contrib/systemd: run as osmocom user

I have verified that with AmbientCapabilities=CAP_SYS_NICE, setting
scheduling policy as described in the manual still works as expected.

Related: OS#4107
Change-Id: I37be0dd4df012047a495235195912bd06ad2423d

contrib/systemd/osmo-bts-trx.service

@@ -10,6 +10,9 @@ StateDirectory=osmocom
 WorkingDirectory=%S/osmocom
 Restart=always
 RestartSec=2
+User=osmocom
+Group=osmocom
+AmbientCapabilities=CAP_SYS_NICE
 
 # CPU scheduling policy:
 CPUSchedulingPolicy=rr

contrib/systemd/osmo-bts-virtual.service

@@ -10,6 +10,9 @@ StateDirectory=osmocom
 WorkingDirectory=%S/osmocom
 Restart=always
 RestartSec=2
+User=osmocom
+Group=osmocom
+AmbientCapabilities=CAP_SYS_NICE
 
 # CPU scheduling policy:
 CPUSchedulingPolicy=rr

debian/osmo-bts-trx.postinst

@@ -0,0 +1,39 @@
+#!/bin/sh -e
+case "$1" in
+	configure)
+		# Create the osmocom group and user (if it doesn't exist yet)
+		if ! getent group osmocom >/dev/null; then
+			groupadd --system osmocom
+		fi
+		if ! getent passwd osmocom >/dev/null; then
+			useradd \
+				--system \
+				--gid osmocom \
+				--home-dir /var/lib/osmocom \
+				--shell /sbin/nologin \
+				--comment "Open Source Mobile Communications" \
+				osmocom
+		fi
+
+		# Fix permissions of previous (root-owned) install (OS#4107)
+		if dpkg --compare-versions "$2" le "1.13.0"; then
+			if [ -e /etc/osmocom/osmo-bts-trx.cfg ]; then
+				chown -v osmocom:osmocom /etc/osmocom/osmo-bts-trx.cfg
+				chmod -v 0660 /etc/osmocom/osmo-bts-trx.cfg
+			fi
+
+			if [ -d /etc/osmocom ]; then
+				chown -v root:osmocom /etc/osmocom
+				chmod -v 2775 /etc/osmocom
+			fi
+
+			mkdir -p /var/lib/osmocom
+			chown -R -v osmocom:osmocom /var/lib/osmocom
+		fi
+		;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#
+

debian/osmo-bts-virtual.postinst

@@ -0,0 +1,39 @@
+#!/bin/sh -e
+case "$1" in
+	configure)
+		# Create the osmocom group and user (if it doesn't exist yet)
+		if ! getent group osmocom >/dev/null; then
+			groupadd --system osmocom
+		fi
+		if ! getent passwd osmocom >/dev/null; then
+			useradd \
+				--system \
+				--gid osmocom \
+				--home-dir /var/lib/osmocom \
+				--shell /sbin/nologin \
+				--comment "Open Source Mobile Communications" \
+				osmocom
+		fi
+
+		# Fix permissions of previous (root-owned) install (OS#4107)
+		if dpkg --compare-versions "$2" le "1.13.0"; then
+			if [ -e /etc/osmocom/osmo-bts-virtual.cfg ]; then
+				chown -v osmocom:osmocom /etc/osmocom/osmo-bts-virtual.cfg
+				chmod -v 0660 /etc/osmocom/osmo-bts-virtual.cfg
+			fi
+
+			if [ -d /etc/osmocom ]; then
+				chown -v root:osmocom /etc/osmocom
+				chmod -v 2775 /etc/osmocom
+			fi
+
+			mkdir -p /var/lib/osmocom
+			chown -R -v osmocom:osmocom /var/lib/osmocom
+		fi
+		;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#
+