1 files changed, 282 insertions, 0 deletions

diff --git a/debian/local/update_sys.in b/debian/local/update_sys.in
new file mode 100644
index 0000000..89cad19
--- /dev/null
+++ b/debian/local/update_sys.in
@@ -0,0 +1,282 @@
+#!/bin/sh
+#-----------------------------------------------------------------------------
+#
+# $Sendmail: update_sys,v @sm_version@ @sm_date@ @sm_time@ cowboy Exp $
+#
+# Update system files used by Sendmail for Debian
+#
+# Copyright (c) 2001-@SM_CPYRT@ Richard Nelson.  All Rights Reserved.
+#
+# Notes (to all):
+#	* Several directories/files have their permissions forced...
+#	  This is done to allow the MSP/MTA split
+#	* This exec runs 'set +e' to ignore errors!!! this is done to
+#	  support those running NFS (or similiar) systems, where the
+#	  chmod/chown may fail - If this happens, you'll need to update
+#	  those items by hand !
+#
+# Notes (to self):
+#	*
+#
+#-----------------------------------------------------------------------------
+set +e;
+
+# flag used to indicate a dataset has been moved, may need another update
+changed=0;
+
+#------------------------------------------------------------------------------
+# Create any needed directories, and move any prior data to its new home
+
+#------------------------------------------------------------------------------
+# /etc/aliases should exist, though not owned by sendmail, we'll create one
+if [ ! -e @sysconfdir@/aliases ]; then
+	changed=1;
+	if [ -f @datadir@/doc/sendmail/examples/db/aliases ]; then
+		echo "Creating @sysconfdir@/aliases (not found)";
+		cp @datadir@/sendmail/examples/db/aliases \
+			@sysconfdir@/aliases;
+	else
+		touch @sysconfdir@/aliases;
+		fi;
+	chown root:root @sysconfdir@/aliases;
+	chmod 0644 @sysconfdir@/aliases;
+	fi;
+
+#------------------------------------------------------------------------------
+# /var/mail is the FHS user mail location, /var/spool/mail is older
+#	Note: we set the sticky bit to prevent a sgid exploit from erasing files
+if [ ! -e @localstatedir@/mail ]; then
+	changed=1;
+	if [ -L @localstatedir@/spool/mail ]; then
+		ln -sf spool/mail @localstatedir@/mail;
+	elif [ -d @localstatedir@/spool/mail ]; then
+		mv @localstatedir@/spool/mail @localstatedir@/mail;
+		chown root:root @localstatedir@/mail;
+		chmod 03775 @localstatedir@/mail;
+	else
+		mkdir @localstatedir@/mail;
+		chown root:root @localstatedir@/mail;
+		chmod 03775 @localstatedir@/mail;
+		fi;
+	fi;
+#
+# Make sure the sticky bit is set in pre-existing directories
+if [ -d @localstatedir@/mail -a ! -k @localstatedir@/mail ]; then
+	chmod a+t @localstatedir@/mail;
+	fi;
+if [ -d @localstatedir@/spool/mail -a ! -k @localstatedir@/spool/mail ]; then
+	chmod a+t @localstatedir@/spool/mail;
+	fi;
+if [ ! -d @localstatedir@/spool/mail -a ! -L @localstatedir@/spool/mail ]; then
+	ln -sf ../mail @localstatedir@/spool/mail;
+	#mkdir @localstatedir@/spool/mail;
+	#chown root:root @localstatedir@/spool/mail;
+	#chmod 03775 @localstatedir@/spool/mail;
+	fi;
+
+#------------------------------------------------------------------------------
+# /etc/mail is where the Sendmail config files live
+if [ ! -d @sysconfdir@/mail ]; then
+	changed=1;
+	mkdir @sysconfdir@/mail;
+	fi;
+chown root:smmsp @sysconfdir@/mail;
+chmod 02755 @sysconfdir@/mail;
+#
+# With the MSP/MTA split, we don't want any g=w files or directories
+# to save us from potential sgid attacks
+find @sysconfdir@/mail -perm +g=w \( -type f -o -type d \) -print \
+	| xargs -r chmod g-w,o-w;
+
+#------------------------------------------------------------------------------
+# /var/run/sendmail is where we store pid files, control sockets, stamps, etc
+if [ ! -d @localstatedir@/run/sendmail ]; then
+	changed=1;
+	mkdir @localstatedir@/run/sendmail;
+	fi;
+chown root:smmsp @localstatedir@/run/sendmail;
+chmod 02750 @localstatedir@/run/sendmail;
+if [ ! -d @localstatedir@/run/sendmail/mta ]; then
+	mkdir @localstatedir@/run/sendmail/mta;
+	fi;
+chown root:smmsp @localstatedir@/run/sendmail/mta;
+chmod 02750 @localstatedir@/run/sendmail/mta;
+if [ ! -d @localstatedir@/run/sendmail/msp ]; then
+	mkdir @localstatedir@/run/sendmail/msp;
+	fi;
+chown smmsp:smmsp @localstatedir@/run/sendmail/msp;
+chmod 02770 @localstatedir@/run/sendmail/msp;
+if [ ! -d @localstatedir@/run/sendmail/stampdir ]; then
+	mkdir @localstatedir@/run/sendmail/stampdir;
+	fi;
+chown root:smmsp @localstatedir@/run/sendmail/stampdir;
+chmod 02770 @localstatedir@/run/sendmail/stampdir;
+#
+# Remove older files
+rm -f /var/run/sendmail.pid;
+rm -f /var/run/sendmail/sendmail.pid;
+rm -f /var/run/sendmail/smcontrol;
+
+#------------------------------------------------------------------------------
+# /var/lib/sendmail is where we stuff host status and sendmail.st
+# instead of the mail queue and  /etc/ (respectively)
+if [ ! -d @localstatedir@/lib/sendmail ]; then
+	changed=1;
+	mkdir @localstatedir@/lib/sendmail;
+	fi;
+chown root:smmsp @localstatedir@/lib/sendmail;
+chmod 02750 @localstatedir@/lib/sendmail;
+if [ -d /var/state/sendmail/host_status ]; then
+	changed=1;
+	echo "Moving /var/state/sendmail/host_status to /var/lib/sendmail/";
+	mv -f /var/state/sendmail/host_status \
+		@localstatedir@/lib/sendmail/host_status;
+	fi;
+if [ -d /var/sendmail/host_status ]; then
+	changed=1;
+	echo "Moving /var/sendmail/host_status to /var/lib/sendmail/";
+	mv -f /var/sendmail/host_status \
+		@localstatedir@/lib/sendmail/host_status;
+	fi;
+if [ ! -d @localstatedir@/lib/sendmail/host_status ]; then
+	mkdir @localstatedir@/lib/sendmail/host_status;
+	fi;
+chown root:smmsp @localstatedir@/lib/sendmail/host_status;
+chmod 02750 @localstatedir@/lib/sendmail/host_status;
+find @localstatedir@/lib/sendmail/host_status -type d -print \
+	| xargs -r chown root:smmsp;
+find @localstatedir@/lib/sendmail/host_status -type d -print \
+	| xargs -r chmod 02750;
+#
+# if sendmail.st doesn't exist, don't create it !
+if [ -f /var/log/sendmail.st ]; then
+	changed=1;
+	echo "Moving /var/log/sendmail.st to /var/lib/sendmail/";
+	mv /var/log/sendmail.st \
+		@localstatedir@/lib/sendmail/sendmail.st;
+	fi;
+if [ -f /var/sendmail/sendmail.st ]; then
+	changed=1;
+	echo "Moving /var/sendmail/sendmail.st to /var/lib/sendmail/";
+	mv /var/sendmail/sendmail.st \
+		@localstatedir@/lib/sendmail/sendmail.st;
+	fi;
+if [ -f @localstatedir@/lib/sendmail/sendmail.st ]; then
+	chown root:smmsp @localstatedir@/lib/sendmail/sendmail.st;
+	chmod 0640 @localstatedir@/lib/sendmail/sendmail.st;
+	if [ ! -f @localstatedir@/lib/sendmail/sm-client.st ]; then
+		touch @localstatedir@/lib/sendmail/sm-client.st;
+		fi;
+	fi;
+if [ -f @localstatedir@/lib/sendmail/sm-client.st ]; then
+	chown smmsp:smmsp @localstatedir@/lib/sendmail/sm-client.st;
+	chmod 0660 @localstatedir@/lib/sendmail/sm-client.st;
+	fi;
+if [ ! -f @localstatedir@/lib/sendmail/dead.letter ]; then
+	touch @localstatedir@/lib/sendmail/dead.letter;
+	fi;
+chown root:smmsp @localstatedir@/lib/sendmail/dead.letter;
+chmod 0660 @localstatedir@/lib/sendmail/dead.letter;
+#
+# Remove older files
+rm -rf /var/sendmail;
+rm -rf /var/state/sendmail;
+
+#------------------------------------------------------------------------------
+# /var/spool/mqueue is the MTA mail queue directory
+if [ ! -d @localstatedir@/spool/mqueue ]; then
+	changed=1;
+	mkdir @localstatedir@/spool/mqueue;
+	fi;
+chown root:smmsp @localstatedir@/spool/mqueue;
+chmod 02750 @localstatedir@/spool/mqueue;
+#
+# With the MSP/MTA split, we *DO* need g=r, gid=smmsp queue directories and
+# files mailq to work...
+find @localstatedir@/spool/mqueue -print \
+	| xargs -r chown root:smmsp;
+find @localstatedir@/spool/mqueue -type d -print \
+	| xargs -r chmod g+rxs-w,o-rwx;
+find @localstatedir@/spool/mqueue -type f -print \
+	| xargs -r chmod g+r-wx,o-rwx;
+
+#------------------------------------------------------------------------------
+# /var/spool/mqueue-client is the MSP mail queue directory
+if [ ! -d @localstatedir@/spool/mqueue-client ]; then
+	mkdir @localstatedir@/spool/mqueue-client;
+	fi;
+chown smmsp:smmsp @localstatedir@/spool/mqueue-client;
+chmod 02770 @localstatedir@/spool/mqueue-client;
+find @localstatedir@/spool/mqueue-client -perm +o=r -print \
+	| xargs -r chmod o-rwx;
+
+#------------------------------------------------------------------------------
+# /var/log/mail is where we keep our log crap (via syslog)
+# Try to fixup syslog, syslog-ng, etc...
+if [ ! -d @localstatedir@/log/mail -a \
+	 ! -f /var/log/mail ]; then
+	echo "Moving /var/log/mail.* to /var/log/mail/mail.*";
+	echo "You will need to adjust any log reading scripts accordingly";
+	mkdir @localstatedir@/log/mail;
+	chown root:smmsp @localstatedir@/log/mail;
+	chmod 02770 @localstatedir@/log/mail;
+	mv -f /var/log/mail.log @localstatedir@/log/mail/	\
+		1>/dev/null 2>&1;
+	mv -f /var/log/mail.log.[0-9]* @localstatedir@/log/mail/ \
+		 1>/dev/null 2>&1;
+	mv -f /var/log/mail.err @localstatedir@/log/mail/\
+		1>/dev/null 2>&1;
+	mv -f /var/log/mail.err.[0-9]* @localstatedir@/log/mail/ \
+		 1>/dev/null 2>&1;
+	mv -f /var/log/mail.info @localstatedir@/log/mail/ \
+		1>/dev/null 2>&1;
+	mv -f /var/log/mail.info.[0-9]* @localstatedir@/log/mail/ \
+		1>/dev/null 2>&1;
+	mv -f /var/log/mail.warn @localstatedir@/log/mail/ \
+		1>/dev/null 2>&1;
+	mv -f /var/log/mail.warn.[0-9]* @localstatedir@/log/mail/ \
+		1>/dev/null 2>&1;
+	# Create link for compatility with logscan package
+	ln -sf @localstatedir@/log/mail/mail.log /var/log/mail.log;
+	fi;
+#
+# Support for sysklogd package
+if [ -f /etc/syslog.conf ]; then
+	sed	-e "s?/var/log/mail.log?@localstatedir@/log/mail/mail.log?g" \
+		-e "s?/var/log/mail.err?@localstatedir@/log/mail/mail.err?g" \
+		-e "s?/var/log/mail.info?@localstatedir@/log/mail/mail.info?g" \
+		-e "s?/var/log/mail.warn?@localstatedir@/log/mail/mail.warn?g" \
+		/etc/syslog.conf > /etc/syslog.conf.new;
+	chown root:root /etc/syslog.conf.new;
+	chmod 0644 /etc/syslog.conf.new;
+	mv /etc/syslog.conf.new /etc/syslog.conf;
+	/etc/init.d/sysklogd reload;
+	fi;
+#
+# Support for syslog-ng package
+if [ -f /etc/syslog-ng/syslog-ng.conf ]; then
+	sed	-e "s?/var/log/mail.log?@localstatedir@/log/mail/mail.log?g" \
+		-e "s?/var/log/mail.err?@localstatedir@/log/mail/mail.err?g" \
+		-e "s?/var/log/mail.info?@localstatedir@/log/mail/mail.info?g" \
+		-e "s?/var/log/mail.warn?@localstatedir@/log/mail/mail.warn?g" \
+		/etc/syslog-ng/syslog-ng.conf > \
+		/etc/syslog-ng/syslog-ng.conf.new;
+	chown root:root /etc/syslog-ng/syslog-ng.conf.new;
+	chmod 0644 /etc/syslog-ng/syslog-ng.conf.new;
+	mv /etc/syslog-ng/syslog-ng.conf.new \
+		/etc/syslog-ng/syslog-ng.conf;
+	/etc/init.d/syslog-ng reload;
+	if [ -f /etc/logrotate.d/syslog-ng ]; then
+		sed -e '/\/var\/log\/mail\..*/{:a;N;/}\n/!ba;d;}' \
+			/etc/logrotate.d/syslog-ng > \
+			/etc/logrotate.d/syslog-ng.new;
+		chown root:root /etc/logrotate.d/syslog-ng.new;
+		chmod 0644 /etc/logrotate.d/syslog-ng.new;
+		mv /etc/logrotate.d/syslog-ng.new \
+			/etc/logrotate.d/syslog-ng;
+		true;
+		fi;
+	fi;
+
+#------------------------------------------------------------------------------
+exit $changed;