From fc474c29fec0fe42227d3e758da31ad699efac13 Mon Sep 17 00:00:00 2001 From: Dave Hibberd Date: Mon, 28 Aug 2023 21:41:31 +0100 Subject: [PATCH] Adding run-as-user and a user with the folder as ~ --- debian/linbpq.service | 6 ++++-- debian/postinst | 25 ++++++++++++++++++++++++- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/debian/linbpq.service b/debian/linbpq.service index bb29a9a..34ed587 100644 --- a/debian/linbpq.service +++ b/debian/linbpq.service @@ -2,9 +2,11 @@ After=network.target [Service] -ExecStart=/opt/oarc/linbpq/linbpq -WorkingDirectory=/opt/oarc/linbpq +ExecStart=/opt/oarc/bpq/linbpq +WorkingDirectory=/opt/oarc/bpq Restart=always +User=linbpq +Group=linbpq [Install] WantedBy=multi-user.target diff --git a/debian/postinst b/debian/postinst index 49d5770..4289690 100644 --- a/debian/postinst +++ b/debian/postinst @@ -1,16 +1,39 @@ #!/bin/sh if [ "$1" = configure ]; then + +# if ! getent group linbpq >/dev/null; then +# addgroup --system --force-badname linbpq || true +# fi + + echo "Creating/updating linbpq user account..." + adduser --system --group --home /opt/oarc/bpq \ + --gecos "linbpq system user" --shell /bin/false \ + --quiet --disabled-password linbpq || { + # adduser failed. Why? + if getent passwd linbpq >/dev/null ; then + echo "Non-system user linbpq found. I will not overwrite a non-system" >&2 + echo "user. Remove the user and reinstall linbpq." >&2 + exit 1 + fi + # unknown adduser error, simply exit + exit 1 + } + adduser linbpq dialout + chown :linbpq /opt/oarc/bpq + chmod 775 /opt/oarc/bpq # If we have setcap is installed, set the requirements # which allows us to install our binaries without the setuid # bit. if command -v setcap > /dev/null; then - setcap "CAP_NET_ADMIN=ep CAP_NET_RAW=ep CAP_NET_BIND_SERVICE=ep" linbq + setcap "CAP_NET_ADMIN=ep CAP_NET_RAW=ep CAP_NET_BIND_SERVICE=ep" /opt/oarc/bpq/linbpq else echo "Setcap failed on /usr/sbin/linbpq, Features may be limited" >&2 fi else echo "Setcap is not installed, Features may be limited" >&2 + + fi #DEBHELPER#