Running daemon under nobody user is not recommended (Closes: #970045)

debian/control

@@ -19,6 +19,7 @@ Vcs-Browser: https://github.com/codership/galera
 Package: galera-4
 Architecture: any
 Section: libs
+Pre-Depends: adduser
 Depends: ${misc:Depends},
          ${shlibs:Depends}
 Conflicts: galera-3,

debian/galera-4.lintian-overrides

@@ -0,0 +1,15 @@
+#Teemu Ollakka Nov 17th, 2020:
+# SONAME is useful only for libraries which are intended to be linked
+# against, but not so much for libraries which are loaded dynamically
+# during runtime.
+#
+# Debian policy about shared libraries:
+# https://www.debian.org/doc/debian-policy/ch-sharedlibs.html
+#
+# "Shared libraries that are internal to a particular package or that are
+# only loaded as dynamic modules are not covered by this section and are
+# not subject to its requirements."
+#
+# This seems also be the approach CMake has taken, see for example
+# https://stackoverflow.com/a/42186654
+galera-4: sharedobject-in-library-directory-missing-soname [usr/lib/libgalera_smm.so]

debian/galera-4.preinst

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+set -o nounset
+set -o pipefail
+set -o posix
+
+# creating _galera user, note that the '_' (underscore) before the name of the
+# user is a recommendation from
+# https://www.debian.org/doc/debian-policy/ch-opersys.html#users-and-groups
+getent passwd _galera >/dev/null 2>&1 ||
+  adduser --system --no-create-home --home /nonexistent \
+    --disabled-password --disabled-login --force-badname _galera
+
+#DEBHELPER#

garb/files/garb.service

@@ -11,7 +11,7 @@ WantedBy=multi-user.target
 Alias=garbd.service
 
 [Service]
-User=nobody
+User=_galera
 ExecStart=/usr/bin/garb-systemd start
 
 # Use SIGINT because with the default SIGTERM

garb/files/garb.sh

@@ -49,7 +49,7 @@ program_start() {
 	local rcode
 	if [ -f /etc/redhat-release ]; then
 		echo -n $"Starting $prog: "
-		daemon --user nobody $prog "$@" >/dev/null
+		daemon --user _galera $prog "$@" >/dev/null
 		rcode=$?
 		if [ $rcode -eq 0 ]; then
 			pidof $prog > $PIDFILE || rcode=$?
@@ -58,7 +58,7 @@ program_start() {
 		echo
 	else
 		log_daemon_msg "Starting $prog: "
-		start-stop-daemon --start --quiet -c nobody --background \
+		start-stop-daemon --start --quiet -c _galera --background \
 		                  --exec $prog -- "$@"
 		rcode=$?
 		# Hack: sleep a bit to give garbd some time to fork