commit: 8532e51714ce99ea6db20cfedde4d976291e70d3 Author: Marek Szuba <marecki <AT> gentoo <DOT> org> AuthorDate: Wed Mar 22 23:02:00 2023 +0000 Commit: Marek Szuba <marecki <AT> gentoo <DOT> org> CommitDate: Wed Mar 22 23:43:34 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8532e517
net-analyzer/suricata: make rule-file and update dirs setuid suricata So that it is possible to run suricata-update as root (which according to upstream documentation is still very much allowed) but have suricata itself drop its privileges, without having to manually change the ownership of downloaded files. In the long run it would be nice for suricata-update to drop privileges as well - but that's something for upstream to take care of, and setuid suricata on the relevant directories appears to work fine. Closes: https://bugs.gentoo.org/900627 Signed-off-by: Marek Szuba <marecki <AT> gentoo.org> net-analyzer/suricata/suricata-6.0.10.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-6.0.10.ebuild b/net-analyzer/suricata/suricata-6.0.10.ebuild index 697b19988894..bcc930edadc3 100644 --- a/net-analyzer/suricata/suricata-6.0.10.ebuild +++ b/net-analyzer/suricata/suricata-6.0.10.ebuild @@ -146,7 +146,7 @@ src_install() { fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - fperms 2750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update" + fperms 6750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update" newinitd "${FILESDIR}/${PN}.initd" ${PN} newconfd "${FILESDIR}/${PN}.confd" ${PN}
