Debian packaging: explicitly allocate a group for the system user (#13593)

Otherwise the files of the synapse user are readable by the nobody user, which is unsafe. Signed-off-by: Jörg Behrmann <behrmann@physik.fu-berlin.de>

Debian packaging: explicitly allocate a group for the system user (#13593)
978666a0 · Jörg Behrmann · GitHub · d092e6f3 · 978666a0 · 978666a0
Unverified Commit 978666a0 authored 2 years ago by Jörg Behrmann Committed by GitHub 2 years ago
--- a/debian/changelog
+++ b/debian/changelog
+matrix-synapse-py3 (1.66.0~rc1+nmu1) UNRELEASED; urgency=medium
+  * Allocate a group for the system user.
+ -- Jörg Behrmann <behrmann@physik.fu-berlin.de>  Tue, 23 Aug 2022 17:17:00 +0100
 matrix-synapse-py3 (1.66.0~rc1) stable; urgency=medium
  * New Synapse release 1.66.0rc1.

--- a/debian/matrix-synapse-py3.postinst
+++ b/debian/matrix-synapse-py3.postinst
@@ -40,12 +40,12 @@ EOF
    /opt/venvs/matrix-synapse/lib/manage_debconf.pl update
    if ! getent passwd $USER >/dev/null; then
-      adduser --quiet --system --no-create-home --home /var/lib/matrix-synapse $USER
+      adduser --quiet --system --group --no-create-home --home /var/lib/matrix-synapse $USER
    fi
    for DIR in /var/lib/matrix-synapse /var/log/matrix-synapse /etc/matrix-synapse; do
      if ! dpkg-statoverride --list --quiet $DIR >/dev/null; then
-        dpkg-statoverride --force --quiet --update --add $USER nogroup 0755 $DIR
+        dpkg-statoverride --force --quiet --update --add $USER "$(id -gn $USER)" 0755 $DIR
      fi
    done