Bug#805028: autofs-ldap fails to start when /etc/autofs_ldap_auth.conf has wrong permissions

Fri, 13 Nov 2015 06:51:55 -0800 

Package: autofs-ldap
Severity: normal
Version: 5.1.1-1
Tags: patch
I just observed a pecularity... the lookup_ldap backup performs a file permission check on 

  /etc/autofs_ldap_auth.conf

The expected file permissions are root:root:0600.
As this diverts from default file permissions (root:root:0644), I recommend providing some dpkg-statoverride magic in autofs-ldap.postinst and autofs-ldap.prerm.
By coincidence the file permissions are correct when autofs-ldap is installed, but to be really sure, I'd highly recommend using dpkg-statoverride here.
I have attached a potential autofs-ldap.postinst and an autofs-ldap.prerm script (untested as of now, please verify that they do what they should). 

Thanks+Greets,
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de

#!/bin/sh
# postinst script for autofs-ldap
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package


case "$1" in
        configure)
                if ! dpkg-statoverride --list /etc/autofs_ldap_auth.conf 
1>/dev/null 2>/dev/null; then
                        dpkg-statoverride --add --update root root 0600 
/etc/autofs_ldap_auth.conf
                fi
                ;;

        abort-upgrade|abort-remove|abort-deconfigure)
                ;;

        *)
                echo "postinst called with unknown argument \`$1'" >&2
                exit 1
                ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0

#! /bin/sh
# prerm script for autofs-ldap

set -e

# see: dh_installdeb(1)
# summary of how this script can be called:
#        * <prerm> `remove'
#        * <old-prerm> `upgrade' <new-version>
#        * <new-prerm> `failed-upgrade' <old-version>
#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
#        * <deconfigured's-prerm> `deconfigure' `in-favour'
#        <package-being-installed> <version> `removing'
#        <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

case "$1" in
        remove)
                if dpkg-statoverride --list /etc/autofs_ldap_auth.conf 
1>/dev/null; then
                        dpkg-statoverride --remove /etc/autofs_ldap_auth.conf
                fi
                ;;
        deconfigure|upgrade|failed-upgrade)
                :
                ;;
        *) echo "$0: didn't understand being called with \`$1'" 1>&2
                exit 1;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0

Attachment: pgprIKqLg3muZ.pgp
Description: Digitale PGP-Signatur

Reply via email to