cryptonas/debian/postinst

43 lines
1.4 KiB
Bash
Executable file

#!/bin/sh
# read the default setting file, if it exists
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
# parse config file
if test -e "$CONF_FILE"
then . "$CONF_FILE"
# create mount and config directories with appropriate permissions
test ! -e "$LOG_FILE" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE"
fi
if getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null
then # do nothing - the user already exists
true
else # create cryptobox user
echo "Creating new user '$CRYPTOBOX_USER' ..."
USER_HOME=/var/lib/cryptobox
adduser --system --group --home "$USER_HOME" cryptobox
# add the user to the group "plugdev" (necessary for pmount)
adduser cryptobox plugdev
cp -r "$CONFIG_DEFAULTS_DIR" "$USER_HOME/config"
mkdir "$USER_HOME/mnt"
chown -R ${CRYPTOBOX_USER}: "$USER_HOME"
# only members of the cryptobox group may access the user directory
chmod 750 "$USER_HOME"
# no one may look into the config directory (protect init passwords)
chmod 700 "$USER_HOME/config"
fi
# set permissions for suid wrappers
chown root:$CRYPTOBOX_USER "/usr/lib/cryptobox/cryptobox_root_wrapper"
chmod 4750 "/usr/lib/cryptobox/cryptobox_root_wrapper"
chown $CRYPTOBOX_USER: "/usr/lib/cgi-bin/cryptobox"
chmod 6755 "/usr/lib/cgi-bin/cryptobox"
#DEBHELPER#
true