From 1b6df37b94b96042ac460a933b00c6ef29694053 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@phys.columbia.edu>
Date: Tue, 24 Jun 2008 13:53:22 -0400
Subject: Priviledge separation: use new monkeysphere user to handle
 authentication keychain for server.  This required a bunch of changes to all
 ms-server functions.  Seems to be working ok, although it feels kind of
 hackish.

---
 debian/monkeysphere.postinst | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100755 debian/monkeysphere.postinst

(limited to 'debian/monkeysphere.postinst')

diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst
new file mode 100755
index 0000000..50eaefa
--- /dev/null
+++ b/debian/monkeysphere.postinst
@@ -0,0 +1,17 @@
+#!/bin/sh -e
+
+# postinst script for monkeysphere
+
+# Author: Jameson Rollins <jrollins@fifthhorseman.net>
+# (c) 2008
+
+if ! getent passwd monkeysphere >/dev/null ; then
+    echo "adding monkeysphere user..."
+    adduser --quiet --system --no-create-home --home '/var/lib/monkeysphere' \
+    --shell '/bin/sh' --gecos 'monkeysphere authentication user,,,' monkeysphere
+fi
+
+# install host gnupg home directories
+install --mode 700 -d /var/lib/monkeysphere/gnupg-host
+# install authentication gnupg home directories
+install --mode 700 --owner monkeysphere -d /var/lib/monkeysphere/gnupg-authentication
-- 
cgit v1.2.3