#5 tmpfiles configs contain RPM macros and config files have wrong permissions.
Opened 4 years ago by felfert. Modified 4 years ago

In all packages, the tmpfiles config contain RPM macros.
This does not work. The macros need to be expanded.

Furthermore, the config directory hierarchies for jitsi-videobridge and jicofo have owner and group reversed.

Furthermore, several config files (conatining secrets) are world-readable.

The above errors are fixed in jibri already, if #3 is merged.

The issue with missing write permission for jicofo in /etc/jicofo is neglectable.
I looked into the source and found out, that net.java.sip.communicator.impl.configuration.ConfigurationActivator
tries to "fix" permissions. It catches the resulting exception however and just logs
a very confusing error message (See here).


Fixed. Originally, all paths/users in config files were set via the specfile %prep, but I removed that (needlessly complicated). Apparently I forgot the tmpfiles config.

Metadata Update from @lcts:
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata Update from @felfert:
- Issue status updated to: Open (was: Closed)

4 years ago

There are still 2 of the problems I mentioned remaining:

  • the config directory hierarchies for jitsi-videobridge and jicofo have owner and > group reversed.
  • Furthermore, several config files (containing secrets) are world-readable.
ls -la /etc/jitsi-videobridge/ /etc/jitsi-meet/ /etc/jicofo/
/etc/jicofo/:
total 24
drwx------.  2 jicofo root   81 Feb  9 08:15 .
drwxr-xr-x. 84 root   root 8192 Feb  9 11:27 ..
-rw-r--r--.  1 jicofo root 1010 Feb  8 09:46 config
-rw-r--r--.  1 jicofo root 2208 Feb  8 09:46 logging.properties
-rw-r--r--.  1 jicofo root   67 Feb  8 09:46 sip-communicator.properties

/etc/jitsi-meet/:
total 56
drwxr-xr-x.  2 root root    75 Feb  9 08:15 .
drwxr-xr-x. 84 root root  8192 Feb  9 11:27 ..
-rw-r--r--.  1 root root 27439 Feb  8 09:48 config.js
-rw-r--r--.  1 root root  9468 Feb  8 09:48 interface_config.js
-rw-r--r--.  1 root root   950 Feb  8 09:48 logging_config.js

/etc/jitsi-videobridge/:
total 32
drwx------.  2 jvb  root  138 Feb  9 08:15 .
drwxr-xr-x. 84 root root 8192 Feb  9 11:27 ..
-rw-r--r--.  1 jvb  root  183 Feb  8 09:46 callstats-java-sdk.properties
-rw-r--r--.  1 jvb  root 1472 Feb  8 09:46 jvb.conf
-rw-r--r--.  1 jvb  root 1058 Feb  8 09:46 log4j2.xml
-rw-r--r--.  1 jvb  root 1956 Feb  8 09:46 logging.properties
-rw-r--r--.  1 jvb  root  459 Feb  8 09:46 sip-communicator.properties

Metadata Update from @felfert:
- Issue assigned to felfert

4 years ago

Log in to comment on this ticket.

Metadata