[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Setting permissions on new users in postinst

See bug #1064349.

I think the problem (correct me if I am wrong!) is that the postinst -
debian/amavisd-new.postinst - does (simplified):

=== cut ===
#DEBHELPER#

case "$1" in
    configure)
        # configure file permissions to use new amavis user
    ...
esac
=== cut ===


This means that #DEBHELPER# expands to the code that creates the
users and starts the daemons.

=== cut ===
# Automatically added by dh_installsysusers/13.14.1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
   systemd-sysusers ${DPKG_ROOT:+--root="$DPKG_ROOT"} amavisd-new.conf
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.14.1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
        # The following line should be removed in trixie or trixie+1
        deb-systemd-helper unmask 'amavis.service' >/dev/null || true

        # was-enabled defaults to true, so new installations run enable.
        if deb-systemd-helper --quiet was-enabled 'amavis.service'; then
                # Enables the unit on first installation, creates new
                # symlinks on upgrades if the unit file has changed.
                deb-systemd-helper enable 'amavis.service' >/dev/null || true
        else
                # Update the statefile to add new symlinks (if any), which need to be
                # cleaned up on purge. Also remove old symlinks.
                deb-systemd-helper update-state 'amavis.service' >/dev/null || true
        fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.14.1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
        if [ -d /run/systemd/system ]; then
                systemctl --system daemon-reload >/dev/null || true
                if [ -n "$2" ]; then
                        _dh_action=restart
                else
                        _dh_action=start
                fi
                deb-systemd-invoke $_dh_action 'amavis.service' >/dev/null || true
        fi
fi
# End automatically added section

[ similar for other services that are disabled by default ]
=== cut ===

I think we have a race condition, the daemon tries to start before we
setup the file permissions correctly. Both on sysvinit and systemd, but
seems we can get away with this more with systemd. Probably because of
the extra checks in the initd script that systemd version doesn't have.

But I can't move the #DEBHELPER# to the bottom, because then the setting
the file permissions would fail because we haven't added the user yet.

How do I fix this?

(Please CC responses to me, thanks)
-- 
Brian May @ Linux Penguins
Reply to: