diff options
author | Hartmut Holzgraefe <hartmut@php.net> | 2023-05-05 12:05:44 +0200 |
---|---|---|
committer | Hartmut Holzgraefe <hartmut@php.net> | 2023-05-05 12:05:44 +0200 |
commit | d980a63756f0e9128419e2e75496271cbea043cc (patch) | |
tree | 3c4a13495f869b2a45259c16ddb851df14bfe5fe | |
parent | 15e1891398c7fd994a1e8c85c0e90528e26f06a7 (diff) | |
download | mariadb-git-bb-10.4-MDEV-30904-harmut-pkgtest.tar.gz |
MDEV-30904 "rpm --setugids" breaks PAM authenticationbb-10.4-MDEV-30904-harmut-pkgtest
Set auto_pam_tool_dir and auth_pam_tool ownership in RPM specs,
not in POSTINST hook script, so that they are properly restored
when running "rpm --setugids" instead of wrongly changing
auth_pam_tool_dir ownershipt from "mysql" to "root"
-rw-r--r-- | plugin/auth_pam/CMakeLists.txt | 4 | ||||
-rw-r--r-- | support-files/rpm/server-postin.sh | 3 |
2 files changed, 2 insertions, 5 deletions
diff --git a/plugin/auth_pam/CMakeLists.txt b/plugin/auth_pam/CMakeLists.txt index 6d2dc72b097..9f303d55129 100644 --- a/plugin/auth_pam/CMakeLists.txt +++ b/plugin/auth_pam/CMakeLists.txt @@ -43,8 +43,8 @@ IF(HAVE_PAM_APPL_H AND HAVE_GETGROUPLIST) MYSQL_ADD_EXECUTABLE(auth_pam_tool auth_pam_tool.c DESTINATION ${INSTALL_PLUGINDIR}/auth_pam_tool_dir COMPONENT Server) TARGET_LINK_LIBRARIES(auth_pam_tool pam) SET(CPACK_RPM_server_USER_FILELIST ${CPACK_RPM_server_USER_FILELIST} - "%attr(700,-,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir" - "%attr(4755,-,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir/auth_pam_tool") + "%attr(700,${MYSQLD_USER},-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir" + "%attr(4755,root,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir/auth_pam_tool") SET(CPACK_RPM_server_USER_FILELIST ${CPACK_RPM_server_USER_FILELIST} PARENT_SCOPE) ENDIF() IF(TARGET auth_pam OR TARGET auth_pam_v1) diff --git a/support-files/rpm/server-postin.sh b/support-files/rpm/server-postin.sh index 61c417e3e7d..4d49f6f4e35 100644 --- a/support-files/rpm/server-postin.sh +++ b/support-files/rpm/server-postin.sh @@ -69,9 +69,6 @@ if [ $1 = 1 ] ; then chmod -R og-rw $datadir/mysql fi -# Set the correct filesystem ownership for the PAM v2 plugin -chown %{mysqld_user} /usr/lib*/mysql/plugin/auth_pam_tool_dir - # install SELinux files - but don't override existing ones SETARGETDIR=/etc/selinux/targeted/src/policy SEDOMPROG=$SETARGETDIR/domains/program |