#! /bin/sh
set -e
update_fs_from_statoverride() {
# I wish a simple dpkg-statoverride --update $file just did
# the right thing, but it doesn't, so we have to do it manually.
type=$1
user=$2
group=$3
mode=$4
file=$5
if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
chgrp $group $file
chmod $mode $file
fi
fi
}
handle_config_files() {
runmode=$1
set +e
so=$(dpkg-statoverride --list /etc/freeradius)
ret=$?
set -e
case "$runmode" in
initial)
if [ $ret != 0 ]; then
dpkg-statoverride --add --update freerad freerad 2751 /etc/freeradius
fi
;;
upgrade)
update_fs_from_statoverride d $so
;;
esac
set +e
so=$(dpkg-statoverride --list /etc/freeradius/radiusd.conf)
ret=$?
set -e
case "$runmode" in
initial)
if [ $ret != 0 ]; then
dpkg-statoverride --add --update root freerad 0640 /etc/freeradius/radiusd.conf
fi
;;
upgrade)
update_fs_from_statoverride f $so
;;
esac
# Relax permissions on local dictionary - allows radclient to run and should
# not contain secrets. At any rate, only do it on fresh install
set +e
so=$(dpkg-statoverride --list /etc/freeradius/dictionary)
ret=$?
set -e
case "$runmode" in
initial)
if [ $ret != 0 ]; then
dpkg-statoverride --add --update root freerad 0644 /etc/freeradius/dictionary
fi
;;
upgrade)
update_fs_from_statoverride f $so
;;
esac
}
case "$1" in
configure)
if [ -z "$2" ]; then
# On a fresh install, add the necessary user and group
adduser --quiet --system --no-create-home --home /etc/freeradius --group --disabled-password freerad || true
# Put user freerad in group shadow, so the daemon can auth locally
# Only do this on fresh install as the admin may not want freerad in shadow
# group if authenticating by another mechanism
adduser --quiet freerad shadow
handle_config_files initial
else
handle_config_files upgrade
fi
;;
esac
#DEBHELPER#
exit 0