]>
Commit | Line | Data |
---|---|---|
4d916382 DS |
1 | #!/bin/bash |
2 | ||
3 | if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi | |
4 | ${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} | |
5 | set -e | |
6 | set -u | |
7 | ||
d8e4c438 DS |
8 | # creating frrvty group if it isn't already there |
9 | if ! getent group frrvty >/dev/null; then | |
10 | addgroup --system frrvty >/dev/null | |
4d916382 DS |
11 | fi |
12 | ||
d8e4c438 DS |
13 | # creating frr group if it isn't already there |
14 | if ! getent group frr >/dev/null; then | |
15 | addgroup --system frr >/dev/null | |
4d916382 DS |
16 | fi |
17 | ||
d8e4c438 DS |
18 | # creating frr user if he isn't already there |
19 | if ! getent passwd frr >/dev/null; then | |
4d916382 DS |
20 | adduser \ |
21 | --system \ | |
d8e4c438 DS |
22 | --ingroup frr \ |
23 | --home /var/run/frr/ \ | |
24 | --gecos "Frr routing suite" \ | |
4d916382 | 25 | --shell /bin/false \ |
d8e4c438 | 26 | frr >/dev/null |
fd8155c0 DS |
27 | fi |
28 | ||
29 | # We may be installing over an older version of | |
d8e4c438 DS |
30 | # frr and as such we need to intelligently |
31 | # check to see if the frr user is in the frrvty | |
fd8155c0 | 32 | # group. |
d8e4c438 DS |
33 | if ! /usr/bin/id frr | grep &>/dev/null 'frrvty'; then |
34 | usermod -a -G frrvty frr >/dev/null | |
4d916382 DS |
35 | fi |
36 | ||
37 | # Do not change permissions when upgrading as it would violate policy. | |
38 | if [ "$1" = "install" ]; then | |
d8e4c438 DS |
39 | # Logfiles are group readable in case users were put into the frr group. |
40 | d=/var/log/frr/ | |
4d916382 | 41 | mkdir -p $d |
d8e4c438 | 42 | chown -R frr:frr $d |
4d916382 DS |
43 | chmod u=rwx,go=rx $d |
44 | find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= | |
45 | ||
46 | # Strict permissions for the sockets. | |
d8e4c438 | 47 | d=/var/run/frr/ |
4d916382 | 48 | mkdir -p $d |
d8e4c438 | 49 | chown -R frr:frr $d |
4d916382 DS |
50 | chmod u=rwx,go=rx $d |
51 | find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,go= | |
52 | ||
53 | # Config files. Vtysh does not have access to the individual daemons config file | |
d8e4c438 | 54 | d=/etc/frr/ |
4d916382 | 55 | mkdir -p $d |
d8e4c438 | 56 | chown frr:frrvty $d |
4d916382 | 57 | chmod ug=rwx,o=rx $d |
d8e4c438 | 58 | find $d -type f -print0 | xargs -0 --no-run-if-empty chown frr:frr |
4d916382 DS |
59 | find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= |
60 | ||
61 | # Exceptions for vtysh. | |
62 | f=$d/vtysh.conf | |
63 | if [ -f $f ]; then | |
d8e4c438 | 64 | chown frr:frrvty $f |
4d916382 DS |
65 | chmod u=rw,g=r,o= $f |
66 | fi | |
67 | ||
68 | # Exceptions for vtysh. | |
e20dc2ba | 69 | f=$d/frr.conf |
4d916382 DS |
70 | if [ -f $d/Zebra.conf ]; then |
71 | mv $d/Zebra.conf $f | |
72 | fi | |
73 | if [ -f $f ]; then | |
d8e4c438 | 74 | chown frr:frrvty $f |
4d916382 DS |
75 | chmod u=rw,g=r,o= $f |
76 | fi | |
77 | fi | |
78 | ||
4d916382 | 79 | #DEBHELPER# |