#!/bin/sh
#-----------------------------------------------------------------------------
#
# $Sendmail: update_sys,v 8.12.3 2004-09-13 10:36:48 cowboy Exp $
#
# Update system files used by Sendmail for Debian
#
# Copyright (c) 2001-2003 Richard Nelson.  All Rights Reserved.
#
# Notes (to all):
#	* Several directories/files have their permissions forced...
#	  This is done to allow the MSP/MTA split
#	* This exec runs 'set +e' to ignore errors!!! this is done to
#	  support those running NFS (or similiar) systems, where the
#	  chmod/chown may fail - If this happens, you'll need to update
#	  those items by hand !
#
# Notes (to self):
#	*
#
#-----------------------------------------------------------------------------
set +e;

# flag used to indicate a dataset has been moved, may need another update
changed=0;

#------------------------------------------------------------------------------
# Create any needed directories, and move any prior data to its new home

#------------------------------------------------------------------------------
# /etc/aliases should exist, though not owned by sendmail, we'll create one
if [ ! -e /etc/aliases ]; then
	changed=1;
	if [ -f /usr/share/doc/sendmail/examples/db/aliases ]; then
		echo "Creating /etc/aliases (not found)";
		cp /usr/share/sendmail/examples/db/aliases \
			/etc/aliases;
	else
		touch /etc/aliases;
		fi;
	chown root:root /etc/aliases;
	chmod 0644 /etc/aliases;
	fi;

#------------------------------------------------------------------------------
# /var/mail is the FHS user mail location, /var/spool/mail is older
#	Note: we set the sticky bit to prevent a sgid exploit from erasing files
if [ ! -e /var/mail ]; then
	changed=1;
	if [ -L /var/spool/mail ]; then
		ln -sf spool/mail /var/mail;
	elif [ -d /var/spool/mail ]; then
		mv /var/spool/mail /var/mail;
		chown root:root /var/mail;
		chmod 03775 /var/mail;
	else
		mkdir /var/mail;
		chown root:root /var/mail;
		chmod 03775 /var/mail;
		fi;
	fi;
#
# Make sure the sticky bit is set in pre-existing directories
if [ -d /var/mail -a ! -k /var/mail ]; then
	chmod a+t /var/mail;
	fi;
if [ -d /var/spool/mail -a ! -k /var/spool/mail ]; then
	chmod a+t /var/spool/mail;
	fi;
if [ ! -d /var/spool/mail -a ! -L /var/spool/mail ]; then
	ln -sf ../mail /var/spool/mail;
	#mkdir /var/spool/mail;
	#chown root:root /var/spool/mail;
	#chmod 03775 /var/spool/mail;
	fi;

#------------------------------------------------------------------------------
# /etc/mail is where the Sendmail config files live
if [ ! -d /etc/mail ]; then
	changed=1;
	mkdir /etc/mail;
	fi;
chown root:smmsp /etc/mail;
chmod 02755 /etc/mail;
#
# With the MSP/MTA split, we don't want any g=w files or directories
# to save us from potential sgid attacks
find /etc/mail -perm +g=w \( -type f -o -type d \) -print \
	| xargs -r chmod g-w,o-w;

#------------------------------------------------------------------------------
# /var/run/sendmail is where we store pid files, control sockets, stamps, etc
if [ ! -d /var/run/sendmail ]; then
	changed=1;
	mkdir /var/run/sendmail;
	fi;
chown root:smmsp /var/run/sendmail;
chmod 02750 /var/run/sendmail;
if [ ! -d /var/run/sendmail/mta ]; then
	mkdir /var/run/sendmail/mta;
	fi;
chown root:smmsp /var/run/sendmail/mta;
chmod 02750 /var/run/sendmail/mta;
if [ ! -d /var/run/sendmail/msp ]; then
	mkdir /var/run/sendmail/msp;
	fi;
chown smmsp:smmsp /var/run/sendmail/msp;
chmod 02770 /var/run/sendmail/msp;
if [ ! -d /var/run/sendmail/stampdir ]; then
	mkdir /var/run/sendmail/stampdir;
	fi;
chown root:smmsp /var/run/sendmail/stampdir;
chmod 02770 /var/run/sendmail/stampdir;
#
# Remove older files
rm -f /var/run/sendmail.pid;
rm -f /var/run/sendmail/sendmail.pid;
rm -f /var/run/sendmail/smcontrol;

