#!/bin/sh

set -e

if [ "$1" = "configure" ]
then

if dpkg-statoverride --list /lib/systemd-cron/crontab_setgid > /dev/null ; then
    dpkg-statoverride --remove /lib/systemd-cron/crontab_setgid
fi

# Add group for crontabs
# -> line also in cron-daemon-common.postinst
#    but I don't want to take risks
getent group crontab > /dev/null 2>&1 || addgroup --system crontab

# Fixup crontab binary for new group 'crontab'.
if ! dpkg-statoverride --list /usr/libexec/systemd-cron/crontab_setgid > /dev/null ; then
    dpkg-statoverride --update --add root crontab 2755 /usr/libexec/systemd-cron/crontab_setgid
fi

# Remove leftover setgid bit from Vixie-cron
if dpkg-statoverride --list /usr/bin/crontab > /dev/null ; then
    dpkg-statoverride --remove /usr/bin/crontab
    chown root:root /usr/bin/crontab
    chmod 0755 /usr/bin/crontab
fi

# Fixup crontab, directory and files for new group 'crontab'
mkdir -p /var/spool/cron/crontabs
chown root:crontab /var/spool/cron/crontabs
chmod 1730 /var/spool/cron/crontabs

# remainder is now solely handled by cron-daemon-common.postinst
# to avoid problems such as CVE-2017-9525
fi


#DEBHELPER#
