summaryrefslogtreecommitdiffstats
path: root/debian/frr.preinst
blob: 29162e3b56a92bab011cf527d0ed0d29a35280b7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/bin/bash

if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"}
set -e
set -u

# creating frrvty group if it isn't already there
if ! getent group frrvty >/dev/null; then
        addgroup --system frrvty >/dev/null
fi

# creating frr group if it isn't already there
if ! getent group frr >/dev/null; then
        addgroup --system frr >/dev/null
fi

# creating frr user if he isn't already there
if ! getent passwd frr >/dev/null; then
        adduser \
          --system \
          --ingroup frr \
          --home /var/run/frr/ \
          --gecos "Frr routing suite" \
          --shell /bin/false \
          frr  >/dev/null
fi

# We may be installing over an older version of
# frr and as such we need to intelligently
# check to see if the frr user is in the frrvty
# group.
if ! /usr/bin/id frr | grep &>/dev/null 'frrvty'; then
    usermod -a -G frrvty frr >/dev/null
fi

# Do not change permissions when upgrading as it would violate policy.
if [ "$1" = "install" ]; then
  # Logfiles are group readable in case users were put into the frr group.
  d=/var/log/frr/
    mkdir -p $d
    chown -R frr:frr $d
    chmod u=rwx,go=rx $d
    find $d -type f -print0 | xargs -0 --no-run-if-empty   chmod u=rw,g=r,o=

  # Strict permissions for the sockets.
  d=/var/run/frr/
    mkdir -p $d
    chown -R frr:frr $d
    chmod u=rwx,go=rx $d
    find $d -type f -print0 | xargs -0 --no-run-if-empty   chmod u=rw,go=

  # Config files. Vtysh does not have access to the individual daemons config file
  d=/etc/frr/
    mkdir -p $d
    chown frr:frrvty $d
    chmod ug=rwx,o=rx $d
    find $d -type f -print0 | xargs -0 --no-run-if-empty   chown frr:frr
    find $d -type f -print0 | xargs -0 --no-run-if-empty   chmod u=rw,g=r,o=

    # Exceptions for vtysh.
    f=$d/vtysh.conf
    if [ -f $f ]; then
      chown frr:frrvty $f
      chmod u=rw,g=r,o= $f
    fi

    # Exceptions for vtysh.
    f=$d/frr.conf
    if [ -f $d/Zebra.conf ]; then
      mv $d/Zebra.conf $f
    fi
    if [ -f $f ]; then
      chown frr:frrvty $f
      chmod u=rw,g=r,o= $f
    fi
fi

#DEBHELPER#