Use override instead of postinst files to fix permissions in Debian install
This commit is contained in:
parent
ecffae8b02
commit
1806c2770e
|
@ -17,8 +17,7 @@ db_input medium liblemonldap-ng-conf-perl/managerPassword || true
|
|||
|
||||
db_input medium liblemonldap-ng-conf-perl/portal || true
|
||||
|
||||
testversion=`echo $2|sed -e 's/^0\.9.*$/X/'`
|
||||
if [ "$testversion" = "X" ];then
|
||||
if dpkg --compare-versions $2 lt 1.0; then
|
||||
db_input high liblemonldap-ng-conf-perl/migrate || true
|
||||
fi
|
||||
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
# lemonldap-ng.ini must be readable by www-data but not by other (db passwords
|
||||
# can be set here
|
||||
liblemonldap-ng-conf-perl: non-standard-file-perm etc/lemonldap-ng/lemonldap-ng.ini 0640 != 0644
|
||||
# If file storage is used for configuration, DB passwords can be stored here
|
||||
# so this directory must not be readable by all
|
||||
liblemonldap-ng-conf-perl: non-standard-dir-perm var/lib/lemonldap-ng/conf/ 0750 != 0755
|
||||
# If file storage is used for configuration, later configuration files will be
|
||||
# in 0640 mode. So the first is adjusted so
|
||||
liblemonldap-ng-conf-perl: non-standard-file-perm var/lib/lemonldap-ng/conf/lmConf-1 0640 != 0644
|
||||
# If file storage is used for sessions, user passord may be stored in this
|
||||
# directory, so it must not be readable by all but must be writable by www-data
|
||||
liblemonldap-ng-conf-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/ 0770 != 0755
|
||||
liblemonldap-ng-conf-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/lock/ 0770 != 0755
|
|
@ -13,29 +13,23 @@ MIGRATION=/usr/share/lemonldap-ng/bin/lmMigrateConfFiles2ini
|
|||
|
||||
if [ "$1" == "configure" ]
|
||||
then
|
||||
chown www-data:www-data $SESSIONSDIR $SESSIONSDIR/lock \
|
||||
$CONFSTORAGEDIR $FIRSTCONFFILE
|
||||
chgrp www-data $LMINIFILE
|
||||
chmod 770 $SESSIONSDIR $SESSIONSDIR/lock
|
||||
chmod 750 $CONFSTORAGEDIR
|
||||
chmod 640 $CONFSTORAGEDIR/*
|
||||
chmod 640 $LMINIFILE
|
||||
|
||||
for i in domain ldapServer ldapPort ldapBase managerDn managerPassword portal; do
|
||||
db_get liblemonldap-ng-conf-perl/$i || true
|
||||
perl -000 -i -pe "s#^$i(\\n\\s+)('?)[^\\n]*?('?)\$#$i\${1}\${2}$RET\${3}#m" $FIRSTCONFFILE
|
||||
done
|
||||
|
||||
# Run migration script to convert menu format if old version is 0.9.*
|
||||
if dpkg --compare-versions $2 lt 1.0; then
|
||||
if [ -e $CONFDIR/storage.conf -o -e $CONFDIR/apply.conf -o -e $CONFDIR/apps-list.xml ] ; then
|
||||
db_get liblemonldap-ng-conf-perl/migrate
|
||||
if [ "$RET" ]; then
|
||||
$MIGRATION 2>&1 > /dev/null || :
|
||||
if [ "$2" != "" ]; then
|
||||
if dpkg --compare-versions $2 lt 1.0; then
|
||||
if [ -e $CONFDIR/storage.conf -o -e $CONFDIR/apply.conf -o -e $CONFDIR/apps-list.xml ] ; then
|
||||
db_get liblemonldap-ng-conf-perl/migrate
|
||||
if [ "$RET" ]; then
|
||||
$MIGRATION 2>&1 > /dev/null || :
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Maintainer: #DEBHELPER#
