5 update_fs_from_statoverride() {
6 # I wish a simple dpkg-statoverride --update $file just did
7 # the right thing, but it doesn't, so we have to do it manually.
13 if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
14 if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
21 handle_config_files() {
25 so=$(dpkg-statoverride --list /etc/freeradius)
30 if [ $ret != 0 ]; then
31 dpkg-statoverride --add --update freerad freerad 2751 /etc/freeradius
35 update_fs_from_statoverride d $so
40 so=$(dpkg-statoverride --list /etc/freeradius/radiusd.conf)
45 if [ $ret != 0 ]; then
46 dpkg-statoverride --add --update root freerad 0640 /etc/freeradius/radiusd.conf
50 update_fs_from_statoverride f $so
54 # Relax permissions on local dictionary - allows radclient to run and should
55 # not contain secrets. At any rate, only do it on fresh install
57 so=$(dpkg-statoverride --list /etc/freeradius/dictionary)
62 if [ $ret != 0 ]; then
63 dpkg-statoverride --add --update root freerad 0644 /etc/freeradius/dictionary
67 update_fs_from_statoverride f $so
75 # On a fresh install, add the necessary user and group
76 adduser --quiet --system --no-create-home --home /etc/freeradius --group --disabled-password freerad
78 # Put user freerad in group shadow, so the daemon can auth locally
79 # Only do this on fresh install as the admin may not want freerad in shadow
80 # group if authenticating by another mechanism
81 adduser --quiet freerad shadow
83 handle_config_files initial
86 handle_config_files upgrade