From b7f9cf33947039b5503a59f1ddffe2e48e67b61b Mon Sep 17 00:00:00 2001
From: Sebastian Wagner <sebix@sebix.at>
Date: Sat, 30 Nov 2024 21:48:54 +0100
Subject: [PATCH] tests: create intelmq user & group if running privileged

if the tests already run with an unprivileged user, all is good, but if
running as root, intelmq won't be able to un-privilege itself if there's
no intelmq user
---
 .github/workflows/scripts/setup-full.sh | 11 ++++++++++-
 CHANGELOG.md                            |  1 +
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scripts/setup-full.sh b/.github/workflows/scripts/setup-full.sh
index 7c18b9a25..e546c0e45 100644
--- a/.github/workflows/scripts/setup-full.sh
+++ b/.github/workflows/scripts/setup-full.sh
@@ -38,7 +38,16 @@ done
 # Setup sudo and install intelmq
 sudo sed -i '/^Defaults\tsecure_path.*$/ d' /etc/sudoers
 sudo pip install .
-sudo intelmqsetup --skip-ownership
+
+intelmq_user_exists=$(getent passwd intelmq ||:)
+if [[ "$UID" -eq '0' && -z "$intelmq_user_exists" ]]; then
+	# create an unprivileged user, if currently running as root. Otherwise dropping privileges won't work
+	groupadd -r intelmq
+	useradd -r -d /var/lib/intelmq/ -c "user running intelmq" -g intelmq -s /bin/bash intelmq
+	sudo intelmqsetup
+else
+	sudo intelmqsetup --skip-ownership
+fi
 
 # Initialize the postgres database
 intelmq_psql_initdb
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5c949140b..bb465f35e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -42,6 +42,7 @@
 ### Tests
 - Install build dependencies for `pymssql` on Python 3.8 as there are no wheels available for this Python version (PR#2542 by Sebastian Wagner).
 - Install `psql` explicitly for workflow support on other plattforms such as act (PR#2542 by Sebastian Wagner).
+- Create intelmq user & group if running privileged to allow dropping privileges (PR#2542 by Sebastian Wagner).
 
 ### Tools