From 62dfbd067a64258bc0753fc81e04823138388031 Mon Sep 17 00:00:00 2001 From: davidcoutadeur Date: Tue, 3 Apr 2018 11:33:31 +0200 Subject: [PATCH] fix "Wrong permissions ownership of installed binaries" (references #10) + migration of slapd.default file --- .../debian/openldap-ltb-check-password.postinst | 3 +++ .../openldap-ltb-2.4.46/debian/openldap-ltb-ppm.postinst | 3 +++ .../openldap-ltb-2.4.46/debian/openldap-ltb.postinst | 7 +++++++ 3 files changed, 13 insertions(+) diff --git a/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb-check-password.postinst b/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb-check-password.postinst index 0bdc233..cd935f0 100755 --- a/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb-check-password.postinst +++ b/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb-check-password.postinst @@ -6,3 +6,6 @@ source $BASEDIR/openldap-ltb.vars # Change owner /bin/chown -R ${LDAPUSER}:${LDAPGROUP} "${LDAPSERVERDIR}/${_LIB}" + +/bin/chown -R root:${LDAPGROUP} ${LDAPSERVERDIR}/etc/openldap/check_password.conf +chmod 640 ${LDAPSERVERDIR}/etc/openldap/check_password.conf diff --git a/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb-ppm.postinst b/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb-ppm.postinst index 7436a31..529a3dc 100755 --- a/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb-ppm.postinst +++ b/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb-ppm.postinst @@ -8,6 +8,9 @@ source $BASEDIR/openldap-ltb.vars /bin/chown -R ${LDAPUSER}:${LDAPGROUP} "${LDAPSERVERDIR}/${_LIB}" /bin/chmod +x "${LDAPSERVERDIR}/${_LIB}/ppm_test" +/bin/chown -R root:${LDAPGROUP} ${LDAPSERVERDIR}/etc/openldap/ppm.conf +chmod 640 ${LDAPSERVERDIR}/etc/openldap/ppm.conf + # add path to PPM config file if not present grep -q -E "PPM_CONFIG_FILE" /etc/profile.d/openldap.sh || echo "export PPM_CONFIG_FILE='$PPM_CONF'" >> /etc/profile.d/openldap.sh diff --git a/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb.postinst b/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb.postinst index 4d8acbd..2fe94ff 100755 --- a/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb.postinst +++ b/debian/paquet-openldap-debian/openldap-ltb-2.4.46/debian/openldap-ltb.postinst @@ -24,6 +24,11 @@ fi #grep -q "${LDAPSERVERDIR}" /etc/ld.so.conf || echo "${LDAPSERVERDIR}/${_LIB}" >> /etc/ld.so.conf #/sbin/ldconfig +# If migrating to new initscript (+cli), migrate default/slapd to cli conf file +if [ -e "/etc/default/slapd" ]; then + mv /etc/default/slapd ${LDAPSERVERDIR}/etc/openldap/slapd-cli.conf +fi + # Create some dirs and change owner mkdir -p ${LDAPDATADIR} @@ -33,6 +38,8 @@ mkdir -p ${LDAPBACKUPDIR} /bin/chown -R ${LDAPUSER}:${LDAPGROUP} ${LDAPDATADIR} /bin/chown -R ${LDAPUSER}:${LDAPGROUP} ${LDAPLOGSDIR} /bin/chown -R ${LDAPUSER}:${LDAPGROUP} ${LDAPSERVERDIR}/var/run +/bin/chown -R root:${LDAPGROUP} ${LDAPSERVERDIR}/etc/openldap/slapd.conf +chmod 640 ${LDAPSERVERDIR}/etc/openldap/slapd.conf # Automatize init script