1 #!/bin/bash 2 3 # From http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s-bpp-lower-privs 4 5 set -e 6 7 case "$1" in 8 install|upgrade|configure) 9 10 # Add the kolab user and group accounts 11 getent group kolab &>/dev/null || addgroup --quiet --system --gid 412 kolab &>/dev/null 12 getent passwd kolab &>/dev/null || \ 13 adduser --quiet --system \ 14 --uid 412 --gid 412 --disabled-password \ 15 --home /var/lib/kolab \ 16 --gecos "Kolab System Account" kolab &>/dev/null || : 17 18 gpasswd -a www-data kolab >/dev/null 2>&1 || : 19 20 getent group kolab-n &>/dev/null || addgroup --quiet --system --gid 413 kolab-n &>/dev/null 21 getent passwd kolab-n &>/dev/null || \ 22 adduser --quiet --system \ 23 --uid 413 --gid 413 --disabled-password \ 24 --home /var/lib/kolab \ 25 --gecos "Kolab System Account (N)" kolab-n &>/dev/null || : 26 gpasswd -a kolab-n kolab &>/dev/null || : 27 28 getent group kolab-r &>/dev/null || addgroup --system --gid 414 kolab-r &>/dev/null 29 getent passwd kolab-r &>/dev/null || \ 30 adduser --quiet --system \ 31 --uid 414 --gid 414 --disabled-password \ 32 --home /var/lib/kolab \ 33 --gecos "Kolab System Account (R)" kolab-r &>/dev/null || : 34 35 # Re-base the POSIX permission set on to the reference platform 36 chown root:root /etc/kolab 37 chmod 755 /etc/kolab 38 chown kolab-n:kolab /etc/kolab/kolab.conf 39 chmod 640 /etc/kolab/kolab.conf 40 41 chown -R kolab:kolab-n /var/lib/kolab /var/log/kolab 42 chmod 775 /var/lib/kolab /var/log/kolab 43 44 if dpkg-statoverride --list /var/lib/kolab >/dev/null; then 45 dpkg-statoverride --remove /var/lib/kolab 46 fi 47 48 if dpkg-statoverride --list /var/log/kolab >/dev/null; then 49 dpkg-statoverride --remove /var/log/kolab 50 fi 51 52 dpkg-statoverride --update --add kolab kolab-n 775 /var/lib/kolab 53 dpkg-statoverride --update --add kolab kolab-n 775 /var/log/kolab 54 ;; 55 esac 56 57 #DEBHELPER#