Author: ttx-guest Date: 2010-05-21 11:55:42 +0000 (Fri, 21 May 2010) New Revision: 12475
Modified: trunk/tomcat6/debian/changelog trunk/tomcat6/debian/tomcat6.postinst trunk/tomcat6/debian/tomcat6.prerm Log: debian/tomcat6.{postinst,prerm}: Respect TOMCAT6_USER and TOMCAT6_GROUP as defined in /etc/default/tomcat6 when setting directory permissions and authbind configuration (Closes: #581018, LP: #557300) Modified: trunk/tomcat6/debian/changelog =================================================================== --- trunk/tomcat6/debian/changelog 2010-05-21 08:13:55 UTC (rev 12474) +++ trunk/tomcat6/debian/changelog 2010-05-21 11:55:42 UTC (rev 12475) @@ -1,3 +1,11 @@ +tomcat6 (6.0.26-2) UNRELEASED; urgency=low + + * debian/tomcat6.{postinst,prerm}: Respect TOMCAT6_USER and TOMCAT6_GROUP + as defined in /etc/default/tomcat6 when setting directory permissions and + authbind configuration (Closes: #581018, LP: #557300) + + -- Thierry Carrez <thierry.car...@ubuntu.com> Fri, 21 May 2010 13:51:15 +0200 + tomcat6 (6.0.26-1) unstable; urgency=low * New upstream version Modified: trunk/tomcat6/debian/tomcat6.postinst =================================================================== --- trunk/tomcat6/debian/tomcat6.postinst 2010-05-21 08:13:55 UTC (rev 12474) +++ trunk/tomcat6/debian/tomcat6.postinst 2010-05-21 11:55:42 UTC (rev 12475) @@ -3,24 +3,28 @@ case "$1" in configure) - if ! id tomcat6 > /dev/null 2>&1 ; then + [ -f /etc/default/tomcat6 ] && . /etc/default/tomcat6 + [ -z "$TOMCAT6_USER" ] && TOMCAT6_USER="tomcat6" + [ -z "$TOMCAT6_GROUP" ] && TOMCAT6_GROUP="tomcat6" + addgroup --system "$TOMCAT6_GROUP" --quiet + if ! id $TOMCAT6_USER > /dev/null 2>&1 ; then adduser --system --home /usr/share/tomcat6 --no-create-home \ - --group --disabled-password --shell /bin/false \ - tomcat6 + --ingroup "$TOMCAT6_GROUP" --disabled-password --shell /bin/false \ + "$TOMCAT6_USER" fi - chown -R tomcat6:adm /var/log/tomcat6 /var/cache/tomcat6 + chown -R $TOMCAT6_USER:adm /var/log/tomcat6 /var/cache/tomcat6 chmod 750 /var/log/tomcat6 /var/cache/tomcat6 # configuration files should not be modifiable by tomcat6 user, as this can be a security issue # (an attacker may insert code in a webapp and have access to all tomcat configuration) # but those files should be readable by tomcat6, so we set the group to tomcat6 - chown -Rh root:tomcat6 /etc/tomcat6/* + chown -Rh root:$TOMCAT6_GROUP /etc/tomcat6/* chmod 640 /etc/tomcat6/tomcat-users.xml - chown -Rh tomcat6:adm /var/lib/tomcat6/webapps /var/lib/tomcat6/common /var/lib/tomcat6/server /var/lib/tomcat6/shared + chown -Rh $TOMCAT6_USER:adm /var/lib/tomcat6/webapps /var/lib/tomcat6/common /var/lib/tomcat6/server /var/lib/tomcat6/shared chmod 775 /var/lib/tomcat6/webapps chmod 775 /etc/tomcat6/Catalina /etc/tomcat6/Catalina/localhost # Authorize user tomcat6 to open privileged ports via authbind. - TOMCAT_UID="`id -u tomcat6`" + TOMCAT_UID="`id -u $TOMCAT6_USER`" if [ ! -f "/etc/authbind/byuid/$TOMCAT_UID" ]; then if [ ! -d "/etc/authbind/byuid" ]; then mkdir -p /etc/authbind/byuid @@ -28,7 +32,7 @@ chmod 755 /etc/authbind/byuid fi echo '0.0.0.0/32:1,1023' >/etc/authbind/byuid/$TOMCAT_UID - chown tomcat6:tomcat6 /etc/authbind/byuid/$TOMCAT_UID + chown $TOMCAT6_USER:$TOMCAT6_GROUP /etc/authbind/byuid/$TOMCAT_UID chmod 700 /etc/authbind/byuid/$TOMCAT_UID fi ;; Modified: trunk/tomcat6/debian/tomcat6.prerm =================================================================== --- trunk/tomcat6/debian/tomcat6.prerm 2010-05-21 08:13:55 UTC (rev 12474) +++ trunk/tomcat6/debian/tomcat6.prerm 2010-05-21 11:55:42 UTC (rev 12475) @@ -3,8 +3,10 @@ case "$1" in remove) + [ -f /etc/default/tomcat6 ] && . /etc/default/tomcat6 + [ -z "$TOMCAT6_USER" ] && TOMCAT6_USER="tomcat6" # Remove auth for tomcat6 to open privileged ports via authbind. - TOMCAT_UID="`id -u tomcat6`" + TOMCAT_UID="`id -u $TOMCAT6_USER`" if [ -f "/etc/authbind/byuid/$TOMCAT_UID" ]; then rm -f /etc/authbind/byuid/$TOMCAT_UID fi _______________________________________________ pkg-java-commits mailing list pkg-java-comm...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-commits