#!/bin/sh
# awstats_debian_tweak -- use a sensible security model for awstats

set -e

# create a user with UID such that it can write to /var/lib/awstats (see below)
# and GID such that it can read the Apache logs
adduser --system --home=/var/lib/awstats --no-create-home --ingroup=adm awstats

# make /var/lib/awstats owned & writable by the new user, with the original
# permissions (drwxr-x---) and group, and remember these settings across
# package upgrades
chown awstats /var/lib/awstats
dpkg-statoverride --add awstats www-data 750 /var/lib/awstats

# patch /etc/logrotate.d/apache2 so that it runs awstats-update before rotation
(cd /etc/logrotate.d && patch -p0) < apache2.logrotate.patch

# == install files ==
install --verbose --mode=644 apache/awstats.conf /etc/apache2/conf.d
# save the old cron file and install a replacement
# (this file runs the Debian awstats-update script supplied in the package's
# examples directory, as user awstats)
if [ ! -e /root/awstats.cron.d.dist ] ; then
  cp -p /etc/cron.d/awstats /root/awstats.cron.d.dist
fi
install --verbose --mode=644 awstats.cron.d /etc/cron.d/awstats