rpm,deb: change sudoers file mode to 440

change sudoers file mode to 440 to match recommended defaults.

From the sudoers man page.

> the default file mode is 0440 (read‐able by owner and group, writable
by none).
> The default mode may be changed via the “sudoers_mode” option to the
sudoers
>  Plugin line in the sudo.conf(5) file.

Fixes: https://tracker.ceph.com/issues/48169
Signed-off-by: David Turner <drakonstein@gmail.com>
(cherry picked from commit 1de14c7f9bcaf94152c62b50c37f4a44b6445f58)

Conflicts:
	debian/rules
- ignored extra lines introduced post-nautilus

diff --git a/ceph.spec.in b/ceph.spec.in
index 8fcb7488f68c01a2b3313d2d8431dc924d8f0744..87e1a3e6cb4a0dec0d0daa98b1e0bccab145bbb2 100644 (file)
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -1297,7 +1297,7 @@ ln -sf %{_sbindir}/mount.ceph %{buildroot}/sbin/mount.ceph
 install -m 0644 -D udev/50-rbd.rules %{buildroot}%{_udevrulesdir}/50-rbd.rules
 
 # sudoers.d
-install -m 0600 -D sudoers.d/ceph-osd-smartctl %{buildroot}%{_sysconfdir}/sudoers.d/ceph-osd-smartctl
+install -m 0440 -D sudoers.d/ceph-osd-smartctl %{buildroot}%{_sysconfdir}/sudoers.d/ceph-osd-smartctl
 
 %if 0%{?rhel} >= 8
 pathfix.py -pni "%{__python3} %{py3_shbang_opts}" %{buildroot}%{_bindir}/*

diff --git a/debian/rules b/debian/rules
index 8579f42613f32dbe2c534d1fd828961f0ae77b49..70355c9870b1783535316c4ec06f40a6577d96c1 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -54,7 +54,7 @@ override_dh_auto_install:
        install -D -m 644 udev/50-rbd.rules $(DESTDIR)/lib/udev/rules.d/50-rbd.rules
        install -D -m 644 src/etc-rbdmap $(DESTDIR)/etc/ceph/rbdmap
        install -D -m 644 etc/sysctl/90-ceph-osd.conf $(DESTDIR)/etc/sysctl.d/30-ceph-osd.conf
-       install -D -m 600 sudoers.d/ceph-osd-smartctl $(DESTDIR)/etc/sudoers.d/ceph-osd-smartctl
+       install -D -m 440 sudoers.d/ceph-osd-smartctl $(DESTDIR)/etc/sudoers.d/ceph-osd-smartctl
 
 # doc/changelog is a directory, which confuses dh_installchangelogs
 override_dh_installchangelogs: