From 728f3d2e8f3d26e80154236c6d67e303e1f7f3b9 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sat, 16 Mar 2019 13:04:18 +0100
Subject: [PATCH] suricata: Fix ownership and file permissions of files inside
 /var/lib/suricata.

These files needs to have nobody.nobody as owner but requires read-acces from everyone
to allow the suricata user reading-in this files during startup.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 lfs/suricata | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lfs/suricata b/lfs/suricata
index 0a561ef8ba..d7b5b71d6b 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -101,8 +101,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# to the rules directory.
 	mv /etc/suricata/*.config /var/lib/suricata
 
-	# Set correct ownership for /var/lib/suricata
-	chown nobody:nobody /var/lib/suricata
+	# Set correct permissions for the files.
+	chmod 644 /var/lib/suricata/*.config
+
+	# Set correct ownership for /var/lib/suricata and the
+	# contained files
+	chown -R nobody:nobody /var/lib/suricata
 
 	# Create logging directory.
 	-mkdir -p /var/log/suricata
-- 
2.39.2