From d630709ae7c81c59d0160ca74955a677f9994668 Mon Sep 17 00:00:00 2001
From: Luke Bakken <lbakken@pivotal.io>
Date: Mon, 18 Dec 2017 07:38:53 -0800
Subject: [PATCH] Ensure files created by RabbitMQ are not world-readable. Add
 gid bit to /var/log/rabbitmq to ensure sub-directories and files are group-id
 "adm"

---
 packaging/RPMS/Fedora/rabbitmq-server.service        | 1 +
 packaging/debs/Debian/debian/postinst                | 4 +---
 packaging/debs/Debian/debian/rabbitmq-server.service | 1 +
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packaging/RPMS/Fedora/rabbitmq-server.service b/packaging/RPMS/Fedora/rabbitmq-server.service
index 8304c35cf4..0883893d8e 100644
--- a/packaging/RPMS/Fedora/rabbitmq-server.service
+++ b/packaging/RPMS/Fedora/rabbitmq-server.service
@@ -6,6 +6,7 @@ After=syslog.target network.target
 Type=notify
 User=rabbitmq
 Group=rabbitmq
+UMask=0027
 NotifyAccess=all
 TimeoutStartSec=3600
 # Un-comment this setting if you need to increase RabbitMQ's
diff --git a/packaging/debs/Debian/debian/postinst b/packaging/debs/Debian/debian/postinst
index 1dac91a548..2ee220667d 100644
--- a/packaging/debs/Debian/debian/postinst
+++ b/packaging/debs/Debian/debian/postinst
@@ -49,7 +49,7 @@ case "$1" in
             # log directory to the owner and the group. Others won't
             # have any access to log files: this is in case sensitive
             # data are accidentally logged (like process crash data).
-            chmod 750 /var/log/rabbitmq
+            chmod 2750 /var/log/rabbitmq
         else
             # The package was already configured: it's an upgrade over
             # a previously installed version, or it's an install over
@@ -80,5 +80,3 @@ esac
 #DEBHELPER#
 
 exit 0
-
-
diff --git a/packaging/debs/Debian/debian/rabbitmq-server.service b/packaging/debs/Debian/debian/rabbitmq-server.service
index 3f6fbb17df..39cc46aaf0 100644
--- a/packaging/debs/Debian/debian/rabbitmq-server.service
+++ b/packaging/debs/Debian/debian/rabbitmq-server.service
@@ -8,6 +8,7 @@ Wants=network.target epmd@0.0.0.0.socket
 Type=notify
 User=rabbitmq
 Group=rabbitmq
+UMask=0027
 NotifyAccess=all
 TimeoutStartSec=3600
 # Un-comment this setting if you need to increase RabbitMQ's