diff options
| author | Sean Whitton <spwhitton@spwhitton.name> | 2016-10-23 12:35:06 -0700 |
|---|---|---|
| committer | Sean Whitton <spwhitton@spwhitton.name> | 2016-10-23 12:35:06 -0700 |
| commit | da8281218d90cbdd5567d3654e59626da111092a (patch) | |
| tree | 668abc53bdc044a4cc34ea8e6b205612ec0d1ce9 /debian/keysafe-server.postrm | |
| parent | c097cd236a73964372b35213d552e3b4c86a56cc (diff) | |
| download | keysafe-da8281218d90cbdd5567d3654e59626da111092a.tar.gz | |
delete _keysafe user and group after chowning
Diffstat (limited to 'debian/keysafe-server.postrm')
| -rwxr-xr-x | debian/keysafe-server.postrm | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/debian/keysafe-server.postrm b/debian/keysafe-server.postrm index ad695da..9c9ac85 100755 --- a/debian/keysafe-server.postrm +++ b/debian/keysafe-server.postrm @@ -3,9 +3,16 @@ set -e # ensure the server process has been killed before calling userdel(1) - #DEBHELPER# +# delete the _keysafe user and group, after chowning the shard storage +# to root so that it does not end up owned by another system user +if [ "$1" = "purge" ]; then + chown -R root:root /var/lib/keysafe + userdel _keysafe || true + groupdel _keysafe || true +fi + # For the time being, at the request of upstream, we don't ever delete # /var/lib/keysafe, even on a purge (note that for security this # requires that we also never delete the _keysafe user and group) @@ -14,11 +21,4 @@ set -e # people's private keys, so it probably shouldn't ever happen # automatically -# Nevertheless, we might want to revisit this decision when it's time -# to upload keysafe to sid, so the following maintscript is retained, -# commented-out: - -#if [ "$1" = "purge" ]; then -# userdel --remove _keysafe || true -# groupdel _keysafe || true -#fi +# We might want to revisit this before uploading to sid |