From 45100f4c43b1d7c10aee311c0ce5ab754c76e8b0 Mon Sep 17 00:00:00 2001
From: Adam Dickmeiss <adam@indexdata.dk>
Date: Wed, 28 Mar 2012 13:08:34 +0200
Subject: [PATCH] Debian: metaproxy running as user "metaproxy"

New scripts to create and remove this user during installation
and removal.
---
 debian/metaproxy.default  |    8 ++++++-
 debian/metaproxy.postinst |   53 +++++++++++++++++++++++++++++++++++++++++
 debian/metaproxy.postrm   |   58 +++++++++++++++++++++++++++++++++++++++++++++
 debian/metaproxy.prerm    |    3 +++
 4 files changed, 121 insertions(+), 1 deletion(-)
 create mode 100644 debian/metaproxy.postinst
 create mode 100644 debian/metaproxy.postrm
 create mode 100644 debian/metaproxy.prerm

diff --git a/debian/metaproxy.default b/debian/metaproxy.default
index 08ef829..b17a343 100644
--- a/debian/metaproxy.default
+++ b/debian/metaproxy.default
@@ -6,5 +6,11 @@
 # This is a POSIX shell fragment
 #
 
+# User and HOME of metaproxy daemon
+SERVER_HOME=/var/metaproxy
+SERVER_USER=metaproxy
+SERVER_GROUP=metaproxy
+SERVER_NAME="Metaproxy user"
+
 # Additional options that are passed to the Daemon.
-DAEMON_OPTS="-D -u nobody -p /var/run/metaproxy.pid -l /var/log/metaproxy.log -c /etc/metaproxy/metaproxy.xml"
+DAEMON_OPTS="-D -u ${SERVER_USER} -p /var/run/metaproxy.pid -l /var/log/metaproxy.log -c /etc/metaproxy/metaproxy.xml"
diff --git a/debian/metaproxy.postinst b/debian/metaproxy.postinst
new file mode 100644
index 0000000..45bbfac
--- /dev/null
+++ b/debian/metaproxy.postinst
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+    configure)
+    [ -f /etc/default/metaproxy ] && . /etc/default/metaproxy
+
+    [ -z "$SERVER_HOME" ] && SERVER_HOME=/var/metaproxy
+    [ -z "$SERVER_USER" ] && SERVER_USER=metaproxy
+    [ -z "$SERVER_NAME" ] && SERVER_NAME="Metaproxy user"
+    [ -z "$SERVER_GROUP" ] && SERVER_GROUP=metaproxy
+    
+    # 1. create group if not existing
+    if ! getent group | grep -q "^$SERVER_GROUP:" ; then
+        echo -n "Adding group $SERVER_GROUP.."
+        addgroup --quiet --system $SERVER_GROUP 2>/dev/null ||true
+        echo "..done"
+    fi
+    # 2. create homedir if not existing
+    test -d $SERVER_HOME || mkdir $SERVER_HOME
+
+    # 3. create user if not existing
+    if ! getent passwd | grep -q "^$SERVER_USER:"; then
+        echo -n "Adding system user $SERVER_USER.."
+        adduser --quiet \
+            --system \
+            --ingroup $SERVER_GROUP \
+            --no-create-home \
+            --disabled-password \
+            $SERVER_USER 2>/dev/null || true
+        echo "..done"
+    fi
+    # 4. adjust passwd entry
+    usermod -c "$SERVER_NAME" \
+        -d $SERVER_HOME   \
+        -g $SERVER_GROUP  \
+        $SERVER_USER
+    
+    # 5. adjust file and directory permissions
+    if ! dpkg-statoverride --list $SERVER_HOME >/dev/null
+    then
+        chown -R $SERVER_USER:adm $SERVER_HOME
+        chmod u=rwx,g=rxs,o= $SERVER_HOME
+    fi
+
+    # 6. start service
+    if [ -x "/etc/init.d/metaproxy" ]; then
+        update-rc.d metaproxy defaults >/dev/null
+        invoke-rc.d metaproxy start || exit $?
+    fi
+    ;;
+esac
diff --git a/debian/metaproxy.postrm b/debian/metaproxy.postrm
new file mode 100644
index 0000000..922142c
--- /dev/null
+++ b/debian/metaproxy.postrm
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+    purge)
+	update-rc.d metaproxy remove >/dev/null
+
+	[ -f /etc/default/metaproxy ] && . /etc/default/metaproxy
+	
+	[ -z "$SERVER_HOME" ] && SERVER_HOME=/var/metaproxy
+	[ -z "$SERVER_USER" ] && SERVER_USER=metaproxy
+	[ -z "$SERVER_NAME" ] && SERVER_NAME="Metaproxy user"
+	[ -z "$SERVER_GROUP" ] && SERVER_GROUP=metaproxy
+
+        # find first and last SYSTEM_UID numbers
+        for LINE in `grep SYSTEM_UID /etc/adduser.conf | grep -v "^#"`; do
+            case $LINE in
+		FIRST_SYSTEM_UID*)
+                    FIRST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='`
+                    ;;
+		LAST_SYSTEM_UID*)
+                    LAST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='`
+                    ;;
+		*)
+                    ;;
+            esac
+        done
+        # Remove system account if necessary
+        CREATEDUSER=$SERVER_USER
+        if [ -n "$FIRST_SYSTEM_UID" ] && [ -n "$LAST_SYSTEM_UID" ]; then
+            if USERID=`getent passwd $CREATEDUSER | cut -f 3 -d ':'`; then
+		if [ -n "$USERID" ]; then
+		    if [ "$FIRST_SYSTEM_UID" -le "$USERID" ] && \
+			[ "$USERID" -le "$LAST_SYSTEM_UID" ]; then
+			echo -n "Removing $CREATEDUSER system user.."
+			deluser --quiet $CREATEDUSER || true
+			echo "..done"
+		    fi
+		fi
+            fi
+	fi
+        # Remove system group if necessary
+	CREATEDGROUP=$SERVER_GROUP
+	FIRST_USER_GID=`grep ^USERS_GID /etc/adduser.conf | cut -f2 -d '='`
+	if [ -n "$FIRST_USER_GID" ]; then
+            if GROUPGID=`getent group $CREATEDGROUP | cut -f 3 -d ':'`; then
+		if [ -n "$GROUPGID" ]; then
+		    if [ "$FIRST_USER_GID" -gt "$GROUPGID" ]; then
+			echo -n "Removing $CREATEDGROUP group.."
+			delgroup --only-if-empty $CREATEDGROUP || true
+			echo "..done"
+		    fi
+		fi
+            fi
+	fi
+	;;
+esac
diff --git a/debian/metaproxy.prerm b/debian/metaproxy.prerm
new file mode 100644
index 0000000..cd6a745
--- /dev/null
+++ b/debian/metaproxy.prerm
@@ -0,0 +1,3 @@
+if [ -x "/etc/init.d/metaproxy" ]; then
+	invoke-rc.d metaproxy stop || exit $?
+fi
-- 
1.7.10.4