#!/bin/sh

# read the default setting file, if it exists
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox

# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}

# parse config file
if test -e "$CONF_FILE"
	then	. "$CONF_FILE"
			# create mount and config directories with appropriate permissions
			test ! -e "$LOG_FILE" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE"
  fi

if getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null
  then	# do nothing - the user already exists
  		true
  else	# create cryptobox user
	echo "Creating new user '$CRYPTOBOX_USER' ..."
	USER_HOME=/var/lib/cryptobox
	adduser --system --group --home "$USER_HOME" cryptobox
	# add the user to the group "plugdev" (necessary for pmount)
	adduser cryptobox plugdev
	cp -r "$CONFIG_DEFAULTS_DIR" "$USER_HOME/config"
	mkdir "$USER_HOME/mnt"
	chown -R ${CRYPTOBOX_USER}: "$USER_HOME"
	# only members of the cryptobox group may access the user directory
	chmod 750 "$USER_HOME"
	# no one may look into the config directory (protect init passwords)
	chmod 700 "$USER_HOME/config"
 fi

# set permissions for suid wrappers
chown root:$CRYPTOBOX_USER "/usr/lib/cryptobox/cryptobox_root_wrapper"
chmod 4750 "/usr/lib/cryptobox/cryptobox_root_wrapper"
chown $CRYPTOBOX_USER: "/usr/lib/cgi-bin/cryptobox"
chmod 6755 "/usr/lib/cgi-bin/cryptobox"

#DEBHELPER#

true