[pkg-bacula-commits] [bacula] 01/01: Change owner of /etc/bacula/bacula-sd.conf
Sven Hartge
hartge-guest at moszumanska.debian.org
Tue Sep 20 18:57:00 UTC 2016
This is an automated email from the git hooks/post-receive script.
hartge-guest pushed a commit to branch hardcode-users
in repository bacula.
commit bd85d1fdf8d7053305af4500151d16029c504862
Author: Sven Hartge <sven at svenhartge.de>
Date: Tue Sep 20 20:53:04 2016 +0200
Change owner of /etc/bacula/bacula-sd.conf
bacula-sd is no longer starting as root but already chuid()ed by
start-stop-daemon or systemd to bacula:tape. If the configuration has
the old permissions
-rw-r----- 1 root bacula bacula-sd.conf
it will not be able to read the file. Changing the owner to
bacula:bacula fixes this problem.
Changing the group to "tape" to match the run-tim group of bacula-sd
will allow any user in that group to read the credentials for bacula-sd
which may be a security flaw and should be avoided.
---
debian/bacula-sd.postinst | 4 +++-
debian/changelog | 3 +++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/debian/bacula-sd.postinst b/debian/bacula-sd.postinst
index db47d65..c615dd6 100644
--- a/debian/bacula-sd.postinst
+++ b/debian/bacula-sd.postinst
@@ -14,11 +14,13 @@ setup_etc_default bacula-sd $@
case "$1" in
configure)
if [ ! -f $TARGET ]; then
- install -m 640 -o root -g bacula $SRCDIR/$CONFIG $TARGET
+ install -m 640 -o bacula -g bacula $SRCDIR/$CONFIG $TARGET
sed -e s~@debian_hostname@~`hostname`~ \
-e s~XXX_SDPASSWORD_XXX~$SDPASSWD~ \
-e s~XXX_MONSDPASSWORD_XXX~$SDMPASSWD~ \
-i $TARGET
+ else
+ chown bacula:bacula $TARGET
fi
;;
esac
diff --git a/debian/changelog b/debian/changelog
index 9c44942..9a586b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,9 @@ bacula (7.4.3+dfsg-8) unstable; urgency=medium
generation which does not work if the daemon changes its
uid/git itself. (See Issue#1905 in Bacula-BTS and commit
39240129 and f085b9e9 in upstream git.)
+ * Change owner of /etc/bacula/bacula-sd.conf to bacula:bacula
+ bacula-sd needs to read it even if it is already running
+ as non-root user bacula.
-- Sven Hartge <sven at senhartge.de> Tue, 20 Sep 2016 20:18:32 +0200
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git
More information about the pkg-bacula-commits
mailing list