diff options
| author | Guido Berhoerster <guido+freiesoftware@berhoerster.name> | 2023-09-04 11:55:17 +0200 |
|---|---|---|
| committer | Mike Gabriel <sunweaver@debian.org> | 2023-09-07 18:45:35 +0000 |
| commit | 0b635dd527763704c45cc319790c3f69234d1669 (patch) | |
| tree | fe31bc52e0548c38e9438e79dd37b597290d40cf /debian | |
| parent | bcc14195565f8244ede8a60afa98beb028fda62c (diff) | |
| download | debian-edu-fai+itzks-0b635dd527763704c45cc319790c3f69234d1669.tar.gz debian-edu-fai+itzks-0b635dd527763704c45cc319790c3f69234d1669.tar.bz2 debian-edu-fai+itzks-0b635dd527763704c45cc319790c3f69234d1669.zip | |
Ensure debian-edu-fai.conf is not world-readable
It contains password hashes for the root account of installed clients so like
/etc/shadow it should not be world readable.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/lintian-overrides | 2 | ||||
| -rwxr-xr-x | debian/postinst | 5 | ||||
| -rwxr-xr-x | debian/rules | 5 |
3 files changed, 12 insertions, 0 deletions
diff --git a/debian/lintian-overrides b/debian/lintian-overrides new file mode 100644 index 0000000..fb8c36a --- /dev/null +++ b/debian/lintian-overrides @@ -0,0 +1,2 @@ +# 06400 permission of etc/debian-edu/debian-edu-fai.conf due to password hashes +non-standard-file-perm 0640 != 0644 [etc/debian-edu/debian-edu-fai.conf] diff --git a/debian/postinst b/debian/postinst index 484f3e2..e0c3681 100755 --- a/debian/postinst +++ b/debian/postinst @@ -29,6 +29,11 @@ case "${1}" in --home /var/log/fai/client-logs \ --disabled-password --shell /bin/bash fai fi + + ## + ## fix permissions on upgrade + ## + chmod 640 /etc/debian-edu/debian-edu-fai.conf ;; 'abort-upgrade'|'abort-remove'|'abort-deconfigure') ;; diff --git a/debian/rules b/debian/rules index 955dd78..660b429 100755 --- a/debian/rules +++ b/debian/rules @@ -11,3 +11,8 @@ %: dh $@ + +override_dh_fixperms: + dh_fixperms + # contains password hashes + chmod 640 debian/debian-edu-fai/etc/debian-edu/debian-edu-fai.conf |