switch to using runuser from su

debian/gitlab-check.sh

@@ -10,4 +10,4 @@ cd /usr/share/gitlab
 
 # Check gitlab is configured correctly
 printf "Check if Gitlab is configured correctly...\n"
-su ${gitlab_user} -s /bin/sh -c 'bundle exec rake gitlab:check'
+runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake gitlab:check'

debian/postinst

@@ -73,9 +73,9 @@ gitlab_user=$RET >/dev/null
 #######################################################################
 # update Gemfile.lock, always
 #######################################################################
-su ${gitlab_user} -s /bin/sh -c "truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
+runuser -u ${gitlab_user} -s /bin/sh -c "truncate -s 0 ${gitlab_data_dir}/Gemfile.lock"
 cd ${gitlab_app_root}
-if ! su ${gitlab_user} -s /bin/sh -c 'bundle --local --quiet'; then
+if ! runuser -u ${gitlab_user} -s /bin/sh -c 'bundle --local --quiet'; then
   if [ "$1" = "triggered" ]; then
     # probably triggered in the middle of an system upgrade; ignore failure
     # but abort here
@@ -128,8 +128,8 @@ case "$1" in
       chown -R ${gitlab_user}: $i
     done
 
-    su ${gitlab_user} -s /bin/sh -c "chmod 700 ${gitlab_uploads_path}"
-    su ${gitlab_user} -s /bin/sh -c 'git config --global core.autocrlf "input"'
+    runuser -u ${gitlab_user} -s /bin/sh -c "chmod 700 ${gitlab_uploads_path}"
+    runuser -u ${gitlab_user} -s /bin/sh -c 'git config --global core.autocrlf "input"'
 
     # Commands below needs to be run from gitlab_app_root
     cd ${gitlab_app_root}
@@ -311,16 +311,16 @@ case "$1" in
     db_stop
 
     # enable the pg_trgm extension
-    su postgres -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\""
+    runuser -u postgres -c "psql -d gitlab_production -c \"CREATE EXTENSION IF NOT EXISTS pg_trgm;\""
 
     # Remove Gemfile.lock if present
     rm -f ${gitlab_data_dir}/Gemfile.lock
 
     # Create Gemfile.lock and .secret in /var/lib/gitlab
-    su ${gitlab_user} -s /bin/sh -c "touch ${gitlab_data_dir}/Gemfile.lock"
+    runuser -u ${gitlab_user} -s /bin/sh -c "touch ${gitlab_data_dir}/Gemfile.lock"
 
     echo "Verifying we have all required libraries..."
-    su ${gitlab_user} -s /bin/sh -c 'bundle install --without development test --local'
+    runuser -u ${gitlab_user} -s /bin/sh -c 'bundle install --without development test --local'
         
     echo "Running final rake tasks and tweaks..."
     . /usr/lib/gitlab/scripts/rake-tasks.sh

debian/postrm

@@ -71,7 +71,7 @@ ${gitlab_data_dir}; do
             # Do only if gitlab_user is set
             if command -v dropdb >/dev/null; then
                 echo "Removing Database: gitlab_production"
-                if su ${gitlab_user} -c 'psql gitlab_production -c ""' ; then su postgres -c "dropdb gitlab_production"; fi
+                if runuser -u ${gitlab_user} -c 'psql gitlab_production -c ""' ; then su postgres -c "dropdb gitlab_production"; fi
             else
                 echo "dropdb command not found. Hence not removing database."
            fi

debian/rake-tasks.sh

@@ -9,21 +9,21 @@ export DB RAILS_ENV
 cd /usr/share/gitlab
 
 # Check if the db is already present
-if [ "$(LANG=C su postgres -c "psql gitlab_production -c \"\d\"")" = \
+if [ "$(LANG=C runuser -u postgres -c "psql gitlab_production -c \"\d\"")" = \
 "No relations found." ]; then
   echo "Initializing database..."
   test -f ${gitlab_home}/db/schema.rb || \
-  su ${gitlab_user} -s /bin/sh -c\
+  runuser -u ${gitlab_user} -s /bin/sh -c\
   "cp ${gitlab_data_dir}/db/schema.rb.template ${gitlab_data_dir}/db/schema.rb"
-  su ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:schema:load'
-  su ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:seed_fu'
+  runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:schema:load'
+  runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:seed_fu'
 else
   echo "gitlab_production database is not empty, skipping gitlab setup"
-  su ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:migrate'
+  runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake db:migrate'
 fi
 
 # Restrict permissions for secret files
 chmod 0700 ${gitlab_data_dir}/.gitlab_shell_secret
 
 echo "Precompiling assets..."
-su ${gitlab_user} -s /bin/sh -c 'bundle exec rake tmp:cache:clear assets:precompile'
+runuser -u ${gitlab_user} -s /bin/sh -c 'bundle exec rake tmp:cache:clear assets:precompile'