contrib/systemd: run as osmocom user

Run the systemd service as osmocom user and group instead of root. Set
the StateDirectory and WorkingDirectory like we have it in other Osmocom
service files. Remove the ExecStartPre mkdir, as the directory now gets
created by postinst.

Related: OS#4107
Change-Id: I2c0c7f4b98300b3b0bb5b95013b51b6b60625b95
---
M contrib/systemd/osmo_dia2gsup.service
A debian/postinst
2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/contrib/systemd/osmo_dia2gsup.service b/contrib/systemd/osmo_dia2gsup.service
index 2ef737c..e3d092e 100644
--- a/contrib/systemd/osmo_dia2gsup.service
+++ b/contrib/systemd/osmo_dia2gsup.service
@@ -7,8 +7,11 @@
 [Service]
 Type=simple
 Restart=always
+StateDirectory=osmo_dia2gsup
+WorkingDirectory=%S/osmo_dia2gsup
+User=osmocom
+Group=osmocom
 Environment="HOME=/var/lib/osmo_dia2gsup"
-ExecStartPre=/usr/bin/mkdir -p /var/lib/osmo_dia2gsup
 ExecStart=/usr/bin/osmo-dia2gsup foreground
 RestartSec=2
 
diff --git a/debian/postinst b/debian/postinst
new file mode 100644
index 0000000..f9f64c8
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,30 @@
+#!/bin/sh -e
+case "$1" in
+	configure)
+		# Create the osmocom group and user (if it doesn't exist yet)
+		if ! getent group osmocom >/dev/null; then
+			groupadd --system osmocom
+		fi
+		if ! getent passwd osmocom >/dev/null; then
+			useradd \
+				--system \
+				--gid osmocom \
+				--home-dir /var/lib/osmocom \
+				--shell /sbin/nologin \
+				--comment "Open Source Mobile Communications" \
+				osmocom
+		fi
+
+		# Fix permissions of previous (root-owned) install (OS#4107)
+		chown osmocom:osmocom /etc/osmocom/osmo_dia2gsup.service
+		chmod 0660 /etc/osmocom/osmo_dia2gsup.service
+		chown root:osmocom /etc/osmocom
+		chmod 2775 /etc/osmocom
+		mkdir -p /var/lib/osmo_dia2gsup
+		chown -R osmocom:osmocom /var/lib/osmo_dia2gsup
+		;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#

