use consistent users/groups on rhel/debian (#730)

furlongm · web-flow · commit f5ec1dc1d870 · 2026-01-09T18:38:05.000-05:00
diff --git a/debian/python3-patchman.postinst b/debian/python3-patchman.postinst
@@ -22,12 +22,12 @@ if [ "$1" = "configure" ] ; then
     patchman-manage migrate --run-syncdb --fake-initial
     sqlite3 /var/lib/patchman/db/patchman.db 'PRAGMA journal_mode=WAL;'
 
-    chown -R www-data:www-data /var/lib/patchman
-    adduser --system --group patchman-celery
-    usermod -a -G www-data patchman-celery
-    chown root:patchman-celery /etc/patchman/celery.conf
+    adduser --quiet --system --group patchman
+    adduser --quiet www-data patchman
+    chown root:patchman /etc/patchman/celery.conf
     chmod 640 /etc/patchman/celery.conf
     chmod g+w /var/lib/patchman /var/lib/patchman/db /var/lib/patchman/db/patchman.db
+    chown -R patchman:patchman /var/lib/patchman
 
     WORKER_COUNT=1
     if [ -f /etc/patchman/celery.conf ]; then
diff --git a/etc/systemd/system/patchman-celery-beat.service b/etc/systemd/system/patchman-celery-beat.service
@@ -5,8 +5,8 @@ After=network-online.target
 
 [Service]
 Type=simple
-User=patchman-celery
-Group=patchman-celery
+User=patchman
+Group=patchman
 Environment="REDIS_HOST=127.0.0.1"
 Environment="REDIS_PORT=6379"
 EnvironmentFile=/etc/patchman/celery.conf
diff --git a/etc/systemd/system/patchman-celery-worker.service b/etc/systemd/system/patchman-celery-worker.service
@@ -5,8 +5,8 @@ After=network-online.target
 
 [Service]
 Type=simple
-User=patchman-celery
-Group=patchman-celery
+User=patchman
+Group=patchman
 Environment="REDIS_HOST=127.0.0.1"
 Environment="REDIS_PORT=6379"
 Environment="CELERY_POOL_TYPE=solo"
diff --git a/scripts/rpm-post-install.sh b/scripts/rpm-post-install.sh
@@ -25,15 +25,13 @@ patchman-manage makemigrations
 patchman-manage migrate --run-syncdb --fake-initial
 sqlite3 /var/lib/patchman/db/patchman.db 'PRAGMA journal_mode=WAL;'
 
-adduser --system --group patchman-celery
-usermod -a -G apache patchman-celery
-chown root:patchman-celery /etc/patchman/celery.conf
+adduser --system --shell /sbin/nologin patchman
+usermod -a -G patchman apache
+chown root:patchman /etc/patchman/celery.conf
 chmod 640 /etc/patchman/celery.conf
-
-chown -R apache:apache /var/lib/patchman
+chown -R patchman:patchman /var/lib/patchman
 semanage fcontext -a -t httpd_sys_rw_content_t "/var/lib/patchman/db(/.*)?"
 restorecon -Rv /var/lib/patchman/db
-setsebool -P httpd_can_network_memcache 1
 setsebool -P httpd_can_network_connect 1
 
 WORKER_COUNT=1