#------------------------------------------------------------------------------
# /var/lib/sendmail is where we stuff host status and sendmail.st
# instead of the mail queue and  /etc/ (respectively)
if [ ! -d /var/lib/sendmail ]; then
	changed=1;
	mkdir /var/lib/sendmail;
	fi;
chown root:smmsp /var/lib/sendmail;
chmod 02750 /var/lib/sendmail;
if [ -d /var/state/sendmail/host_status ]; then
	changed=1;
	echo "Moving /var/state/sendmail/host_status to /var/lib/sendmail/";
	mv -f /var/state/sendmail/host_status \
		/var/lib/sendmail/host_status;
	fi;
if [ -d /var/sendmail/host_status ]; then
	changed=1;
	echo "Moving /var/sendmail/host_status to /var/lib/sendmail/";
	mv -f /var/sendmail/host_status \
		/var/lib/sendmail/host_status;
	fi;
if [ ! -d /var/lib/sendmail/host_status ]; then
	mkdir /var/lib/sendmail/host_status;
	fi;
chown root:smmsp /var/lib/sendmail/host_status;
chmod 02750 /var/lib/sendmail/host_status;
find /var/lib/sendmail/host_status -type d -print \
	| xargs -r chown root:smmsp;
find /var/lib/sendmail/host_status -type d -print \
	| xargs -r chmod 02750;
#
# if sendmail.st doesn't exist, don't create it !
if [ -f /var/log/sendmail.st ]; then
	changed=1;
	echo "Moving /var/log/sendmail.st to /var/lib/sendmail/";
	mv /var/log/sendmail.st \
		/var/lib/sendmail/sendmail.st;
	fi;
if [ -f /var/sendmail/sendmail.st ]; then
	changed=1;
	echo "Moving /var/sendmail/sendmail.st to /var/lib/sendmail/";
	mv /var/sendmail/sendmail.st \
		/var/lib/sendmail/sendmail.st;
	fi;
if [ -f /var/lib/sendmail/sendmail.st ]; then
	chown root:smmsp /var/lib/sendmail/sendmail.st;
	chmod 0640 /var/lib/sendmail/sendmail.st;
	if [ ! -f /var/lib/sendmail/sm-client.st ]; then
		touch /var/lib/sendmail/sm-client.st;
		fi;
	fi;
if [ -f /var/lib/sendmail/sm-client.st ]; then
	chown smmsp:smmsp /var/lib/sendmail/sm-client.st;
	chmod 0660 /var/lib/sendmail/sm-client.st;
	fi;
if [ ! -f /var/lib/sendmail/dead.letter ]; then
	touch /var/lib/sendmail/dead.letter;
	fi;
chown root:smmsp /var/lib/sendmail/dead.letter;
chmod 0660 /var/lib/sendmail/dead.letter;
#
# Remove older files
rm -rf /var/sendmail;
rm -rf /var/state/sendmail;

#------------------------------------------------------------------------------
# /var/spool/mqueue is the MTA mail queue directory
if [ ! -d /var/spool/mqueue ]; then
	changed=1;
	mkdir /var/spool/mqueue;
	fi;
chown root:smmsp /var/spool/mqueue;
chmod 02750 /var/spool/mqueue;
#
# With the MSP/MTA split, we *DO* need g=r, gid=smmsp queue directories and
# files mailq to work...
find /var/spool/mqueue -print \
	| xargs -r chown root:smmsp;
find /var/spool/mqueue -type d -print \
	| xargs -r chmod g+rxs-w,o-rwx;
find /var/spool/mqueue -type f -print \
	| xargs -r chmod g+r-wx,o-rwx;

