Hi Julien, On Mon, Nov 01, 2010 at 06:44:56PM +0100, Julien Cristau wrote: > This makes those 3 directories world-readable. Is that ok (I have no > idea what perms the files in them have, or how confidential they are)?
It's OK for /etc/couchdb, only local.ini there merits read protection according to Raphaƫl: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600051#5 But you've got a point about the /var dirs. Here's a revised cut -- please confirm if ok to upload. diff -Nurp couchdb-0.11.0.orig//debian/changelog couchdb-0.11.0/debian/changelog --- couchdb-0.11.0.orig//debian/changelog 2010-11-01 19:47:14.000000000 +0100 +++ couchdb-0.11.0/debian/changelog 2010-11-01 20:16:06.000000000 +0100 @@ -1,3 +1,19 @@ +couchdb (0.11.0-2.3) unstable; urgency=high + + * Non-maintainer upload. + * debian/rules: make sure /var/{lib,log}/couchdb are accessible only to + couchdb user and group (partial revert of previous upload). + + -- Serafeim Zanikolas <s...@debian.org> Mon, 01 Nov 2010 20:08:08 +0100 + +couchdb (0.11.0-2.2) unstable; urgency=high + + * Non-maintainer upload. + * Apply permission settings during package build (as opposed to during + package installation) (Closes: #600051). Setting high urgency for RC bug. + + -- Serafeim Zanikolas <s...@debian.org> Sat, 30 Oct 2010 13:03:20 +0200 + couchdb (0.11.0-2.1) unstable; urgency=high * Non-maintainer upload by the Security Team. diff -Nurp couchdb-0.11.0.orig//debian/postinst couchdb-0.11.0/debian/postinst --- couchdb-0.11.0.orig//debian/postinst 2010-11-01 19:47:14.000000000 +0100 +++ couchdb-0.11.0/debian/postinst 2010-11-01 19:51:04.000000000 +0100 @@ -24,9 +24,6 @@ case $1 in chown -R couchdb:couchdb /etc/couchdb chown -R couchdb:couchdb /var/lib/couchdb chown -R couchdb:couchdb /var/log/couchdb - chmod -R 0770 /etc/couchdb - chmod -R 0770 /var/lib/couchdb - chmod -R 0770 /var/log/couchdb ;; esac diff -Nurp couchdb-0.11.0.orig//debian/rules couchdb-0.11.0/debian/rules --- couchdb-0.11.0.orig//debian/rules 2010-11-01 19:47:14.000000000 +0100 +++ couchdb-0.11.0/debian/rules 2010-11-01 20:07:01.000000000 +0100 @@ -35,6 +35,10 @@ common-binary-post-install-arch:: cp debian/binary.lintian-overrides debian/couchdb/usr/share/lintian/overrides/couchdb common-binary-predeb-arch:: + dh_fixperms debian/couchdb/ + chmod 660 debian/couchdb/etc/couchdb/local.ini + chmod 770 debian/couchdb/var/lib/couchdb + chmod 770 debian/couchdb/var/log/couchdb erlang-depends # @@ only works from source directory, see #494141 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
