fix: remove linux-patch-api user from dpkg scripts, change ownership to root

- Remove user/group creation from preinst (service runs as root) - Change directory ownership to root:root in preinst and postinst - Remove user/group deletion from postrm - Service runs as root, no dedicated user needed
2026-05-03 02:29:06 +00:00
parent 64e7e787f5
commit 1dea4383f1
4 changed files with 29 additions and 34 deletions
--- a/debian/postinst
+++ b/debian/postinst
@ -13,14 +13,14 @@ if [ "$1" = "configure" ]; then
        echo "Creating default config.yaml..."
        cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml
        chmod 640 /etc/linux_patch_api/config.yaml
-        chown linux-patch-api:linux-patch-api /etc/linux_patch_api/config.yaml
+        chown root:root /etc/linux_patch_api/config.yaml
    fi
    
    if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then
        echo "Creating default whitelist.yaml..."
        cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml
        chmod 640 /etc/linux_patch_api/whitelist.yaml
-        chown linux-patch-api:linux-patch-api /etc/linux_patch_api/whitelist.yaml
+        chown root:root /etc/linux_patch_api/whitelist.yaml
    fi
    
    # Reload systemd daemon to pick up new service file
--- a/debian/postrm
+++ b/debian/postrm
@ -39,18 +39,6 @@ if [ "$1" = "purge" ]; then
        rm -rf /var/log/linux_patch_api
    fi
    
-    # Remove system user
-    if getent passwd linux-patch-api > /dev/null 2>&1; then
-        echo "Removing user linux-patch-api..."
-        userdel linux-patch-api 2>/dev/null || true
-    fi
-    
-    # Remove system group
-    if getent group linux-patch-api > /dev/null 2>&1; then
-        echo "Removing group linux-patch-api..."
-        groupdel linux-patch-api 2>/dev/null || true
-    fi
-    
    echo "linux-patch-api purged successfully"
 fi

--- a/debian/preinst
+++ b/debian/preinst
@ -9,31 +9,14 @@ if [ -d "/etc/linux_patch_api" ]; then
    echo "Detected existing installation - performing upgrade"
 fi

-# Create system user if it doesn't exist
-if ! getent group linux-patch-api > /dev/null 2>&1; then
-    echo "Creating group linux-patch-api..."
-    groupadd --system linux-patch-api
-fi
-
-if ! getent passwd linux-patch-api > /dev/null 2>&1; then
-    echo "Creating user linux-patch-api..."
-    useradd --system \
-        --gid linux-patch-api \
-        --home-dir /var/lib/linux_patch_api \
-        --no-create-home \
-        --shell /usr/sbin/nologin \
-        --comment "Linux Patch API Service" \
-        linux-patch-api
-fi
-
 # Create required directories
 mkdir -p /etc/linux_patch_api/certs
 mkdir -p /var/lib/linux_patch_api
 mkdir -p /var/log/linux_patch_api

-# Set proper ownership
-chown -R linux-patch-api:linux-patch-api /var/lib/linux_patch_api
-chown -R linux-patch-api:linux-patch-api /var/log/linux_patch_api
+# Set proper ownership (service runs as root)
+chown -R root:root /var/lib/linux_patch_api
+chown -R root:root /var/log/linux_patch_api

 # Set secure permissions
 chmod 750 /etc/linux_patch_api