44 lines
1.4 KiB
Bash
Executable File
44 lines
1.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# read the default setting file, if it exists
|
|
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
|
|
|
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
|
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
|
|
|
# parse config file
|
|
if test -e "$CONF_FILE"
|
|
then . "$CONF_FILE"
|
|
# create mount and config directories with appropriate permissions
|
|
test ! -e "$LOG_FILE" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE"
|
|
fi
|
|
|
|
if getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null
|
|
then # do nothing - the user already exists
|
|
true
|
|
else # create cryptobox user
|
|
echo "Creating new user '$CRYPTOBOX_USER' ..."
|
|
USER_HOME=/var/lib/cryptobox
|
|
adduser --system --group --home "$USER_HOME" cryptobox
|
|
# add the user to the group "plugdev" (necessary for pmount)
|
|
adduser cryptobox plugdev
|
|
cp -r "$CONFIG_DEFAULTS_DIR" "$USER_HOME/config"
|
|
mkdir "$USER_HOME/mnt"
|
|
chown -R ${CRYPTOBOX_USER}: "$USER_HOME"
|
|
# only members of the cryptobox group may access the user directory
|
|
chmod 750 "$USER_HOME"
|
|
# no one may look into the config directory (protect init passwords)
|
|
chmod 700 "$USER_HOME/config"
|
|
fi
|
|
|
|
# set permissions for suid wrappers
|
|
chown root:$CRYPTOBOX_USER "/usr/lib/cryptobox/cryptobox_root_wrapper"
|
|
chmod 4750 "/usr/lib/cryptobox/cryptobox_root_wrapper"
|
|
chown $CRYPTOBOX_USER: "/usr/lib/cgi-bin/cryptobox"
|
|
chmod 6755 "/usr/lib/cgi-bin/cryptobox"
|
|
|
|
#DEBHELPER#
|
|
|
|
true
|
|
|