#------------------------------------------------------------------------------
# /var/spool/mqueue-client is the MSP mail queue directory
if [ ! -d /var/spool/mqueue-client ]; then
	mkdir /var/spool/mqueue-client;
	fi;
chown smmsp:smmsp /var/spool/mqueue-client;
chmod 02770 /var/spool/mqueue-client;
find /var/spool/mqueue-client -perm +o=r -print \
	| xargs -r chmod o-rwx;

#------------------------------------------------------------------------------
# /var/log/mail is where we keep our log crap (via syslog)
# Try to fixup syslog, syslog-ng, etc...
if [ ! -d /var/log/mail -a \
	 ! -f /var/log/mail ]; then
	echo "Moving /var/log/mail.* to /var/log/mail/mail.*";
	echo "You will need to adjust any log reading scripts accordingly";
	mkdir /var/log/mail;
	chown root:smmsp /var/log/mail;
	chmod 02770 /var/log/mail;
	mv -f /var/log/mail.log /var/log/mail/	\
		1>/dev/null 2>&1;
	mv -f /var/log/mail.log.[0-9]* /var/log/mail/ \
		 1>/dev/null 2>&1;
	mv -f /var/log/mail.err /var/log/mail/\
		1>/dev/null 2>&1;
	mv -f /var/log/mail.err.[0-9]* /var/log/mail/ \
		 1>/dev/null 2>&1;
	mv -f /var/log/mail.info /var/log/mail/ \
		1>/dev/null 2>&1;
	mv -f /var/log/mail.info.[0-9]* /var/log/mail/ \
		1>/dev/null 2>&1;
	mv -f /var/log/mail.warn /var/log/mail/ \
		1>/dev/null 2>&1;
	mv -f /var/log/mail.warn.[0-9]* /var/log/mail/ \
		1>/dev/null 2>&1;
	# Create link for compatility with logscan package
	ln -sf /var/log/mail/mail.log /var/log/mail.log;
	fi;
#
# Support for sysklogd package
if [ -f /etc/syslog.conf ]; then
	sed	-e "s?/var/log/mail.log?/var/log/mail/mail.log?g" \
		-e "s?/var/log/mail.err?/var/log/mail/mail.err?g" \
		-e "s?/var/log/mail.info?/var/log/mail/mail.info?g" \
		-e "s?/var/log/mail.warn?/var/log/mail/mail.warn?g" \
		/etc/syslog.conf > /etc/syslog.conf.new;
	chown root:root /etc/syslog.conf.new;
	chmod 0644 /etc/syslog.conf.new;
	mv /etc/syslog.conf.new /etc/syslog.conf;
	/etc/init.d/sysklogd reload;
	fi;
#
# Support for syslog-ng package
if [ -f /etc/syslog-ng/syslog-ng.conf ]; then
	sed	-e "s?/var/log/mail.log?/var/log/mail/mail.log?g" \
		-e "s?/var/log/mail.err?/var/log/mail/mail.err?g" \
		-e "s?/var/log/mail.info?/var/log/mail/mail.info?g" \
		-e "s?/var/log/mail.warn?/var/log/mail/mail.warn?g" \
		/etc/syslog-ng/syslog-ng.conf > \
		/etc/syslog-ng/syslog-ng.conf.new;
	chown root:root /etc/syslog-ng/syslog-ng.conf.new;
	chmod 0644 /etc/syslog-ng/syslog-ng.conf.new;
	mv /etc/syslog-ng/syslog-ng.conf.new \
		/etc/syslog-ng/syslog-ng.conf;
	/etc/init.d/syslog-ng reload;
	if [ -f /etc/logrotate.d/syslog-ng ]; then
		sed -e '/\/var\/log\/mail\..*/{:a;N;/}\n/!ba;d;}' \
			/etc/logrotate.d/syslog-ng > \
			/etc/logrotate.d/syslog-ng.new;
		chown root:root /etc/logrotate.d/syslog-ng.new;
		chmod 0644 /etc/logrotate.d/syslog-ng.new;
		mv /etc/logrotate.d/syslog-ng.new \
			/etc/logrotate.d/syslog-ng;
		true;
		fi;
	fi;

#------------------------------------------------------------------------------
exit $changed;
