Comparing with nginx, I also changed:
$ diff -urN ../logdata-anomaly-miner-0.0.2/debian/postinst debian/postinst
--- ../logdata-anomaly-miner-0.0.2/debian/postinst 2016-06-08
10:23:13.000000000 +0000
+++ debian/postinst 2016-06-09 14:24:33.437584218 +0000
@@ -23,12 +23,15 @@
analysisUser="aminer"
analysisGroup="aminer"
# Prohibit read access to configuration for other processes
- chown "root.${analysisGroup}" -- /etc/aminer
- chmod 00750 -- /etc/aminer
- dpkg-statoverride --update --add root "${analysisGroup}" 00750
/etc/aminer
+ if ! dpkg-statoverride --list /etc/aminer > /dev/null; then
+ chown "root.${analysisGroup}" -- /etc/aminer
+ chmod 00750 -- /etc/aminer
+ fi
mkdir -p -- /var/lib/aminer
- chmod 00700 -- /var/lib/aminer
- chown "${analysisUser}.${analysisGroup}" -- /var/lib/aminer
+ if ! dpkg-statoverride --list /var/lib/aminer > /dev/null; then
+ chmod 00700 -- /var/lib/aminer
+ chown "${analysisUser}.${analysisGroup}" -- /var/lib/aminer
+ fi
;;
esac
to leave the "dpkg-statoverride" to the machine admin, not interfering with it
in the package. Is this better than the old way?
I guess, the override should also be kept after postrm, so that reinstall of
package will come up with the overridden configuration?
Attachment:
smime.p7s
Description: S/MIME cryptographic signature