From ab5c4477a5ea3c6c835ad9d65c7bae190319650f Mon Sep 17 00:00:00 2001
From: don <don@8f7917da-ec0b-0410-a553-b9b0e350d17e>
Date: Sun, 18 Feb 2007 22:56:40 +0000
Subject: [PATCH] * Run spamass-milter as a new user, spamassmilter instead of
 nobody   (closes: #411094)

---
 debian/changelog               |  7 +++++++
 debian/control                 |  2 +-
 debian/spamass-milter.default  |  2 +-
 debian/spamass-milter.init     | 13 +++++++++----
 debian/spamass-milter.postinst | 34 ++++++++++++++++++++++++++++++++++
 5 files changed, 52 insertions(+), 6 deletions(-)
 create mode 100644 debian/spamass-milter.postinst

diff --git a/debian/changelog b/debian/changelog
index e76f342..e54a5de 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+spamass-milter (0.3.1-5) unstable; urgency=low
+
+  * Run spamass-milter as a new user, spamassmilter instead of nobody
+    (closes: #411094)
+
+ -- Don Armstrong <don@debian.org>  Fri, 16 Feb 2007 20:49:24 -0800
+
 spamass-milter (0.3.1-4) unstable; urgency=low
 
   * Flip the order of socket and piddir creation, because the default for
diff --git a/debian/control b/debian/control
index 22b9e91..c7ae4b2 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,7 @@ Package: spamass-milter
 Section: mail
 Priority: extra
 Architecture: any
-Depends: ${shlibs:Depends}, spamc
+Depends: ${shlibs:Depends}, spamc, adduser
 Recommends: spamassassin, sendmail|postfix
 Description: milter for filtering mail through spamassassin
  A milter used to filter mail through spamassassin (spamc)
diff --git a/debian/spamass-milter.default b/debian/spamass-milter.default
index 2178ecc..2b63318 100644
--- a/debian/spamass-milter.default
+++ b/debian/spamass-milter.default
@@ -19,6 +19,6 @@ OPTIONS="-u nobody -i 127.0.0.1"
 # here.
 ######################################
 # SOCKET="/var/spool/postfix/spamass/spamass.sock"
-# PIDFILE="/var/spool/postfix/spamass/spamass.pid"
 # SOCKETOWNER="postfix:postfix"
+# SOCKETMODE="0660"
 ######################################
diff --git a/debian/spamass-milter.init b/debian/spamass-milter.init
index 4855d4e..e567923 100644
--- a/debian/spamass-milter.init
+++ b/debian/spamass-milter.init
@@ -40,9 +40,9 @@ DESC="Sendmail milter plugin for SpamAssassin"
 
 DEFAULT=/etc/default/spamass-milter
 OPTIONS=""
-RUNAS="nobody"
+RUNAS="spamassmilter"
 CHUID=""
-SOCKETMODE="0640"
+SOCKETMODE="0600"
 SOCKETOWNER="root:root"
 
 test -x $DAEMON || exit 0
@@ -53,7 +53,7 @@ if [ -e /etc/mail/sendmail.cf ] && egrep -q 'X.+S=local:/var/run/sendmail/spamas
     SOCKETOWNER=""
     RUNAS=""
     echo "WARNING: You are using the old location of spamass.sock. Change your input filter to use";
-    echo "/var/run/spamass/spamass.sock so spamass-milter can run as nobody";
+    echo "/var/run/spamass/spamass.sock so spamass-milter can run as spamassmilter";
 fi;
 
 # If /usr/sbin/postfix exists, set up the defaults for a postfix install
@@ -86,13 +86,17 @@ start() {
     if [ ! -d $(dirname $SOCKET) ]; then
 	mkdir -p $(dirname $SOCKET);
 	if [ -n "$SOCKETOWNER" ]; then
-	    chown "$SOCKETOWNER" $(dirname $SOCKET);
+	    chown "$RUNAS" $(dirname $SOCKET);
 	fi;
     fi;
     if [ -n "$RUNAS" ] && [ -d $(dirname $PIDFILE) ] && [ "$(stat -c '%U' $(dirname $PIDFILE))" != "$RUNAS" ]; then
 	echo "WARNING: $NAME will run as user $RUNAS but $(dirname $PIDFILE) is not owned by $RUNAS";
 	echo "Either delete this directory or chown it appropriately. Startup attempts may fail.";
     fi;
+    if [ -n "$RUNAS" ] && [ -d $(dirname $SOCKET) ] && [ "$(stat -c '%U' $(dirname $SOCKET))" != "$RUNAS" ]; then
+	echo "WARNING: $NAME will run as user $RUNAS but $(dirname $SOCKET) is not owned by $RUNAS";
+	echo "Either delete this directory or chown it appropriately. Startup attempts may fail.";
+    fi;
     /bin/rm -f $SOCKET
     start-stop-daemon --start -p $PIDFILE $CHUID --exec $DAEMON -- -P $PIDFILE -f -p $SOCKET $OPTIONS
     sleep 1s
@@ -108,6 +112,7 @@ stop(){
     start-stop-daemon --stop -p $PIDFILE --signal 3 --exec $DAEMON
     /bin/sleep 5s
     /bin/rm -f $SOCKET
+    /bin/rm -f $PIDFILE
 }
 
 case "$1" in
diff --git a/debian/spamass-milter.postinst b/debian/spamass-milter.postinst
new file mode 100644
index 0000000..2e2661c
--- /dev/null
+++ b/debian/spamass-milter.postinst
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+    configure)
+        # Create the spamassmilter user
+	if [ -x /usr/sbin/adduser ]; then
+	    if ! id -u spamassmilter >/dev/null 2>&1; then
+		adduser --system --no-create-home spamassmilter;
+	    fi;
+	fi;
+	# Attempt to remove /var/run/spamass if it exists
+
+	# If we're upgrading from -4 or earlier, we want to remove the
+	# pidfile if spamass.milter isn't running, and then remove
+	# /var/run/spamass
+	if dpkg --compare-versions "$2" 'lt' '0.3.1-5'; then
+	    if [ -f /var/run/spamass/spamass.pid ] && ! kill -0 "$(cat  /var/run/spamass/spamass.pid)"; then
+		rm -f /var/run/spamass/spamass.pid;
+	    fi;
+	    if [ -d /var/run/spamass ]; then
+		rmdir --ignore-fail-on-non-empty /var/run/spamass ;
+	    fi;
+	fi;
+	;;
+    *)
+	# do nothing
+	;;
+esac
+    
+###DEBHELPER###
+
+exit 0;
\ No newline at end of file
-- 
2.39.2