[Freeipa-devel] [PATCH] 118 Fix permissions in installers
Martin Kosek
mkosek at redhat.com
Wed Sep 7 11:19:18 UTC 2011
On Tue, 2011-09-06 at 13:59 +0300, Alexander Bokovoy wrote:
> On 06.09.2011 13:52, Martin Kosek wrote:
> > On Tue, 2011-09-06 at 13:12 +0300, Alexander Bokovoy wrote:
> >> On 05.09.2011 17:24, Martin Kosek wrote:
> >>> How to test:
> >>> 1) on server:
> >>> - check that files in /usr/share/ipa/html are world readable
> >> why /usr/share/ipa/html/configure.jar has to be executable?
> >>
> >
> > The file is generated with this flag by /usr/bin/signtool. But I
> > verified that the browser configuration with configure.jar works without
> > the executable bit.
> >
> > I will change the rights to 0644 instead before pushing (if you ack the
> > rest).
> When zipfile is created, it uses PR_Open(filename,PR_WRONLY |
> PR_CREATE_FILE | PR_TRUNCATE, 0777)
> (http://mxr.mozilla.org/mozilla/source/security/nss/cmd/signtool/zip.c#73,
> via
> http://mxr.mozilla.org/mozilla/source/security/nss/cmd/signtool/sign.c#90)
>
> So I guess it is Mozilla's way to handle files on all platforms. We
> definitely don't need resulting executable bit anywhere afterwards.
>
> ACK.
Pushed to master, ipa-2-1. configure.jar permissions have been set to
0644.
>
> Related question: should we also mark these generated files in
> /usr/share/ipa/html/ as %ghost in freeipa.spec.in?
Good idea, then these files could be erased when our package is removed.
Can you please create a ticket?
Martin
More information about the Freeipa-devel
mailing list