rpm,deb: change sudoers file mode to 440

change sudoers file mode to 440 to match recommended defaults.

From the sudoers man page.

> the default file mode is 0440 (read‐able by owner and group, writable
by none).
> The default mode may be changed via the “sudoers_mode” option to the
sudoers
>  Plugin line in the sudo.conf(5) file.

Fixes: https://tracker.ceph.com/issues/48169
Signed-off-by: David Turner <drakonstein@gmail.com>

diff --git a/ceph.spec.in b/ceph.spec.in
index 0f718fe3f9633fc00c631463e0fd39f170c2fcfc..8f45c631fa5a5a6a85910c69edc327fd537f94e7 100644 (file)
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -1263,7 +1263,7 @@ ln -sf %{_sbindir}/mount.ceph %{buildroot}/sbin/mount.ceph
 install -m 0644 -D udev/50-rbd.rules %{buildroot}%{_udevrulesdir}/50-rbd.rules
 
 # sudoers.d
-install -m 0600 -D sudoers.d/ceph-osd-smartctl %{buildroot}%{_sysconfdir}/sudoers.d/ceph-osd-smartctl
+install -m 0440 -D sudoers.d/ceph-osd-smartctl %{buildroot}%{_sysconfdir}/sudoers.d/ceph-osd-smartctl
 
 %if 0%{?rhel} >= 8
 pathfix.py -pni "%{__python3} %{py3_shbang_opts}" %{buildroot}%{_bindir}/*

diff --git a/debian/rules b/debian/rules
index 5c9dd81ae66bcf2c565918d8102f1af735ca84c4..8538cdeff5cfa6896e818b1c5a8a1e8aa3eab762 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -54,7 +54,7 @@ override_dh_auto_install:
        install -D -m 644 udev/50-rbd.rules $(DESTDIR)/lib/udev/rules.d/50-rbd.rules
        install -D -m 644 src/etc-rbdmap $(DESTDIR)/etc/ceph/rbdmap
        install -D -m 644 etc/sysctl/90-ceph-osd.conf $(DESTDIR)/etc/sysctl.d/30-ceph-osd.conf
-       install -D -m 600 sudoers.d/ceph-osd-smartctl $(DESTDIR)/etc/sudoers.d/ceph-osd-smartctl
+       install -D -m 440 sudoers.d/ceph-osd-smartctl $(DESTDIR)/etc/sudoers.d/ceph-osd-smartctl
        install -D -m 755 src/tools/rbd_nbd/rbd-nbd_quiesce $(DESTDIR)/usr/libexec/rbd-nbd/rbd-nbd_quiesce
 
        install -m 755 src/cephadm/cephadm $(DESTDIR)/usr/sbin/cephadm