.deb/.rpm: add osmocom user during package install

Create osmocom user & group during package installation.
Fix the configuration dir/files permission to match.

Related: OS#4107
Tweaked-By: Oliver Smith <osmith@sysmocom.de>
Change-Id: I55ce205d4b314d01b2641c8f3d52455c051d6282

contrib/osmo-sgsn.spec.in

@@ -81,13 +81,29 @@ make %{?_smp_mflags}
 %if 0%{?suse_version}
 %preun  %service_del_preun  %{name}.service
 %postun %service_del_postun %{name}.service
-%pre    %service_add_pre    %{name}.service
-%post   %service_add_post   %{name}.service
+%endif
+
+%pre
+getent group osmocom >/dev/null || groupadd --system osmocom
+getent passwd osmocom >/dev/null || useradd --system --gid osmocom --home-dir /var/lib/osmocom \
+                                            --shell /sbin/nologin --comment "Open Source Mobile Communications" osmocom
+%if 0%{?suse_version}
+%service_add_pre    %{name}.service
+%endif
+
+%post
+%if 0%{?suse_version}
+%service_add_post   %{name}.service
+%endif
+chown osmocom:osmocom /etc/osmocom/osmo-sgsn.cfg
+chmod 0660 /etc/osmocom/osmo-sgsn.cfg
+chown root:osmocom /etc/osmocom
+chmod 2775 /etc/osmocom
+
 %preun  -n osmo-gtphub %service_del_preun   osmo-gtphub.service
 %postun -n osmo-gtphub %service_del_postun  osmo-gtphub.service
 %pre    -n osmo-gtphub %service_add_pre     osmo-gtphub.service
 %post   -n osmo-gtphub %service_add_post    osmo-gtphub.service
-%endif
 
 %check
 make %{?_smp_mflags} check || (find . -name testsuite.log -exec cat {} +)

contrib/systemd/osmo-gtphub.service

@@ -5,6 +5,8 @@ Wants=network-online.target
 
 [Service]
 Type=simple
+User=osmocom
+Group=osmocom
 ExecStart=/usr/bin/osmo-gtphub -c /etc/osmocom/osmo-gtphub.cfg
 StateDirectory=osmocom
 WorkingDirectory=%S/osmocom

contrib/systemd/osmo-sgsn.service

@@ -11,6 +11,8 @@ Type=simple
 StateDirectory=osmocom
 WorkingDirectory=%S/osmocom
 Restart=always
+User=osmocom
+Group=osmocom
 ExecStart=/usr/bin/osmo-sgsn -c /etc/osmocom/osmo-sgsn.cfg
 RestartSec=2
 

debian/control

@@ -30,7 +30,7 @@ Homepage: https://projects.osmocom.org/projects/osmo-sgsn
 Package: osmo-sgsn
 Architecture: any
 Multi-Arch: foreign
-Depends: ${misc:Depends}, ${shlibs:Depends}
+Depends: ${misc:Depends}, ${shlibs:Depends}, adduser
 Description: OsmoSGSN: Osmocom's Serving GPRS Support Node for 2G and 3G packet-switched mobile networks
 
 Package: osmo-sgsn-dbg
@@ -42,7 +42,7 @@ Description: OsmoSGSN: Osmocom's Serving GPRS Support Node for 2G and 3G packet-
 
 Package: osmo-gtphub
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
 Description: Osmocom GTP Hub: Proxy for GTP traffic between multiple SGSNs and GGSNs
 
 Package: osmo-gtphub-dbg

debian/postinst

@@ -0,0 +1,39 @@
+#!/bin/sh -e
+# Create 'osmocom' user and group (if it doesn't exist yet) and adjust permissions
+# of directories which are not automatically adjusted by systemd from previous (root-owned)
+# install.
+
+# N. B: the user is intentionally NOT removed during package uninstall:
+# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning.
+chperms() {
+	# chperms <user> <group> <perms> <file>
+	if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then
+		if [ -e $4 ]; then
+			chown $1:$2 $4
+			chmod $3 $4
+		fi
+	fi
+}
+
+case "$1" in
+  configure)
+    if ! getent passwd osmocom > /dev/null; then
+        adduser --quiet \
+                --system \
+                --group \
+                --no-create-home \
+                --disabled-password \
+                --home /var/lib/osmocom \
+                --gecos "Open Source Mobile Communications" \
+                osmocom
+    fi
+# Set permissions according to https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
+    chperms osmocom osmocom 0660 /etc/osmocom/osmo-sgsn.cfg
+    chperms root osmocom 2775 /etc/osmocom
+
+  ;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#