[ciderwebmail] 14/33: Improve uWSGI config to run as separate user.

Jonas Smedegaard dr at jones.dk
Wed May 21 12:44:46 UTC 2014 

This is an automated email from the git hooks/post-receive script.

js pushed a commit to branch master
in repository ciderwebmail.

commit c8e204804f0a37bfb3e800c8a5fc2f76c4638b64
Author: Jonas Smedegaard <dr at jones.dk>
Date:   Sat Mar 16 21:25:28 2013 +0100

    Improve uWSGI config to run as separate user.
---
 debian/etc/uwsgi/apps-available/ciderwebmail.ini |  9 +++++----
 debian/postinst                                  | 14 ++++++++++----
 debian/postrm                                    |  1 +
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/debian/etc/uwsgi/apps-available/ciderwebmail.ini b/debian/etc/uwsgi/apps-available/ciderwebmail.ini
index d67fecb..4e9aa5d 100644
--- a/debian/etc/uwsgi/apps-available/ciderwebmail.ini
+++ b/debian/etc/uwsgi/apps-available/ciderwebmail.ini
@@ -1,10 +1,11 @@
 [uwsgi]
 plugins = 0:psgi
 
-# set when app uid is different from www-data
-#uid = ciderwebmail
-# set when web server needs write acces to files auto-created by app
-#umask = 007
+# comment out if app and frontend run as same uid
+uid = ciderwebmail
+gid = ciderwebmail
+chown-socket = www-data
+chmod-socket = 600
 
 #chdir = /home/www-mail/public_webdata
 check-static = /usr/share/ciderwebmail/root/static
diff --git a/debian/postinst b/debian/postinst
index 487fcda..a869df7 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -1,11 +1,17 @@
 #!/bin/sh
 
-set -e
+set -eu
+
+home="/var/lib/ciderwebmail"
 
 if [ "$1" = "configure" ]; then
-	if [ ! -e /var/lib/ciderwebmail ]; then
-		mkdir /var/lib/ciderwebmail
-		chown www-data: /var/lib/ciderwebmail
+	adduser --system --quiet --group --home "$home" ciderwebmail || :
+	if [ ! -e "$home" ]; then
+		mkdir "$home"
+	fi
+	chown ciderwebmail: "$home"
+	if [ -f "$home/user_settings.sql" ]; then
+		chown ciderwebmail: "$home/user_settings.sql"
 	fi
 fi
 
diff --git a/debian/postrm b/debian/postrm
index 367e096..812e8ab 100644
--- a/debian/postrm
+++ b/debian/postrm
@@ -5,5 +5,6 @@ set -e
 #DEBHELPER#
 
 if [ "$1" = "purge" ]; then
+	deluser --system --quiet ciderwebmail || true
 	rm -rf /var/lib/ciderwebmail
 fi

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/ciderwebmail.git

More information about the Pkg-perl-cvs-commits mailing list