From f86423feebd19a014e0a7590cd13ad43965c475b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-S=C3=A9bastien=20P=C3=A9dron?= Date: Tue, 12 Sep 2017 12:59:22 +0200 Subject: [PATCH] packaging: Set log directory permissions on fresh install On a fresh install, we want to limit access to the log directory to the owner and group. This is in case sensitive data are logged. We don't enforce the permissions on upgrade because: 1. We don't want to break exising installs by reducing permissions. 2. The admin may want to setup different permissions. References rabbitmq/rabbitmq-management#474. [#150970897] --- packaging/RPMS/Fedora/rabbitmq-server.spec | 18 ++++++++++++++++-- packaging/debs/Debian/debian/postinst | 16 ++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/packaging/RPMS/Fedora/rabbitmq-server.spec b/packaging/RPMS/Fedora/rabbitmq-server.spec index 2fdc70a894..27285dad62 100644 --- a/packaging/RPMS/Fedora/rabbitmq-server.spec +++ b/packaging/RPMS/Fedora/rabbitmq-server.spec @@ -103,6 +103,14 @@ find %{buildroot} -path "*%{_initrddir}*" -type f -printf "/%%P\n" >>%{_builddir %pre +# If the log directory exists, record its permissions so we can restore +# them after an upgrade. The goal is to set the permissions to 0750 on a +# fresh install but to keep permissions set by the user or a different +# default from a previous package. +if test -d /var/log/rabbitmq; then + stat --format '%a' /var/log/rabbitmq > /var/log/rabbitmq/permissions +fi + if [ $1 -gt 1 ]; then # Upgrade - stop previous instance of rabbitmq-server init.d (this # will also activate systemd if it was used) script. @@ -141,6 +149,13 @@ fi chmod -R o-rwx,g-w %{_localstatedir}/lib/rabbitmq/mnesia +# Restore permissions saved during %pre. See comment in %pre for the +# reason behind this. +if test -f /var/log/rabbitmq/permissions; then + chmod "$(cat /var/log/rabbitmq/permissions)" /var/log/rabbitmq + rm -f /var/log/rabbitmq/permissions +fi + # Update profile to enable autocompletion . /etc/profile @@ -203,9 +218,8 @@ systemctl try-restart %{name}.service >/dev/null 2>&1 || : %defattr(-,root,root,-) %attr(0755, rabbitmq, rabbitmq) %dir %{_localstatedir}/lib/rabbitmq %attr(0750, rabbitmq, rabbitmq) %dir %{_localstatedir}/lib/rabbitmq/mnesia -%attr(0755, rabbitmq, rabbitmq) %dir %{_localstatedir}/log/rabbitmq +%attr(0750, rabbitmq, rabbitmq) %dir %{_localstatedir}/log/rabbitmq %attr(2750, -, rabbitmq) %dir %{_sysconfdir}/rabbitmq - %{_sysconfdir}/profile.d/rabbitmqctl-autocomplete.sh %{_datarootdir}/zsh/vendor-functions/_enable_rabbitmqctl_completion diff --git a/packaging/debs/Debian/debian/postinst b/packaging/debs/Debian/debian/postinst index 099fe3cae6..7d8f5ce1f3 100644 --- a/packaging/debs/Debian/debian/postinst +++ b/packaging/debs/Debian/debian/postinst @@ -42,6 +42,22 @@ chmod -R o-rwx,g-w /var/lib/rabbitmq/mnesia case "$1" in configure) + if test -z "$2"; then + # This is a fresh install of the package. + + # On a fresh install, we want to limit permissions on the + # log directory to the owner and the group. Others won't + # have any access to log files: this is in case sensitive + # data are accidentally logged (like process crash data). + chmod 750 /var/log/rabbitmq + else + # The package was already configured: it's an upgrade over + # a previously installed version, or it's an install over + # a non-purged version (i.e. deinstalled but configuration + # files and data are still there). + true + fi + if [ -n "$ZSH_VERSION" ]; then echo "Z Shell detected. to enable rabbitmqctl autocompletion add the following to your .zshrc file: