From 53a4e0f3183997fb9d64ebf03c5811afb48c7c68 Mon Sep 17 00:00:00 2001
From: David Turner <dturner@rsglab.com>
Date: Tue, 10 Nov 2020 14:31:35 -0500
Subject: [PATCH] rpm,deb: change sudoers file mode to 440
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

change sudoers file mode to 440 to match recommended defaults.

From the sudoers man page.

> the default file mode is 0440 (readâable by owner and group, writable
by none).
> The default mode may be changed via the âsudoers_modeâ option to the
sudoers
>  Plugin line in the sudo.conf(5) file.

Fixes: https://tracker.ceph.com/issues/48169
Signed-off-by: David Turner <drakonstein@gmail.com>
(cherry picked from commit 1de14c7f9bcaf94152c62b50c37f4a44b6445f58)

Conflicts:
	debian/rules
- ignored extra lines introduced post-nautilus
---
 ceph.spec.in | 2 +-
 debian/rules | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ceph.spec.in b/ceph.spec.in
index 8fcb7488f68c0..87e1a3e6cb4a0 100644
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -1297,7 +1297,7 @@ ln -sf %{_sbindir}/mount.ceph %{buildroot}/sbin/mount.ceph
 install -m 0644 -D udev/50-rbd.rules %{buildroot}%{_udevrulesdir}/50-rbd.rules
 
 # sudoers.d
-install -m 0600 -D sudoers.d/ceph-osd-smartctl %{buildroot}%{_sysconfdir}/sudoers.d/ceph-osd-smartctl
+install -m 0440 -D sudoers.d/ceph-osd-smartctl %{buildroot}%{_sysconfdir}/sudoers.d/ceph-osd-smartctl
 
 %if 0%{?rhel} >= 8
 pathfix.py -pni "%{__python3} %{py3_shbang_opts}" %{buildroot}%{_bindir}/*
diff --git a/debian/rules b/debian/rules
index 8579f42613f32..70355c9870b17 100755
--- a/debian/rules
+++ b/debian/rules
@@ -54,7 +54,7 @@ override_dh_auto_install:
 	install -D -m 644 udev/50-rbd.rules $(DESTDIR)/lib/udev/rules.d/50-rbd.rules
 	install -D -m 644 src/etc-rbdmap $(DESTDIR)/etc/ceph/rbdmap
 	install -D -m 644 etc/sysctl/90-ceph-osd.conf $(DESTDIR)/etc/sysctl.d/30-ceph-osd.conf
-	install -D -m 600 sudoers.d/ceph-osd-smartctl $(DESTDIR)/etc/sudoers.d/ceph-osd-smartctl
+	install -D -m 440 sudoers.d/ceph-osd-smartctl $(DESTDIR)/etc/sudoers.d/ceph-osd-smartctl
 
 # doc/changelog is a directory, which confuses dh_installchangelogs
 override_dh_installchangelogs:
-- 
2.39.5