|
||||
#DEBHELPER#
|
||||
exit 0
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
# If file storage is used for sessions, user passord may be stored in this
|
||||
# directory, so it must not be readable by all but must be writable by www-data
|
||||
liblemonldap-ng-handler-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/ 0770 != 0755
|
||||
liblemonldap-ng-handler-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/lock/ 0770 != 0755
|
||||
|
|
@ -14,5 +14,5 @@ then
|
|||
rm -f /var/lib/lemonldap-ng/handler/MyHandler.pm
|
||||
fi
|
||||
|
||||
# Maintainer: #DEBHELPER#
|
||||
#DEBHELPER#
|
||||
exit 0
|
||||
|
|
|
@ -9,5 +9,5 @@ then
|
|||
db_purge
|
||||
fi
|
||||
|
||||
# Maintainer: #DEBHELPER#
|
||||
#DEBHELPER#
|
||||
exit 0
|
||||
|
|
|
@ -13,5 +13,5 @@ then
|
|||
fi
|
||||
fi
|
||||
|
||||
# Maintainer: #DEBHELPER#
|
||||
#DEBHELPER#
|
||||
exit 0
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
# If file storage is used for sessions, user passord may be stored in this
|
||||
# directory, so it must not be readable by all but must be writable by www-data
|
||||
liblemonldap-ng-portal-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/lock/ 0770 != 0755
|
||||
liblemonldap-ng-portal-perl: non-standard-dir-perm var/lib/lemonldap-ng/sessions/ 0770 != 0755
|
||||
|
|
@ -12,8 +12,7 @@ CAPTCHA_DIR=/var/lib/lemonldap-ng/portal/captcha_output
|
|||
if [ "$1" == "configure" ]
|
||||
then
|
||||
$BUILDPORTALWSDL > $WSDLFILE || true
|
||||
chown www-data:www-data $CAPTCHA_DIR
|
||||
fi
|
||||
|
||||
# Maintainer: #DEBHELPER#
|
||||
#DEBHELPER#
|
||||
exit 0
|
||||
|
|
|
@ -14,5 +14,5 @@ then
|
|||
rm -f /var/lib/lemonldap-ng/portal/portal.wsdl
|
||||
fi
|
||||
|
||||
# Maintainer: #DEBHELPER#
|
||||
#DEBHELPER#
|
||||
exit 0
|
||||
|
|
|
@ -13,5 +13,5 @@ then
|
|||
fi
|
||||
fi
|
||||
|
||||
# Maintainer: #DEBHELPER#
|
||||
#DEBHELPER#
|
||||
exit 0
|
||||
|
|
|
@ -51,3 +51,20 @@ override_dh_auto_install:
|
|||
override_dh_compress:
|
||||
dh_compress -X favicon.ico
|
||||
|
||||
# Fix lemonldap-ng dirs permissions and owner since dh_fixperms change them:
|
||||
# * global configuration dirs must be writable by www-data but not readable
|
||||
# by all (also sessions, captcha,... dirs)
|
||||
# * lemonldap-ng.ini must not be readable by all
|
||||
override_dh_fixperms:
|
||||
dh_fixperms
|
||||
chown www-data:www-data \
|
||||
debian/*/$(SESSIONSDIR) \
|
||||
debian/*/$(SESSIONSDIR)/lock \
|
||||
debian/liblemonldap-ng-conf-perl/$(CONFSTORAGEDIR) \
|
||||
debian/liblemonldap-ng-portal-perl/$(CAPTCHADIR)
|
||||
chgrp www-data debian/liblemonldap-ng-conf-perl/$(LMINIFILE) \
|
||||
debian/liblemonldap-ng-conf-perl/$(FIRSTCONFFILE)
|
||||
chmod 770 debian/*/$(SESSIONSDIR) debian/*/$(SESSIONSDIR)/lock
|
||||
chmod 750 debian/liblemonldap-ng-conf-perl/$(CONFSTORAGEDIR)
|
||||
chmod 640 debian/liblemonldap-ng-conf-perl/$(FIRSTCONFFILE) \
|
||||
debian/liblemonldap-ng-conf-perl/$(LMINIFILE)
|
||||
|
|
Loading…
Reference in New Issue