From e51533955ff01d4a0514b9425c5f5ff358745633 Mon Sep 17 00:00:00 2001 From: Nicolas Perron Date: Fri, 4 Jul 2014 12:31:28 +0200 Subject: [PATCH] Fixes #5220 - Add more precise modes under configuration-repository --- rudder-webapp/SPECS/rudder-webapp.spec | 5 ++++- rudder-webapp/debian/postinst | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/rudder-webapp/SPECS/rudder-webapp.spec b/rudder-webapp/SPECS/rudder-webapp.spec index 8ac61b448..4c0ec66be 100644 --- a/rudder-webapp/SPECS/rudder-webapp.spec +++ b/rudder-webapp/SPECS/rudder-webapp.spec @@ -391,7 +391,10 @@ fi # Adjust permissions on /var/rudder/configuration-repository chgrp -R %{config_repository_group} /var/rudder/configuration-repository -chmod -R 2770 /var/rudder/configuration-repository +## Add execution permission for ncf-api only on directories and files with user execution permission +chmod -R u+rwX,g+rwsX %{ruddervardir}/configuration-repository/{ncf,techniques} +## Add execution permission for ncf-apo on pre/post-hooks +chmod -R 2770 %{ruddervardir}/configuration-repository/ncf/ncf-hooks.d/ # Create a symlink to the Jetty context if necessary if [ -d "%{rudderdir}/jetty7/contexts" ]; then diff --git a/rudder-webapp/debian/postinst b/rudder-webapp/debian/postinst index d714189e9..fb34f5ef0 100644 --- a/rudder-webapp/debian/postinst +++ b/rudder-webapp/debian/postinst @@ -127,7 +127,11 @@ case "$1" in # Adjust permissions on /var/rudder/configuration-repository chgrp -R rudder /var/rudder/configuration-repository - chmod -R 2770 /var/rudder/configuration-repository + ## Add execution permission for ncf-api only on directories and files with user execution permission + chmod -R u+rwX,g+rwsX /var/rudder/configuration-repository/{ncf,techniques} + ## Add execution permission for ncf-apo on pre/post-hooks + chmod -R 2770 /var/rudder/configuration-repository/ncf/ncf-hooks.d/ + # Only for Ubuntu: ## Change rsyslog port number since Ubuntu 12.04 doesn't allow to use standard