Ensure files created by RabbitMQ are not world-readable. Add gid bit to /var/log/rabbitmq to ensure sub-directories and files are group-id "adm"

2017-12-18 07:38:53 -08:00 · 2017-12-18 07:38:53 -08:00 · d630709ae7
parent ead58795ef
commit d630709ae7
3 changed files with 3 additions and 3 deletions
--- a/packaging/RPMS/Fedora/rabbitmq-server.service
+++ b/packaging/RPMS/Fedora/rabbitmq-server.service
@ -6,6 +6,7 @@ After=syslog.target network.target
 Type=notify
 User=rabbitmq
 Group=rabbitmq
+UMask=0027
 NotifyAccess=all
 TimeoutStartSec=3600
 # Un-comment this setting if you need to increase RabbitMQ's
--- a/packaging/debs/Debian/debian/postinst
+++ b/packaging/debs/Debian/debian/postinst
@ -49,7 +49,7 @@ case "$1" in
            # log directory to the owner and the group. Others won't
            # have any access to log files: this is in case sensitive
            # data are accidentally logged (like process crash data).
-            chmod 750 /var/log/rabbitmq
+            chmod 2750 /var/log/rabbitmq
        else
            # The package was already configured: it's an upgrade over
            # a previously installed version, or it's an install over
@ -80,5 +80,3 @@ esac
 #DEBHELPER#

 exit 0
-
-
--- a/packaging/debs/Debian/debian/rabbitmq-server.service
+++ b/packaging/debs/Debian/debian/rabbitmq-server.service
@ -8,6 +8,7 @@ Wants=network.target epmd@0.0.0.0.socket
 Type=notify
 User=rabbitmq
 Group=rabbitmq
+UMask=0027
 NotifyAccess=all
 TimeoutStartSec=3600
 # Un-comment this setting if you need to increase RabbitMQ's