#!/bin/sh # read the default setting file, if it exists [ -e /etc/default/cryptobox ] && . /etc/default/cryptobox # set CONF_FILE to default value, if not configured in /etc/default/cryptobox CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf} # parse config file if test -e "$CONF_FILE" then . "$CONF_FILE" # create mount and config directories with appropriate permissions test ! -e "$LOG_FILE" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE" fi if getent passwd "$CRYPTOBOX_USER" &>/dev/null then # do nothing - the user already exists true else # create cryptobox user echo "Creating new user '$CRYPTOBOX_USER' ..." USER_HOME=/var/lib/cryptobox adduser --system --group --home "$USER_HOME" cryptobox # add the user to the group "plugdev" (necessary for pmount) adduser cryptobox plugdev cp -r "$CONFIG_DEFAULTS_DIR" "$USER_HOME/config" mkdir "$USER_HOME/mnt" chown -R ${CRYPTOBOX_USER}: "$USER_HOME" # only members of the cryptobox group may access the user directory chmod 750 "$USER_HOME" # no one may look into the config directory (protect init passwords) chmod 700 "$USER_HOME/config" fi # set permissions for suid wrappers chown root:$CRYPTOBOX_USER "/usr/lib/cryptobox/cryptobox_root_wrapper" chmod 4750 "/usr/lib/cryptobox/cryptobox_root_wrapper" chown $CRYPTOBOX_USER: "/usr/lib/cgi-bin/cryptobox" chmod 6755 "/usr/lib/cgi-bin/cryptobox" # add the cryptobox startup script to /etc/rc?.d update-rc.d cryptobox defaults invoke-rc.d cryptobox restart true