delete _keysafe user and group after chowning

2 files changed, 11 insertions, 9 deletions

diff --git a/debian/keysafe-server.postinst b/debian/keysafe-server.postinst
index 514cdbb..38508cc 100644..100755
--- a/debian/keysafe-server.postinst
+++ b/debian/keysafe-server.postinst
@@ -6,6 +6,8 @@ if ! getent passwd _keysafe >/dev/null; then
     adduser --system --group --disabled-login --disabled-password \
             --home /var/lib/keysafe --force-badname _keysafe
     chmod 700 /var/lib/keysafe
+else
+    chown -R _keysafe:_keysafe /var/lib/keysafe
 fi
 
 #DEBHELPER#
diff --git a/debian/keysafe-server.postrm b/debian/keysafe-server.postrm
index ad695da..9c9ac85 100755
--- a/debian/keysafe-server.postrm
+++ b/debian/keysafe-server.postrm
@@ -3,9 +3,16 @@
 set -e
 
 # ensure the server process has been killed before calling userdel(1)
-
 #DEBHELPER#
 
+# delete the _keysafe user and group, after chowning the shard storage
+# to root so that it does not end up owned by another system user
+if [ "$1" = "purge" ]; then
+    chown -R root:root /var/lib/keysafe
+    userdel _keysafe || true
+    groupdel _keysafe || true
+fi
+
 # For the time being, at the request of upstream, we don't ever delete
 # /var/lib/keysafe, even on a purge (note that for security this
 # requires that we also never delete the _keysafe user and group)
@@ -14,11 +21,4 @@ set -e
 # people's private keys, so it probably shouldn't ever happen
 # automatically
 
-# Nevertheless, we might want to revisit this decision when it's time
-# to upload keysafe to sid, so the following maintscript is retained,
-# commented-out:
-
-#if [ "$1" = "purge" ]; then
-#    userdel --remove _keysafe || true
-#    groupdel _keysafe || true
-#fi
+# We might want to revisit this before uploading to sid