Allow pkg_svc_user and pkg_svc_group to be overriden at runtime

[mwrock]

This is something that was brought up in this post. I'll copy the content here:

I can totally see a case for needing a “default” user, since everything has to be run as a user. But being unable to configure that user at run time, or worse being at the mercy of upstream, has the potential to cause lots of problems.

For instance: habitat-sh/core-plans#1705

Back in May it seems the plan was updated to use the hab user instead of the root user. For some reason, auto update wasn’t triggered until the release of the consul 1.2.1 package, which brought with it the change in user, bringing down my entire cluster.

If I were able to say “use this user” at runtime or “don’t honor the plan user” this would alleviate this issue.

Also a few other use cases:

Maybe I have a standard organization wide user for a service, everything seems to default to hab, but if I wanted to run “consul” and “vault” as something other than “hab” I end up writing my own plan, just to change the user. This seems like an anti-pattern to me.

Ok, well, that’s really the only other use case that comes to mind

This is definitely something I have run into as well in the Windows world where you often want to run a particular service under a pre established AD account that would be specific to an org but not a plan.

[predominant]

Yeah, I agree that this would be an amazing feature!

[qubitrenegade]

Actually, I thought of another use case, and that's service account naming standards. But that's more or less what @mwrock said :)

What about file ownership?

If we lay down config/foo.json as the hab:hab user, then restart the service as the bah:bah user, we can run into situations where files become unreadable. Especially on systems with restrictive umasks. (see: #1705)

We already gossip pkg.svc_user and pkg.svc_group, so the framework is there. My question is who owns the responsibility of managing those file permissions? Habitat or the plan owner?

If it's the plan owners, then every hooks/init should have a chown -R ${pkg.svc_user}:${pkg.svc_group} ${pkg.svc_config_path} ${pkg.svc_data_path} or similar. Having that in the init would have eliminated the problem in #1705 . But if every plan has to have that... Maybe habitat should just do that automatically?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We value your input and contribution. Please leave a comment if this issue still affects you.

[qubitrenegade]

bump?

…

On Fri, Apr 3, 2020 at 4:40 AM stale[bot] ***@***.***> wrote: This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We value your input and contribution. Please leave a comment if this issue still affects you. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#5351 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADSBHCMUNVQR3TIY6XRZFMTRKW4KBANCNFSM4FKO4VTA> .

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We value your input and contribution. Please leave a comment if this issue still affects you.

[stale]

This issue has been automatically closed after being stale for 400 days. We still value your input and contribution. Please re-open the issue if desired and leave a comment with details.