summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHartmut Holzgraefe <hartmut@php.net>2023-05-05 12:05:44 +0200
committerHartmut Holzgraefe <hartmut@php.net>2023-05-05 12:05:44 +0200
commitd980a63756f0e9128419e2e75496271cbea043cc (patch)
tree3c4a13495f869b2a45259c16ddb851df14bfe5fe
parent15e1891398c7fd994a1e8c85c0e90528e26f06a7 (diff)
downloadmariadb-git-bb-10.4-MDEV-30904-harmut-pkgtest.tar.gz
MDEV-30904 "rpm --setugids" breaks PAM authenticationbb-10.4-MDEV-30904-harmut-pkgtest
Set auto_pam_tool_dir and auth_pam_tool ownership in RPM specs, not in POSTINST hook script, so that they are properly restored when running "rpm --setugids" instead of wrongly changing auth_pam_tool_dir ownershipt from "mysql" to "root"
-rw-r--r--plugin/auth_pam/CMakeLists.txt4
-rw-r--r--support-files/rpm/server-postin.sh3
2 files changed, 2 insertions, 5 deletions
diff --git a/plugin/auth_pam/CMakeLists.txt b/plugin/auth_pam/CMakeLists.txt
index 6d2dc72b097..9f303d55129 100644
--- a/plugin/auth_pam/CMakeLists.txt
+++ b/plugin/auth_pam/CMakeLists.txt
@@ -43,8 +43,8 @@ IF(HAVE_PAM_APPL_H AND HAVE_GETGROUPLIST)
MYSQL_ADD_EXECUTABLE(auth_pam_tool auth_pam_tool.c DESTINATION ${INSTALL_PLUGINDIR}/auth_pam_tool_dir COMPONENT Server)
TARGET_LINK_LIBRARIES(auth_pam_tool pam)
SET(CPACK_RPM_server_USER_FILELIST ${CPACK_RPM_server_USER_FILELIST}
- "%attr(700,-,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir"
- "%attr(4755,-,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir/auth_pam_tool")
+ "%attr(700,${MYSQLD_USER},-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir"
+ "%attr(4755,root,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir/auth_pam_tool")
SET(CPACK_RPM_server_USER_FILELIST ${CPACK_RPM_server_USER_FILELIST} PARENT_SCOPE)
ENDIF()
IF(TARGET auth_pam OR TARGET auth_pam_v1)
diff --git a/support-files/rpm/server-postin.sh b/support-files/rpm/server-postin.sh
index 61c417e3e7d..4d49f6f4e35 100644
--- a/support-files/rpm/server-postin.sh
+++ b/support-files/rpm/server-postin.sh
@@ -69,9 +69,6 @@ if [ $1 = 1 ] ; then
chmod -R og-rw $datadir/mysql
fi
-# Set the correct filesystem ownership for the PAM v2 plugin
-chown %{mysqld_user} /usr/lib*/mysql/plugin/auth_pam_tool_dir
-
# install SELinux files - but don't override existing ones
SETARGETDIR=/etc/selinux/targeted/src/policy
SEDOMPROG=$SETARGETDIR/domains/program