From 53d847615b270daf706373d65ac5f5d2101f36d9 Mon Sep 17 00:00:00 2001
From: Andrei Belov <defan@nginx.com>
Date: Thu, 17 Dec 2020 14:30:18 +0300
Subject: Packages: run non-privileged processes under "unit" user.

---
 pkg/deb/debian/unit.postinst | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'pkg/deb/debian/unit.postinst')

diff --git a/pkg/deb/debian/unit.postinst b/pkg/deb/debian/unit.postinst
index 76375a2b..8aa476b3 100755
--- a/pkg/deb/debian/unit.postinst
+++ b/pkg/deb/debian/unit.postinst
@@ -6,6 +6,40 @@ if [ "$1" != "configure" ]; then
     exit 0
 fi
 
+if [ -n "$2" ]; then
+    if dpkg --compare-versions "${2%%-*}" le "1.21.0"; then
+      cat <<BANNER
+----------------------------------------------------------------------
+
+WARNING:
+
+Since version 1.22.0, Unit's non-privileged processes run as unit:unit by
+default.  Review your system permissions and Unit configuration so apps and
+routes that relied on these processes running as nobody:nogroup stay working.
+
+More info: https://unit.nginx.org/installation/#official-packages
+
+----------------------------------------------------------------------
+BANNER
+    fi
+fi
+
+if ! getent group unit >/dev/null; then
+    addgroup --system unit >/dev/null
+fi
+
+if ! getent passwd unit >/dev/null; then
+    adduser \
+      --system \
+      --disabled-login \
+      --ingroup unit \
+      --no-create-home \
+      --home /nonexistent \
+      --gecos "unit user" \
+      --shell /bin/false \
+      unit >/dev/null
+fi
+
 #DEBHELPER#
 
 exit 0
-- 
cgit