From 1de14c7f9bcaf94152c62b50c37f4a44b6445f58 Mon Sep 17 00:00:00 2001 From: David Turner Date: Tue, 10 Nov 2020 14:31:35 -0500 Subject: [PATCH] rpm,deb: change sudoers file mode to 440 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit change sudoers file mode to 440 to match recommended defaults. From the sudoers man page. > the default file mode is 0440 (read‐able by owner and group, writable by none). > The default mode may be changed via the “sudoers_mode” option to the sudoers > Plugin line in the sudo.conf(5) file. Fixes: https://tracker.ceph.com/issues/48169 Signed-off-by: David Turner --- ceph.spec.in | 2 +- debian/rules | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ceph.spec.in b/ceph.spec.in index 0f718fe3f9633..8f45c631fa5a5 100644 --- a/ceph.spec.in +++ b/ceph.spec.in @@ -1263,7 +1263,7 @@ ln -sf %{_sbindir}/mount.ceph %{buildroot}/sbin/mount.ceph install -m 0644 -D udev/50-rbd.rules %{buildroot}%{_udevrulesdir}/50-rbd.rules # sudoers.d -install -m 0600 -D sudoers.d/ceph-osd-smartctl %{buildroot}%{_sysconfdir}/sudoers.d/ceph-osd-smartctl +install -m 0440 -D sudoers.d/ceph-osd-smartctl %{buildroot}%{_sysconfdir}/sudoers.d/ceph-osd-smartctl %if 0%{?rhel} >= 8 pathfix.py -pni "%{__python3} %{py3_shbang_opts}" %{buildroot}%{_bindir}/* diff --git a/debian/rules b/debian/rules index 5c9dd81ae66bc..8538cdeff5cfa 100755 --- a/debian/rules +++ b/debian/rules @@ -54,7 +54,7 @@ override_dh_auto_install: install -D -m 644 udev/50-rbd.rules $(DESTDIR)/lib/udev/rules.d/50-rbd.rules install -D -m 644 src/etc-rbdmap $(DESTDIR)/etc/ceph/rbdmap install -D -m 644 etc/sysctl/90-ceph-osd.conf $(DESTDIR)/etc/sysctl.d/30-ceph-osd.conf - install -D -m 600 sudoers.d/ceph-osd-smartctl $(DESTDIR)/etc/sudoers.d/ceph-osd-smartctl + install -D -m 440 sudoers.d/ceph-osd-smartctl $(DESTDIR)/etc/sudoers.d/ceph-osd-smartctl install -D -m 755 src/tools/rbd_nbd/rbd-nbd_quiesce $(DESTDIR)/usr/libexec/rbd-nbd/rbd-nbd_quiesce install -m 755 src/cephadm/cephadm $(DESTDIR)/usr/sbin/cephadm -- 2.47.3