Priviledge separation: use new monkeysphere user to handle

authentication keychain for server. This required a bunch of changes to all ms-server functions. Seems to be working ok, although it feels kind of hackish.
author: Jameson Graef Rollins <jrollins@phys.columbia.edu> 2008-06-24 13:53:22 -0400
committer: Jameson Graef Rollins <jrollins@phys.columbia.edu> 2008-06-24 17:50:26 -0400
commit: 1b6df37b94b96042ac460a933b00c6ef29694053 (patch)
tree: 560c5b65026bfa90170f469d7d0cd435609b34d5 /debian/monkeysphere.postinst
parent: e0b50e3859931c7fe2a58bb08af440a4f2455174 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst
new file mode 100755
index 0000000..50eaefa
--- /dev/null
+++ b/debian/monkeysphere.postinst
@@ -0,0 +1,17 @@
+#!/bin/sh -e
+
+# postinst script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# (c) 2008
+
+if ! getent passwd monkeysphere >/dev/null ; then
+    echo "adding monkeysphere user..."
+    adduser --quiet --system --no-create-home --home '/var/lib/monkeysphere' \
+    --shell '/bin/sh' --gecos 'monkeysphere authentication user,,,' monkeysphere
+fi
+
+# install host gnupg home directories
+install --mode 700 -d /var/lib/monkeysphere/gnupg-host
+# install authentication gnupg home directories
+install --mode 700 --owner monkeysphere -d /var/lib/monkeysphere/gnupg-authentication
author	Jameson Graef Rollins <jrollins@phys.columbia.edu>	2008-06-24 13:53:22 -0400
committer	Jameson Graef Rollins <jrollins@phys.columbia.edu>	2008-06-24 17:50:26 -0400
commit	1b6df37b94b96042ac460a933b00c6ef29694053 (patch)
tree	560c5b65026bfa90170f469d7d0cd435609b34d5 /debian/monkeysphere.postinst
parent	e0b50e3859931c7fe2a58bb08af440a4f2455174 (diff)