#50941 Issue 50940 - Permissions of some shipped directories may change over time
Closed 3 years ago by spichugi. Opened 4 years ago by mhonek.
mhonek/389-ds-base fix-dirs-perms  into  389-ds-base-1.3.10

file modified
+7
@@ -689,6 +689,13 @@ 

  	ldap/admin/src/scripts/ds_selinux_port_query \

  	wrappers/ds_systemd_ask_password_acl

  

+ install-data-hook:

+ # Permissions of below directories would eventually be chmoded by setup tools.

+ 	chmod 775 $(DESTDIR)$(instconfigdir)

+ 	chmod 755 $(DESTDIR)$(configdir)

+ 	chmod 755 $(DESTDIR)$(schemadir)

+ 	chmod 775 $(DESTDIR)$(serverdir)

+ 

These permissions are not matching up with what you listed in the ticket. For example /etc/dirsrv (configdir), here you are setting it to 755, but in the ticket you said it should be set to 644. Am I missing something?

  if ENABLE_PERL

  sbin_SCRIPTS += ldap/admin/src/scripts/setup-ds.pl \

  	ldap/admin/src/scripts/migrate-ds.pl \

file modified
+2 -1
@@ -304,7 +304,8 @@ 

  

  mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}

  mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}

- mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname}

+ mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} \

+     && chmod 770 $RPM_BUILD_ROOT/var/lock/%{pkgname}

  

  # for systemd

  mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants

Bug Description:
Some utilities (e.g. installer, esp. setup-ds.pl) alter permissions of
some folders shipped by default. This is discoverable by running
rpm -V 389-ds-base after using these.

Fix Description:
Adjust make-generated permissions from the autotools/FHS defaults to the
target permissions.

/var/lock/dirsrv is shipped in SPEC file only, thus it is adjusted only there.

Related: https://pagure.io/389-ds-base/issue/50940

Author: Matus Honek mhonek@redhat.com

Review By: ???

These permissions are not matching up with what you listed in the ticket. For example /etc/dirsrv (configdir), here you are setting it to 755, but in the ticket you said it should be set to 644. Am I missing something?

The "should be" is what rpm -V thinks before the patch is applied. The patch brings the "actually is" to the "what rpm -V thinks" which is what the utilities make it eventually. Does it make sense?

The "should be" is what rpm -V thinks before the patch is applied. The patch brings the "actually is" to the "what rpm -V thinks" which is what the utilities make it eventually. Does it make sense?

Okay thanks for the explanation! LGTM

rebased onto 811db90

4 years ago

Pull-Request has been merged by mhonek

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3994

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi

3 years ago
Metadata