]>
Commit | Line | Data |
---|---|---|
4d916382 DS |
1 | #!/bin/bash |
2 | ||
3 | if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi | |
4 | ${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} | |
5 | set -e | |
6 | set -u | |
7 | ||
d8e4c438 DS |
8 | # creating frrvty group if it isn't already there |
9 | if ! getent group frrvty >/dev/null; then | |
10 | addgroup --system frrvty >/dev/null | |
4d916382 DS |
11 | fi |
12 | ||
d8e4c438 DS |
13 | # creating frr group if it isn't already there |
14 | if ! getent group frr >/dev/null; then | |
15 | addgroup --system frr >/dev/null | |
4d916382 DS |
16 | fi |
17 | ||
d8e4c438 DS |
18 | # creating frr user if he isn't already there |
19 | if ! getent passwd frr >/dev/null; then | |
4d916382 DS |
20 | adduser \ |
21 | --system \ | |
d8e4c438 DS |
22 | --ingroup frr \ |
23 | --home /var/run/frr/ \ | |
24 | --gecos "Frr routing suite" \ | |
4d916382 | 25 | --shell /bin/false \ |
d8e4c438 | 26 | frr >/dev/null |
fd8155c0 DS |
27 | fi |
28 | ||
29 | # We may be installing over an older version of | |
d8e4c438 DS |
30 | # frr and as such we need to intelligently |
31 | # check to see if the frr user is in the frrvty | |
fd8155c0 | 32 | # group. |
81f810f0 | 33 | if ! id frr | grep &>/dev/null 'frrvty'; then |
d8e4c438 | 34 | usermod -a -G frrvty frr >/dev/null |
4d916382 DS |
35 | fi |
36 | ||
37 | # Do not change permissions when upgrading as it would violate policy. | |
38 | if [ "$1" = "install" ]; then | |
d8e4c438 DS |
39 | # Logfiles are group readable in case users were put into the frr group. |
40 | d=/var/log/frr/ | |
4d916382 | 41 | mkdir -p $d |
e681915e MW |
42 | chown frr:frr $d |
43 | chown --quiet frr:frr $d/* | true | |
4d916382 DS |
44 | chmod u=rwx,go=rx $d |
45 | find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= | |
46 | ||
47 | # Strict permissions for the sockets. | |
d8e4c438 | 48 | d=/var/run/frr/ |
4d916382 | 49 | mkdir -p $d |
e681915e MW |
50 | chown frr:frr $d |
51 | chown --quiet frr:frr $d/* | true | |
4d916382 DS |
52 | chmod u=rwx,go=rx $d |
53 | find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,go= | |
54 | ||
55 | # Config files. Vtysh does not have access to the individual daemons config file | |
d8e4c438 | 56 | d=/etc/frr/ |
4d916382 | 57 | mkdir -p $d |
d8e4c438 | 58 | chown frr:frrvty $d |
4d916382 | 59 | chmod ug=rwx,o=rx $d |
d8e4c438 | 60 | find $d -type f -print0 | xargs -0 --no-run-if-empty chown frr:frr |
4d916382 DS |
61 | find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= |
62 | ||
63 | # Exceptions for vtysh. | |
64 | f=$d/vtysh.conf | |
65 | if [ -f $f ]; then | |
d8e4c438 | 66 | chown frr:frrvty $f |
4d916382 DS |
67 | chmod u=rw,g=r,o= $f |
68 | fi | |
69 | ||
70 | # Exceptions for vtysh. | |
e20dc2ba | 71 | f=$d/frr.conf |
4d916382 DS |
72 | if [ -f $d/Zebra.conf ]; then |
73 | mv $d/Zebra.conf $f | |
74 | fi | |
75 | if [ -f $f ]; then | |
d8e4c438 | 76 | chown frr:frrvty $f |
4d916382 DS |
77 | chmod u=rw,g=r,o= $f |
78 | fi | |
79 | fi | |
80 | ||
4d916382 | 81 | #DEBHELPER# |