Some more changes for 1.2-2: Adding a bitlbee group for extra security1.2-2

and small stuff.
author: Wilmer van der Gaast <wilmer@gaast.net> 2008-03-24 19:48:36 +0000
committer: Wilmer van der Gaast <wilmer@gaast.net> 2008-03-24 19:48:36 +0000
commit: 628e6018a8387603e67f4ce1c8b3b67126408726 (patch)
tree: 32ea61aedc0fa1eb93120dd74c9e87831271f939 /debian/postinst
parent: 66c51bbf19a599e3fffd2e3dbb5aae829e15af59 (diff)
1 files changed, 12 insertions, 4 deletions
diff --git a/debian/postinst b/debian/postinst
index 1a906474..80249bfe 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -73,13 +73,21 @@ if [ -d $CONFDIR ] && chown -R bitlbee $CONFDIR; then
 	exit 0
 fi
 
-adduser --system --home /var/lib/bitlbee/ --disabled-login --disabled-password bitlbee
+adduser --system --group --disabled-login --disabled-password --home /var/lib/bitlbee/ bitlbee
 chmod 700 /var/lib/bitlbee/
 
 ## Can't do this in packaging phase: Don't know the UID yet. Access to
-## the file should be limited, now that it stores passwords.
-chmod 600 /etc/bitlbee/bitlbee.conf
-chown bitlbee /etc/bitlbee/bitlbee.conf
+## the file should be limited, now that it stores passwords. Added
+## --group later for a little more security, but have to see if I can
+## apply this change to existing installations on upgrades. Will think
+## about that later.
+if getent group bitlbee > /dev/null; then
+	chmod 640 /etc/bitlbee/bitlbee.conf
+	chown root:bitlbee /etc/bitlbee/bitlbee.conf
+else
+	chmod 600 /etc/bitlbee/bitlbee.conf
+	chown bitlbee /etc/bitlbee/bitlbee.conf
+fi
 
 if [ -z "$2" ]; then
 	/etc/init.d/bitlbee start
author	Wilmer van der Gaast <wilmer@gaast.net>	2008-03-24 19:48:36 +0000
committer	Wilmer van der Gaast <wilmer@gaast.net>	2008-03-24 19:48:36 +0000
commit	628e6018a8387603e67f4ce1c8b3b67126408726 (patch)
tree	32ea61aedc0fa1eb93120dd74c9e87831271f939 /debian/postinst
parent	66c51bbf19a599e3fffd2e3dbb5aae829e15af59 (diff)