summary refs log tree commit diff
path: root/debian/matrix-synapse-py3.postinst
diff options
context:
space:
mode:
authorJörg Behrmann <behrmann@physik.fu-berlin.de>2022-08-25 18:56:55 +0200
committerGitHub <noreply@github.com>2022-08-25 16:56:55 +0000
commit978666a088aacf467d3d265ff3b7b09c0d19733d (patch)
tree54fbae755f9c3f5f63cdd056565edb78fc876115 /debian/matrix-synapse-py3.postinst
parentSupport `registration_shared_secret` in a file (#13614) (diff)
downloadsynapse-978666a088aacf467d3d265ff3b7b09c0d19733d.tar.xz
Debian packaging: explicitly allocate a group for the system user (#13593)
Otherwise the files of the synapse user are readable by the nobody user, which
is unsafe.

Signed-off-by: Jörg Behrmann <behrmann@physik.fu-berlin.de>
Diffstat (limited to '')
-rw-r--r--debian/matrix-synapse-py3.postinst4
1 files changed, 2 insertions, 2 deletions
diff --git a/debian/matrix-synapse-py3.postinst b/debian/matrix-synapse-py3.postinst
index 029b9e0243..3c72b69bb7 100644
--- a/debian/matrix-synapse-py3.postinst
+++ b/debian/matrix-synapse-py3.postinst
@@ -40,12 +40,12 @@ EOF
     /opt/venvs/matrix-synapse/lib/manage_debconf.pl update
 
     if ! getent passwd $USER >/dev/null; then
-      adduser --quiet --system --no-create-home --home /var/lib/matrix-synapse $USER
+      adduser --quiet --system --group --no-create-home --home /var/lib/matrix-synapse $USER
     fi
 
     for DIR in /var/lib/matrix-synapse /var/log/matrix-synapse /etc/matrix-synapse; do
       if ! dpkg-statoverride --list --quiet $DIR >/dev/null; then
-        dpkg-statoverride --force --quiet --update --add $USER nogroup 0755 $DIR
+        dpkg-statoverride --force --quiet --update --add $USER "$(id -gn $USER)" 0755 $DIR
       fi
     done