]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/bash | |
2 | ||
3 | if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi | |
4 | ${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} | |
5 | set -e | |
6 | set -u | |
7 | ||
8 | # creating frrvty group if it isn't already there | |
9 | if ! getent group frrvty >/dev/null; then | |
10 | addgroup --system frrvty >/dev/null | |
11 | fi | |
12 | ||
13 | # creating frr group if it isn't already there | |
14 | if ! getent group frr >/dev/null; then | |
15 | addgroup --system frr >/dev/null | |
16 | fi | |
17 | ||
18 | # creating frr user if he isn't already there | |
19 | if ! getent passwd frr >/dev/null; then | |
20 | adduser \ | |
21 | --system \ | |
22 | --ingroup frr \ | |
23 | --home /var/run/frr/ \ | |
24 | --gecos "Frr routing suite" \ | |
25 | --shell /bin/false \ | |
26 | frr >/dev/null | |
27 | fi | |
28 | ||
29 | # We may be installing over an older version of | |
30 | # frr and as such we need to intelligently | |
31 | # check to see if the frr user is in the frrvty | |
32 | # group. | |
33 | if ! /usr/bin/id frr | grep &>/dev/null 'frrvty'; then | |
34 | usermod -a -G frrvty frr >/dev/null | |
35 | fi | |
36 | ||
37 | # Do not change permissions when upgrading as it would violate policy. | |
38 | if [ "$1" = "install" ]; then | |
39 | # Logfiles are group readable in case users were put into the frr group. | |
40 | d=/var/log/frr/ | |
41 | mkdir -p $d | |
42 | chown -R frr:frr $d | |
43 | chmod u=rwx,go=rx $d | |
44 | find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= | |
45 | ||
46 | # Strict permissions for the sockets. | |
47 | d=/var/run/frr/ | |
48 | mkdir -p $d | |
49 | chown -R frr:frr $d | |
50 | chmod u=rwx,go=rx $d | |
51 | find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,go= | |
52 | ||
53 | # Config files. Vtysh does not have access to the individual daemons config file | |
54 | d=/etc/frr/ | |
55 | mkdir -p $d | |
56 | chown frr:frrvty $d | |
57 | chmod ug=rwx,o=rx $d | |
58 | find $d -type f -print0 | xargs -0 --no-run-if-empty chown frr:frr | |
59 | find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= | |
60 | ||
61 | # Exceptions for vtysh. | |
62 | f=$d/vtysh.conf | |
63 | if [ -f $f ]; then | |
64 | chown frr:frrvty $f | |
65 | chmod u=rw,g=r,o= $f | |
66 | fi | |
67 | ||
68 | # Exceptions for vtysh. | |
69 | f=$d/frr.conf | |
70 | if [ -f $d/Zebra.conf ]; then | |
71 | mv $d/Zebra.conf $f | |
72 | fi | |
73 | if [ -f $f ]; then | |
74 | chown frr:frrvty $f | |
75 | chmod u=rw,g=r,o= $f | |
76 | fi | |
77 | fi | |
78 | ||
79 | #DEBHELPER# |