#!/bin/sh
set -e

case "$1" in
    configure)
	[ -f /etc/default/tomcat6 ] && . /etc/default/tomcat6
	[ -z "$TOMCAT6_USER" ] && TOMCAT6_USER="tomcat6"
	[ -z "$TOMCAT6_GROUP" ] && TOMCAT6_GROUP="tomcat6"
	if ! getent group "$TOMCAT6_GROUP" > /dev/null 2>&1 ; then
	    addgroup --system "$TOMCAT6_GROUP" --quiet
	fi
	if ! id $TOMCAT6_USER > /dev/null 2>&1 ; then
	    adduser --system --home /usr/share/tomcat6 --no-create-home \
		--ingroup "$TOMCAT6_GROUP" --disabled-password --shell /bin/false \
		"$TOMCAT6_USER"
	fi
	chown -R $TOMCAT6_USER:adm /var/log/tomcat6 /var/cache/tomcat6
	chmod 750 /var/log/tomcat6 /var/cache/tomcat6
	# configuration files should not be modifiable by tomcat6 user, as this can be a security issue
	# (an attacker may insert code in a webapp and have access to all tomcat configuration)
	# but those files should be readable by tomcat6, so we set the group to tomcat6
	chown -Rh root:$TOMCAT6_GROUP /etc/tomcat6/*
	chmod 640 /etc/tomcat6/tomcat-users.xml
	chown -Rh $TOMCAT6_USER:$TOMCAT6_GROUP /var/lib/tomcat6/webapps /var/lib/tomcat6/common /var/lib/tomcat6/server /var/lib/tomcat6/shared
	chmod 775 /var/lib/tomcat6/webapps
	chmod 775 /etc/tomcat6/Catalina /etc/tomcat6/Catalina/localhost

	# Authorize user tomcat6 to open privileged ports via authbind.
	TOMCAT_UID="`id -u $TOMCAT6_USER`"
	if [ ! -f "/etc/authbind/byuid/$TOMCAT_UID" ]; then
		if [ ! -d "/etc/authbind/byuid" ]; then
			mkdir -p /etc/authbind/byuid
			chmod 755 /etc/authbind
			chmod 755 /etc/authbind/byuid
		fi
		echo '0.0.0.0/32:1,1023' >/etc/authbind/byuid/$TOMCAT_UID
		chown $TOMCAT6_USER:$TOMCAT6_GROUP /etc/authbind/byuid/$TOMCAT_UID
		chmod 700 /etc/authbind/byuid/$TOMCAT_UID
	fi
    ;;
esac

if [ ! -d /var/lib/tomcat6/webapps/ROOT ]; then
    cp -r /usr/share/tomcat6/webapps/default_root /var/lib/tomcat6/webapps/ROOT
fi

# Automatically added by dh_installinit
if [ -x "/etc/init.d/tomcat6" ]; then
	update-rc.d tomcat6 defaults 92 08 >/dev/null
	if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
		invoke-rc.d tomcat6 start || true
	else
		/etc/init.d/tomcat6 start || true
	fi
fi
# End automatically added section