From b6bc835e41cc6a36964be1febb85bc751cf4594e Mon Sep 17 00:00:00 2001 From: fermin831 Date: Mon, 30 Apr 2018 16:22:52 +0200 Subject: [PATCH] Tentacle config file is readable to all users in all packages --- pandora_server/DEBIAN/postinst | 2 +- pandora_server/pandora_server.redhat.spec | 2 ++ pandora_server/pandora_server.spec | 2 ++ pandora_server/pandora_server_installer | 2 +- pandora_server/util/tentacle_serverd | 7 ------- 5 files changed, 6 insertions(+), 9 deletions(-) diff --git a/pandora_server/DEBIAN/postinst b/pandora_server/DEBIAN/postinst index 5118313a17..f25483eb62 100755 --- a/pandora_server/DEBIAN/postinst +++ b/pandora_server/DEBIAN/postinst @@ -83,7 +83,7 @@ fi if [ ! -e /etc/tentacle/tentacle_server.conf ] then cp /usr/share/tentacle_server/conf/tentacle_server.conf.new /etc/tentacle/tentacle_server.conf - chmod 600 /etc/tentacle/tentacle_server.conf + chmod 664 /etc/tentacle/tentacle_server.conf else cp /usr/share/tentacle_server/conf/tentacle_server.conf.new /etc/tentacle/tentacle_server.conf.new echo "Skipping creation of tentacle_server.conf: there is already one." diff --git a/pandora_server/pandora_server.redhat.spec b/pandora_server/pandora_server.redhat.spec index 5c8c0bf310..a8b0ab2d42 100644 --- a/pandora_server/pandora_server.redhat.spec +++ b/pandora_server/pandora_server.redhat.spec @@ -182,6 +182,8 @@ exit 0 %defattr(600,root,root) /etc/pandora/pandora_server.conf.new + +%defattr(664,root,root) /etc/tentacle/tentacle_server.conf.new %defattr(-,pandora,apache,2770) diff --git a/pandora_server/pandora_server.spec b/pandora_server/pandora_server.spec index 65f30c75c8..e553bfcf90 100644 --- a/pandora_server/pandora_server.spec +++ b/pandora_server/pandora_server.spec @@ -201,6 +201,8 @@ rm -Rf /usr/share/man/man1/tentacle_server.1.gz %defattr(-,pandora,root,750) /etc/pandora + +%defattr(-,pandora,root,754) /etc/tentacle %defattr(644,pandora,root) diff --git a/pandora_server/pandora_server_installer b/pandora_server/pandora_server_installer index 160e567fb1..ed8a4e577f 100755 --- a/pandora_server/pandora_server_installer +++ b/pandora_server/pandora_server_installer @@ -379,7 +379,7 @@ install () { else echo cp $TENTACLE_CFG_FILE_DIST $DESTDIR$TENTACLE_CFG_FILE cp $TENTACLE_CFG_FILE_DIST $DESTDIR$TENTACLE_CFG_FILE - chmod 770 $DESTDIR$TENTACLE_CFG_FILE + chmod 774 $DESTDIR$TENTACLE_CFG_FILE fi echo "Installing Tentacle Server manual" diff --git a/pandora_server/util/tentacle_serverd b/pandora_server/util/tentacle_serverd index 0c3fa7590d..0c0f35ff97 100755 --- a/pandora_server/util/tentacle_serverd +++ b/pandora_server/util/tentacle_serverd @@ -109,13 +109,6 @@ case "$1" in rc_exit # running start on a service already running fi - # Try to change the privileges of configuration file - chown $TENTACLE_USER $TENTACLE_CONFIG_FILE > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "Cannot change the owner of $TENTACLE_CONFIG_FILE configuration file to $TENTACLE_USER user." - rc_exit - fi - # Init the tentacle process sudo -u $TENTACLE_USER ${TENTACLE_PATH}$TENTACLE_DAEMON $TENTACLE_OPTS sleep 1