#!/bin/bash

set -eu

bindir=/usr/bin

if [ "$1" = "configure" ];
then
    # Create user and groups if they don't exist
    if ! getent group _cado > /dev/null 2>&1 && \
        ! getent passwd _cado > /dev/null 2>&1 ; then
        adduser --system \
            --home /nonexistent \
            --no-create-home \
            --quiet \
            --disabled-password \
            --shell /bin/false \
            --force-badname \
            --group _cado
    elif ! getent passwd _cado > /dev/null 2>&1 ; then
        adduser --system \
            --home /nonexistent \
            --no-create-home \
            --quiet \
            --disabled-password \
            --shell /bin/false \
            --force-badname \
            --ingroup _cado _cado
    else
        addgroup --system \
        --quiet \
        --force-badname _cado
        adduser _cado _cado
    fi

    mkdir -p /var/spool/cado
    if ! dpkg-statoverride --list /var/spool/cado ; then
        chown root:_cado /var/spool/cado
        chmod 4770 /var/spool/cado
    fi
    if ! dpkg-statoverride --list $bindir/scado ; then
        chown :_cado ${bindir}/scado
        chmod g+s ${bindir}/scado
    fi
    if ! dpkg-statoverride --list $bindir/cado ; then
        chown _cado: ${bindir}/cado
        chmod u+s ${bindir}/cado
    fi
    # configure the minimal set of capabilities for cado itself to run
    ${bindir}/cado --setcap > /dev/null 2>&1
fi


exit 0