summaryrefslogtreecommitdiff
path: root/debian/apt.postinst
diff options
context:
space:
mode:
authorMichael Vogt <mvo@ubuntu.com>2014-09-24 16:22:05 +0200
committerMichael Vogt <mvo@ubuntu.com>2014-09-24 16:22:05 +0200
commit3927c6da48c206b6b251661f44680d9883b4f6b4 (patch)
tree695aea2c55eb2358a07b9403c28a57a3ca0e585d /debian/apt.postinst
parenta1380a5c52062b25c9ed260b721239ed57929503 (diff)
downloadapt-3927c6da48c206b6b251661f44680d9883b4f6b4.tar.gz
Drop Privileges to "Debian-apt" in most acquire methods
Add a new "Debian-apt" user that owns the /var/lib/apt/lists and /var/cache/apt/archive directories. The methods http, https, ftp, gpgv, gzip switch to this user when they start. Thanks to Julian and "ioerror" and tors "switch_id()" code.
Diffstat (limited to 'debian/apt.postinst')
-rw-r--r--debian/apt.postinst7
1 files changed, 7 insertions, 0 deletions
diff --git a/debian/apt.postinst b/debian/apt.postinst
index fd3e273bb..08dc60f9c 100644
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -26,6 +26,13 @@ case "$1" in
fi
fi
+ # add unprivileged user for the apt methods
+ adduser --force-badname --system --no-create-home \
+ --quiet Debian-apt || true
+ chown -R Debian-apt:root \
+ /var/lib/apt/lists \
+ /var/cache/apt/archives
+
# ensure tighter permissons on the logs, see LP: #975199
if dpkg --compare-versions "$2" lt-nl 0.9.7.7; then
# ensure permissions are right