Comparing with nginx, I also changed: $ diff -urN ../logdata-anomaly-miner-0.0.2/debian/postinst debian/postinst --- ../logdata-anomaly-miner-0.0.2/debian/postinst 2016-06-08 10:23:13.000000000 +0000 +++ debian/postinst 2016-06-09 14:24:33.437584218 +0000 @@ -23,12 +23,15 @@ analysisUser="aminer" analysisGroup="aminer" # Prohibit read access to configuration for other processes - chown "root.${analysisGroup}" -- /etc/aminer - chmod 00750 -- /etc/aminer - dpkg-statoverride --update --add root "${analysisGroup}" 00750 /etc/aminer + if ! dpkg-statoverride --list /etc/aminer > /dev/null; then + chown "root.${analysisGroup}" -- /etc/aminer + chmod 00750 -- /etc/aminer + fi mkdir -p -- /var/lib/aminer - chmod 00700 -- /var/lib/aminer - chown "${analysisUser}.${analysisGroup}" -- /var/lib/aminer + if ! dpkg-statoverride --list /var/lib/aminer > /dev/null; then + chmod 00700 -- /var/lib/aminer + chown "${analysisUser}.${analysisGroup}" -- /var/lib/aminer + fi ;; esac to leave the "dpkg-statoverride" to the machine admin, not interfering with it in the package. Is this better than the old way? I guess, the override should also be kept after postrm, so that reinstall of package will come up with the overridden configuration?
Attachment:
smime.p7s
Description: S/MIME cryptographic signature