share/elasticsearch/plugins', 'root', 'root', 0755)
 
     // the oss package conflicts with the default distribution and vice versa

distribution/packages/src/common/scripts/postinst

@@ -93,16 +93,6 @@ elif [ "$RESTART_ON_UPGRADE" = "true" ]; then
     echo " OK"
 fi
 
-chown -R elasticsearch:elasticsearch /var/lib/elasticsearch
-chown -R elasticsearch:elasticsearch /var/log/elasticsearch
-chown -R root:elasticsearch /etc/elasticsearch
-chmod g+s /etc/elasticsearch
-chmod 0750 /etc/elasticsearch
-
-if [ -f ${path.env} ]; then
-    chown root:elasticsearch ${path.env}
-fi
-
 # the equivalent code for rpm is in posttrans
 if [ "$PACKAGE" = "deb" -a ! -f /etc/elasticsearch/elasticsearch.keystore ]; then
     /usr/share/elasticsearch/bin/elasticsearch-keystore create

qa/vagrant/src/test/resources/packaging/utils/packages.bash

@@ -114,8 +114,8 @@ verify_package_installation() {
     assert_file "$ESCONFIG/elasticsearch.yml" f root elasticsearch 660
     assert_file "$ESCONFIG/jvm.options" f root elasticsearch 660
     assert_file "$ESCONFIG/log4j2.properties" f root elasticsearch 660
-    assert_file "$ESDATA" d elasticsearch elasticsearch 750
-    assert_file "$ESLOG" d elasticsearch elasticsearch 750
+    assert_file "$ESDATA" d elasticsearch elasticsearch 2750
+    assert_file "$ESLOG" d elasticsearch elasticsearch 2750
     assert_file "$ESPLUGINS" d root root 755
     assert_file "$ESMODULES" d root root 755
     assert_file "$ESPIDDIR" d elasticsearch elasticsearch 755