From 9ec614e2c45f0f6927f60b9924fd695fc6d2dc30 Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Wed, 19 Jun 2019 11:53:08 +0200 Subject: [PATCH] auth: Ensure pdns.conf is readable by pdns --- .../debian/authoritative/debian-buster/pdns-server.postinst | 1 + builder-support/debian/authoritative/debian-buster/rules | 4 ++-- .../debian/authoritative/debian-jessie/pdns-server.postinst | 1 + builder-support/debian/authoritative/debian-jessie/rules | 4 ++-- .../debian/authoritative/debian-stretch/pdns-server.postinst | 1 + builder-support/debian/authoritative/debian-stretch/rules | 4 ++-- 6 files changed, 9 insertions(+), 6 deletions(-) diff --git a/builder-support/debian/authoritative/debian-buster/pdns-server.postinst b/builder-support/debian/authoritative/debian-buster/pdns-server.postinst index 1e0027862c..87be373337 100644 --- a/builder-support/debian/authoritative/debian-buster/pdns-server.postinst +++ b/builder-support/debian/authoritative/debian-buster/pdns-server.postinst @@ -20,6 +20,7 @@ case "$1" in echo -n "Creating user and group pdns..." adduser --quiet --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns echo "done" + chown pdns:root /etc/powerdns/pdns.conf fi chown pdns:pdns /var/lib/powerdns || : ;; diff --git a/builder-support/debian/authoritative/debian-buster/rules b/builder-support/debian/authoritative/debian-buster/rules index 4862534e8b..ecfb730cbf 100755 --- a/builder-support/debian/authoritative/debian-buster/rules +++ b/builder-support/debian/authoritative/debian-buster/rules @@ -76,8 +76,8 @@ endif override_dh_fixperms: dh_fixperms - # these files often contain passwords. - chmod 0600 debian/pdns-server/etc/powerdns/pdns.conf + # these files often contain passwords. 660 as it is chowned to root:pdns + chmod 0660 debian/pdns-server/etc/powerdns/pdns.conf # restore moved files override_dh_clean: diff --git a/builder-support/debian/authoritative/debian-jessie/pdns-server.postinst b/builder-support/debian/authoritative/debian-jessie/pdns-server.postinst index 1e0027862c..87be373337 100644 --- a/builder-support/debian/authoritative/debian-jessie/pdns-server.postinst +++ b/builder-support/debian/authoritative/debian-jessie/pdns-server.postinst @@ -20,6 +20,7 @@ case "$1" in echo -n "Creating user and group pdns..." adduser --quiet --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns echo "done" + chown pdns:root /etc/powerdns/pdns.conf fi chown pdns:pdns /var/lib/powerdns || : ;; diff --git a/builder-support/debian/authoritative/debian-jessie/rules b/builder-support/debian/authoritative/debian-jessie/rules index 7056674615..54ab7f0590 100755 --- a/builder-support/debian/authoritative/debian-jessie/rules +++ b/builder-support/debian/authoritative/debian-jessie/rules @@ -75,8 +75,8 @@ override_dh_auto_build-arch: override_dh_fixperms: dh_fixperms - # these files often contain passwords. - chmod 0600 debian/pdns-server/etc/powerdns/pdns.conf + # these files often contain passwords. 660 as it is chowned to root:pdns + chmod 0660 debian/pdns-server/etc/powerdns/pdns.conf # restore moved files override_dh_clean: diff --git a/builder-support/debian/authoritative/debian-stretch/pdns-server.postinst b/builder-support/debian/authoritative/debian-stretch/pdns-server.postinst index 1e0027862c..87be373337 100644 --- a/builder-support/debian/authoritative/debian-stretch/pdns-server.postinst +++ b/builder-support/debian/authoritative/debian-stretch/pdns-server.postinst @@ -20,6 +20,7 @@ case "$1" in echo -n "Creating user and group pdns..." adduser --quiet --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns echo "done" + chown pdns:root /etc/powerdns/pdns.conf fi chown pdns:pdns /var/lib/powerdns || : ;; diff --git a/builder-support/debian/authoritative/debian-stretch/rules b/builder-support/debian/authoritative/debian-stretch/rules index 90b41e30a6..fca9b48586 100755 --- a/builder-support/debian/authoritative/debian-stretch/rules +++ b/builder-support/debian/authoritative/debian-stretch/rules @@ -70,8 +70,8 @@ override_dh_auto_test: override_dh_fixperms: dh_fixperms - # these files often contain passwords. - chmod 0600 debian/pdns-server/etc/powerdns/pdns.conf + # these files often contain passwords. 660 as it is chowned to root:pdns + chmod 0660 debian/pdns-server/etc/powerdns/pdns.conf # restore moved files override_dh_clean: -- 2.47.2