47 lines
1.5 KiB
Text
47 lines
1.5 KiB
Text
|
#!/bin/dash
|
||
|
|
||
|
set -e
|
||
|
|
||
|
case "$1" in
|
||
|
configure)
|
||
|
[ -f "/etc/default/cacert-oidc-idp" ] && . /etc/default/cacert-oidc-idp
|
||
|
|
||
|
[ -z "$OIDC_IDP_HOME" ] && OIDC_IDP_HOME=/var/lib/oidc-idp
|
||
|
[ -z "$OIDC_IDP_USER" ] && OIDC_IDP_USER=cacert-oidc-idp
|
||
|
[ -z "$OIDC_IDP_NAME" ] && OIDC_IDP_NAME="CAcert OIDC IDP"
|
||
|
[ -z "$OIDC_IDP_GROUP" ] && OIDC_IDP_GROUP=cacert-oidc-idp
|
||
|
|
||
|
# create user to avoid running cacert-oidc-idp as root
|
||
|
# 1. create group if not existing
|
||
|
if ! getent group | grep -q "^$OIDC_IDP_GROUP" ; then
|
||
|
echo -n "Adding group $OIDC_IDP_GROUP.."
|
||
|
addgroup --quiet --system $OIDC_IDP_GROUP 2>/dev/null || true
|
||
|
echo "..done"
|
||
|
fi
|
||
|
# 2. create homedir if not existing
|
||
|
test -d "$OIDC_IDP_HOME" || mkdir "$OIDC_IDP_HOME"
|
||
|
# 3. create user if not existing
|
||
|
if ! getent passwd | grep -q "^$OIDC_IDP_USER"; then
|
||
|
echo -n "Adding system user $OIDC_IDP_USER.."
|
||
|
adduser --quiet \
|
||
|
--system \
|
||
|
--ingroup $OIDC_IDP_GROUP \
|
||
|
--no-create-home \
|
||
|
--disabled-password \
|
||
|
$OIDC_IDP_USER 2>/dev/null || true
|
||
|
echo "..done"
|
||
|
fi
|
||
|
# 4. adjust passwd entry
|
||
|
usermod -c "$OIDC_IDP_NAME" \
|
||
|
-d $OIDC_IDP_HOME \
|
||
|
-g $OIDC_IDP_GROUP \
|
||
|
$OIDC_IDP_USER || true
|
||
|
# 5. adjust file and directory permissions
|
||
|
if ! dpkg-statoverride --list $OIDC_IDP_HOME >/dev/null
|
||
|
then
|
||
|
chown -R $OIDC_IDP_USER:adm $OIDC_IDP_HOME
|
||
|
chmod u=rwx,g=rxs,o= $OIDC_IDP_HOME
|
||
|
fi
|
||
|
;;
|
||
|
esac
|