[Freeipa-devel] [PATCH] 118 Fix permissions in installers

Martin Kosek mkosek at redhat.com
Wed Sep 7 11:19:18 UTC 2011


On Tue, 2011-09-06 at 13:59 +0300, Alexander Bokovoy wrote:
> On 06.09.2011 13:52, Martin Kosek wrote:
> > On Tue, 2011-09-06 at 13:12 +0300, Alexander Bokovoy wrote:
> >> On 05.09.2011 17:24, Martin Kosek wrote:
> >>> How to test:
> >>> 1) on server:
> >>> - check that files in /usr/share/ipa/html are world readable
> >> why /usr/share/ipa/html/configure.jar has to be executable?
> >>
> > 
> > The file is generated with this flag by /usr/bin/signtool. But I
> > verified that the browser configuration with configure.jar works without
> > the executable bit.
> > 
> > I will change the rights to 0644 instead before pushing (if you ack the
> > rest).
> When zipfile is created, it uses PR_Open(filename,PR_WRONLY |
> PR_CREATE_FILE | PR_TRUNCATE, 0777)
> (http://mxr.mozilla.org/mozilla/source/security/nss/cmd/signtool/zip.c#73,
> via
> http://mxr.mozilla.org/mozilla/source/security/nss/cmd/signtool/sign.c#90)
> 
> So I guess it is Mozilla's way to handle files on all platforms. We
> definitely don't need resulting executable bit anywhere afterwards.
> 
> ACK.

Pushed to master, ipa-2-1. configure.jar permissions have been set to
0644.

> 
> Related question: should we also mark these generated files in
> /usr/share/ipa/html/ as %ghost in freeipa.spec.in?

Good idea, then these files could be erased when our package is removed.
Can you please create a ticket?

Martin




More information about the Freeipa-devel mailing list