[pkg-java] r12475 - trunk/tomcat6/debian

[Thierry Carrez]

Author: ttx-guest
Date: 2010-05-21 11:55:42 +0000 (Fri, 21 May 2010)
New Revision: 12475

Modified:
   trunk/tomcat6/debian/changelog
   trunk/tomcat6/debian/tomcat6.postinst
   trunk/tomcat6/debian/tomcat6.prerm
Log:
debian/tomcat6.{postinst,prerm}: Respect TOMCAT6_USER and TOMCAT6_GROUP
as defined in /etc/default/tomcat6 when setting directory permissions and
authbind configuration (Closes: #581018, LP: #557300)

Modified: trunk/tomcat6/debian/changelog
===================================================================
--- trunk/tomcat6/debian/changelog	2010-05-21 08:13:55 UTC (rev 12474)
+++ trunk/tomcat6/debian/changelog	2010-05-21 11:55:42 UTC (rev 12475)
@@ -1,3 +1,11 @@
+tomcat6 (6.0.26-2) UNRELEASED; urgency=low
+
+  * debian/tomcat6.{postinst,prerm}: Respect TOMCAT6_USER and TOMCAT6_GROUP
+    as defined in /etc/default/tomcat6 when setting directory permissions and
+    authbind configuration (Closes: #581018, LP: #557300)
+
+ -- Thierry Carrez <thierry.carrez at ubuntu.com>  Fri, 21 May 2010 13:51:15 +0200
+
 tomcat6 (6.0.26-1) unstable; urgency=low
 
   * New upstream version

Modified: trunk/tomcat6/debian/tomcat6.postinst
===================================================================
--- trunk/tomcat6/debian/tomcat6.postinst	2010-05-21 08:13:55 UTC (rev 12474)
+++ trunk/tomcat6/debian/tomcat6.postinst	2010-05-21 11:55:42 UTC (rev 12475)
@@ -3,24 +3,28 @@
 
 case "$1" in
     configure)
-	if ! id tomcat6 > /dev/null 2>&1 ; then
+	[ -f /etc/default/tomcat6 ] && . /etc/default/tomcat6
+	[ -z "$TOMCAT6_USER" ] && TOMCAT6_USER="tomcat6"
+	[ -z "$TOMCAT6_GROUP" ] && TOMCAT6_GROUP="tomcat6"
+	addgroup --system "$TOMCAT6_GROUP" --quiet
+	if ! id $TOMCAT6_USER > /dev/null 2>&1 ; then
 	    adduser --system --home /usr/share/tomcat6 --no-create-home \
-		--group --disabled-password --shell /bin/false \
-		tomcat6
+		--ingroup "$TOMCAT6_GROUP" --disabled-password --shell /bin/false \
+		"$TOMCAT6_USER"
 	fi
-	chown -R tomcat6:adm /var/log/tomcat6 /var/cache/tomcat6
+	chown -R $TOMCAT6_USER:adm /var/log/tomcat6 /var/cache/tomcat6
 	chmod 750 /var/log/tomcat6 /var/cache/tomcat6
 	# configuration files should not be modifiable by tomcat6 user, as this can be a security issue
 	# (an attacker may insert code in a webapp and have access to all tomcat configuration)
 	# but those files should be readable by tomcat6, so we set the group to tomcat6
-	chown -Rh root:tomcat6 /etc/tomcat6/*
+	chown -Rh root:$TOMCAT6_GROUP /etc/tomcat6/*
 	chmod 640 /etc/tomcat6/tomcat-users.xml
-	chown -Rh tomcat6:adm /var/lib/tomcat6/webapps /var/lib/tomcat6/common /var/lib/tomcat6/server /var/lib/tomcat6/shared
+	chown -Rh $TOMCAT6_USER:adm /var/lib/tomcat6/webapps /var/lib/tomcat6/common /var/lib/tomcat6/server /var/lib/tomcat6/shared
 	chmod 775 /var/lib/tomcat6/webapps
 	chmod 775 /etc/tomcat6/Catalina /etc/tomcat6/Catalina/localhost
 
 	# Authorize user tomcat6 to open privileged ports via authbind.
-	TOMCAT_UID="`id -u tomcat6`"
+	TOMCAT_UID="`id -u $TOMCAT6_USER`"
 	if [ ! -f "/etc/authbind/byuid/$TOMCAT_UID" ]; then
 		if [ ! -d "/etc/authbind/byuid" ]; then
 			mkdir -p /etc/authbind/byuid
@@ -28,7 +32,7 @@
 			chmod 755 /etc/authbind/byuid
 		fi
 		echo '0.0.0.0/32:1,1023' >/etc/authbind/byuid/$TOMCAT_UID
-		chown tomcat6:tomcat6 /etc/authbind/byuid/$TOMCAT_UID
+		chown $TOMCAT6_USER:$TOMCAT6_GROUP /etc/authbind/byuid/$TOMCAT_UID
 		chmod 700 /etc/authbind/byuid/$TOMCAT_UID
 	fi
     ;;

Modified: trunk/tomcat6/debian/tomcat6.prerm
===================================================================
--- trunk/tomcat6/debian/tomcat6.prerm	2010-05-21 08:13:55 UTC (rev 12474)
+++ trunk/tomcat6/debian/tomcat6.prerm	2010-05-21 11:55:42 UTC (rev 12475)
@@ -3,8 +3,10 @@
 
 case "$1" in
     remove)
+	[ -f /etc/default/tomcat6 ] && . /etc/default/tomcat6
+	[ -z "$TOMCAT6_USER" ] && TOMCAT6_USER="tomcat6"
 	# Remove auth for tomcat6 to open privileged ports via authbind.
-	TOMCAT_UID="`id -u tomcat6`"
+	TOMCAT_UID="`id -u $TOMCAT6_USER`"
 	if [ -f "/etc/authbind/byuid/$TOMCAT_UID" ]; then
 		rm -f /etc/authbind/byuid/$TOMCAT_UID
 	fi