* Run spamass-milter as a new user, spamassmilter instead of nobody

  (closes: #411094)

diff --git a/debian/changelog b/debian/changelog
index e76f34286c57fa13fdcf356cc7dad73c10db1e57..e54a5de9efcaf4fffe0f3241f5dc7a3f1bed09aa 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+spamass-milter (0.3.1-5) unstable; urgency=low
+
+  * Run spamass-milter as a new user, spamassmilter instead of nobody
+    (closes: #411094)
+
+ -- Don Armstrong <don@debian.org>  Fri, 16 Feb 2007 20:49:24 -0800
+
 spamass-milter (0.3.1-4) unstable; urgency=low
 
   * Flip the order of socket and piddir creation, because the default for

diff --git a/debian/control b/debian/control
index 22b9e917d80063fee62eb855abf4c8b4b19731ab..c7ae4b2d833ae50f7af5c136a51d2f759ba3844c 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,7 @@ Package: spamass-milter
 Section: mail
 Priority: extra
 Architecture: any
-Depends: ${shlibs:Depends}, spamc
+Depends: ${shlibs:Depends}, spamc, adduser
 Recommends: spamassassin, sendmail|postfix
 Description: milter for filtering mail through spamassassin
  A milter used to filter mail through spamassassin (spamc)

diff --git a/debian/spamass-milter.default b/debian/spamass-milter.default
index 2178ecc0c05885cdcc5e12aaa6f29ef053f3afc0..2b633183c0f8d02f7cced5ae9f1c273949b932df 100644 (file)
--- a/debian/spamass-milter.default
+++ b/debian/spamass-milter.default
@@ -19,6 +19,6 @@ OPTIONS="-u nobody -i 127.0.0.1"
 # here.
 ######################################
 # SOCKET="/var/spool/postfix/spamass/spamass.sock"
-# PIDFILE="/var/spool/postfix/spamass/spamass.pid"
 # SOCKETOWNER="postfix:postfix"
+# SOCKETMODE="0660"
 ######################################

diff --git a/debian/spamass-milter.init b/debian/spamass-milter.init
index 4855d4eec76efebbdaa4cee5541a802f05323523..e56792351a9c8974faa42d50f91881e22694957b 100644 (file)
--- a/debian/spamass-milter.init
+++ b/debian/spamass-milter.init
@@ -40,9 +40,9 @@ DESC="Sendmail milter plugin for SpamAssassin"
 
 DEFAULT=/etc/default/spamass-milter
 OPTIONS=""
-RUNAS="nobody"
+RUNAS="spamassmilter"
 CHUID=""
-SOCKETMODE="0640"
+SOCKETMODE="0600"
 SOCKETOWNER="root:root"
 
 test -x $DAEMON || exit 0
@@ -53,7 +53,7 @@ if [ -e /etc/mail/sendmail.cf ] && egrep -q 'X.+S=local:/var/run/sendmail/spamas
     SOCKETOWNER=""
     RUNAS=""
     echo "WARNING: You are using the old location of spamass.sock. Change your input filter to use";
-    echo "/var/run/spamass/spamass.sock so spamass-milter can run as nobody";
+    echo "/var/run/spamass/spamass.sock so spamass-milter can run as spamassmilter";
 fi;
 
 # If /usr/sbin/postfix exists, set up the defaults for a postfix install
@@ -86,13 +86,17 @@ start() {
     if [ ! -d $(dirname $SOCKET) ]; then
        mkdir -p $(dirname $SOCKET);
        if [ -n "$SOCKETOWNER" ]; then
-           chown "$SOCKETOWNER" $(dirname $SOCKET);
+           chown "$RUNAS" $(dirname $SOCKET);
        fi;
     fi;
     if [ -n "$RUNAS" ] && [ -d $(dirname $PIDFILE) ] && [ "$(stat -c '%U' $(dirname $PIDFILE))" != "$RUNAS" ]; then
        echo "WARNING: $NAME will run as user $RUNAS but $(dirname $PIDFILE) is not owned by $RUNAS";
        echo "Either delete this directory or chown it appropriately. Startup attempts may fail.";
     fi;
+    if [ -n "$RUNAS" ] && [ -d $(dirname $SOCKET) ] && [ "$(stat -c '%U' $(dirname $SOCKET))" != "$RUNAS" ]; then
+       echo "WARNING: $NAME will run as user $RUNAS but $(dirname $SOCKET) is not owned by $RUNAS";
+       echo "Either delete this directory or chown it appropriately. Startup attempts may fail.";
+    fi;
     /bin/rm -f $SOCKET
     start-stop-daemon --start -p $PIDFILE $CHUID --exec $DAEMON -- -P $PIDFILE -f -p $SOCKET $OPTIONS
     sleep 1s
@@ -108,6 +112,7 @@ stop(){
     start-stop-daemon --stop -p $PIDFILE --signal 3 --exec $DAEMON
     /bin/sleep 5s
     /bin/rm -f $SOCKET
+    /bin/rm -f $PIDFILE
 }
 
 case "$1" in

diff --git a/debian/spamass-milter.postinst b/debian/spamass-milter.postinst
new file mode 100644 (file)
index 0000000..2e2661c
--- /dev/null
+++ b/debian/spamass-milter.postinst
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+    configure)
+        # Create the spamassmilter user
+       if [ -x /usr/sbin/adduser ]; then
+           if ! id -u spamassmilter >/dev/null 2>&1; then
+               adduser --system --no-create-home spamassmilter;
+           fi;
+       fi;
+       # Attempt to remove /var/run/spamass if it exists
+
+       # If we're upgrading from -4 or earlier, we want to remove the
+       # pidfile if spamass.milter isn't running, and then remove
+       # /var/run/spamass
+       if dpkg --compare-versions "$2" 'lt' '0.3.1-5'; then
+           if [ -f /var/run/spamass/spamass.pid ] && ! kill -0 "$(cat  /var/run/spamass/spamass.pid)"; then
+               rm -f /var/run/spamass/spamass.pid;
+           fi;
+           if [ -d /var/run/spamass ]; then
+               rmdir --ignore-fail-on-non-empty /var/run/spamass ;
+           fi;
+       fi;
+       ;;
+    *)
+       # do nothing
+       ;;
+esac
+    
+###DEBHELPER###
+
+exit 0;
\ No newline at end of file