commit cb04b007d2cd7cd6c584e549f2c05bd48332d686
parent e523735b10d749c9c0f1e09b934b12d99869aac4
Author: Christian Grothoff <christian@grothoff.org>
Date: Thu, 30 Jan 2025 13:26:23 +0100
create new taler-exchange-kyc group with access to KYC configuration
Diffstat:
1 file changed, 12 insertions(+), 0 deletions(-)
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
@@ -5,8 +5,15 @@ set -e
. /usr/share/debconf/confmodule
TALER_HOME="/var/lib/taler-exchange"
+
+# Group with access to private key material
_GROUPNAME=taler-exchange-secmod
+# Group with access to our database
_DBGROUPNAME=taler-exchange-db
+# Group with access to KYC service configuration
+_KYCGROUPNAME=taler-exchange-kyc
+
+# Different users for the different components
_EUSERNAME=taler-exchange-httpd
_CLOSERUSERNAME=taler-exchange-closer
_CSECUSERNAME=taler-exchange-secmod-cs
@@ -26,11 +33,15 @@ configure)
if ! getent group ${_DBGROUPNAME} >/dev/null; then
addgroup --quiet --system ${_DBGROUPNAME}
fi
+ if ! getent group ${_KYCGROUPNAME} >/dev/null; then
+ addgroup --quiet --system ${_KYCGROUPNAME}
+ fi
# Create taler users if needed
if ! getent passwd ${_EUSERNAME} >/dev/null; then
adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_EUSERNAME}
adduser --quiet ${_EUSERNAME} ${_DBGROUPNAME}
+ adduser --quiet ${_EUSERNAME} ${_KYCGROUPNAME}
adduser --quiet ${_EUSERNAME} ${_GROUPNAME}
fi
if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
@@ -52,6 +63,7 @@ configure)
fi
if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then
adduser --quiet --system --no-create-home --home ${TALER_HOME} ${_AGGRUSERNAME}
+ adduser --quiet ${_AGGRUSERNAME} ${_KYCGROUPNAME}
adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
fi
if ! getent passwd ${_EXPIUSERNAME} >/dev/null; then
