Add support for run as a custom user

Default to root for backwards compatibility

Author: darylrobbins

README.md

@@ -36,6 +36,8 @@ Attributes
 |<tt>['beaver']['ssh_key_file']</tt>|String|Basename of the keyfiles to generate|<tt>logger</tt>|
 |<tt>['beaver']['config_path']</tt>|String|Configuration path|<tt>/etc/beaver</tt>|
 |<tt>['beaver']['config_file']</tt>|String|Configuration file|<tt>beaver.conf</tt>|
+|<tt>['beaver']['user']</tt>|String|User to run service as|<tt>root</tt>|
+|<tt>['beaver']['group']</tt>|String|Group to run service as|<tt>root</tt>|
 |<tt>['beaver']['configuration']</tt>|Hash|Key/Value [configuration pairs](https://github.com/josegonzalez/beaver#configuration-file-options)|<tt>{ 'respawn_delay' => 3, 'max_failure' => 7 }|
 |<tt>['beaver']['files']</tt>|Array|Array containing hashes like `{ 'path' => '/var/log/syslog', 'type' => 'syslogs', 'tags' => 'sys, syslog' }` for files to watch|<tt>[]</tt>|
 |<tt>['beaver']['input_type']['tcp/ampq/etc']</tt>|Hash|Key/Value [input_types](http://beaver.readthedocs.org/en/latest/search.html?q=type&check_keywords=yes&area=default)|

attributes/default.rb

@@ -26,6 +26,8 @@
 
 default['beaver'] = {
   'version' => '31',
+  'user' => 'root',
+  'group' => 'root',
   'log_path' => '/var/log',
   'log_file' => 'beaver.log',
   'generate_keypair' => false,
@@ -52,4 +54,13 @@
       'tags' => 'auth'
     }
   ]
+else
+  default['beaver']['files'] = [
+    {
+      'path' => '/var/log/*log',
+      'type' => 'syslog',
+      'tags' => 'syslog',
+      'exclude' => 'beaver\.log'
+    }
+  ]
 end

providers/tail.rb

@@ -16,6 +16,8 @@ def whyrun_supported?
     t = template ::File.join(node['beaver']['config_path'], 'conf.d', new_resource.name) do
       source 'beaver-tail.conf.erb'
       cookbook new_resource.cookbook
+      user node['beaver']['user']
+      group node['beaver']['group']
       mode '0644'
       variables(
                   :name => new_resource.name,

recipes/default.rb

@@ -26,26 +26,52 @@
 
 include_recipe 'python'
 
+user node['beaver']['user'] do
+  action :create
+  comment "Beaver System User"
+  home node['beaver']['config_path']
+  system true
+  not_if { node['beaver']['user'] == 'root' }
+end
+
+group node['beaver']['group'] do
+  action :create
+  not_if { node['beaver']['group'] == 'root' }
+end
+
+group node['beaver']['group'] do
+  action :modify
+  members node['beaver']['user']
+  append true
+  not_if { node['beaver']['group'] == 'root' }
+end
+
 python_pip 'beaver' do
   version node['beaver']['version']
   action :install
 end
 
 directory node['beaver']['config_path'] do
-  owner 'root'
-  group 'root'
+  owner node['beaver']['user']
+  group node['beaver']['group']
   mode '0755'
   action :create
   recursive true
 end
 
 directory ::File.join(node['beaver']['config_path'], 'conf.d') do
-  owner 'root'
-  group 'root'
+  owner node['beaver']['user']
+  group node['beaver']['group']
   mode '0755'
   action :create
 end
 
+file "#{node['beaver']['log_path']}/#{node['beaver']['log_file']}" do
+  action :create
+  owner node['beaver']['user']
+  group node['beaver']['group']
+end
+
 include_recipe 'beaver::generate_keypair' if node['beaver']['generate_keypair']
 
 log_files = node['beaver']['files'].map do |each|
@@ -59,8 +85,8 @@
 
 template "#{node['beaver']['config_path']}/#{node['beaver']['config_file']}" do
   source 'beaver.conf.erb'
-  owner 'root'
-  group 'root'
+  owner node['beaver']['user']
+  group node['beaver']['group']
   mode '0644'
   variables(
     :beaver => node['beaver']['configuration'],
@@ -73,28 +99,31 @@
 if node['platform'] == 'ubuntu' && node['platform_version'].to_f >= 12.04
   template '/etc/init/beaver.conf' do
     source 'beaver-upstart.erb'
-    owner 'root'
-    group 'root'
+    owner node['beaver']['user']
+    group node['beaver']['group']
     mode '0644'
     variables(
       :config_path => node['beaver']['config_path'],
       :config_file => node['beaver']['config_file'],
       :log_path => node['beaver']['log_path'],
-      :log_file => node['beaver']['log_file']
+      :log_file => node['beaver']['log_file'],
+      :user => node['beaver']['user'],
+      :group => node['beaver']['group']
     )
     notifies :restart, 'service[beaver]'
   end
 else
   template '/etc/init.d/beaver' do
     source 'beaver-init.erb'
-    owner 'root'
-    group 'root'
+    owner node['beaver']['user']
+    group node['beaver']['group']
     mode '0755'
     variables(
       :config_path => node['beaver']['config_path'],
       :config_file => node['beaver']['config_file'],
       :log_path => node['beaver']['log_path'],
-      :log_file => node['beaver']['log_file']
+      :log_file => node['beaver']['log_file'],
+      :user => node['beaver']['user']
     )
     notifies :restart, 'service[beaver]'
   end

recipes/generate_keypair.rb

@@ -33,6 +33,10 @@
   creates private_key
 end
 
+execute 'Change ownership of keys to beaver user/group' do
+  command "chown #{node['beaver']['user']}:#{node['beaver']['group']} #{private_key} #{private_key}.pub"
+end
+
 if File.file?(private_key)
   public_key = File.open("#{private_key}.pub", 'rb') { |file| file.read }
   node.set['beaver']['public_key'] = public_key

templates/default/beaver-init.erb

@@ -22,7 +22,7 @@
 BEAVER_NAME='beaver'
 BEAVER_CMD='beaver -c <%= File.join(@config_path, @config_file) %> -l <%= File.join(@log_path, @log_file) %>'
 BEAVER_PID='/var/run/beaver.pid'
-BEAVER_USER='root'
+BEAVER_USER='<%= @user %>'
 BEAVER_LOG='<%= File.join(@log_path, @log_file) %>'
 
 

templates/default/beaver-upstart.erb

@@ -13,9 +13,9 @@ respawn
 respawn limit 5 30
 limit nofile 65550 65550
 
-setuid root
-setgid root
+setuid <%= @user %>
+setgid <%= @group %>
 
 script
-exec su root -l -c 'beaver -c <%= @config_path %>/<%= @config_file %> -l <%= @log_path %>/<%= @log_file %>'
+exec beaver -c <%= @config_path %>/<%= @config_file %> -l <%= @log_path %>/<%= @log_file %>
 end script

templates/default/beaver.conf.erb

@@ -11,4 +11,5 @@
   <% file["options"].each do |key, value| %>
 <%= "#{key}: #{value}" %>
   <% end %>
+
 <% end %>