#!/bin/bash if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi ${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"} set -e set -u # creating frrvty group if it isn't already there if ! getent group frrvty >/dev/null; then addgroup --system frrvty >/dev/null fi # creating frr group if it isn't already there if ! getent group frr >/dev/null; then addgroup --system frr >/dev/null fi # creating frr user if he isn't already there if ! getent passwd frr >/dev/null; then adduser \ --system \ --ingroup frr \ --home /var/run/frr/ \ --gecos "Frr routing suite" \ --shell /bin/false \ frr >/dev/null fi # We may be installing over an older version of # frr and as such we need to intelligently # check to see if the frr user is in the frrvty # group. if ! /usr/bin/id frr | grep &>/dev/null 'frrvty'; then usermod -a -G frrvty frr >/dev/null fi # Do not change permissions when upgrading as it would violate policy. if [ "$1" = "install" ]; then # Logfiles are group readable in case users were put into the frr group. d=/var/log/frr/ mkdir -p $d chown -R frr:frr $d chmod u=rwx,go=rx $d find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= # Strict permissions for the sockets. d=/var/run/frr/ mkdir -p $d chown -R frr:frr $d chmod u=rwx,go=rx $d find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,go= # Config files. Vtysh does not have access to the individual daemons config file d=/etc/frr/ mkdir -p $d chown frr:frrvty $d chmod ug=rwx,o=rx $d find $d -type f -print0 | xargs -0 --no-run-if-empty chown frr:frr find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o= # Exceptions for vtysh. f=$d/vtysh.conf if [ -f $f ]; then chown frr:frrvty $f chmod u=rw,g=r,o= $f fi # Exceptions for vtysh. f=$d/frr.conf if [ -f $d/Zebra.conf ]; then mv $d/Zebra.conf $f fi if [ -f $f ]; then chown frr:frrvty $f chmod u=rw,g=r,o= $f fi fi #DEBHELPER#