MDEV-30904 "rpm --setugids" breaks PAM authenticationbb-10.4-MDEV-30904-harmut-pkgtest

Set auto_pam_tool_dir and auth_pam_tool ownership in RPM specs,
not in POSTINST hook script, so that they are properly restored
when running "rpm --setugids" instead of wrongly changing
auth_pam_tool_dir ownershipt from "mysql" to "root"

2 files changed, 2 insertions, 5 deletions

diff --git a/plugin/auth_pam/CMakeLists.txt b/plugin/auth_pam/CMakeLists.txt
index 6d2dc72b097..9f303d55129 100644
--- a/plugin/auth_pam/CMakeLists.txt
+++ b/plugin/auth_pam/CMakeLists.txt
@@ -43,8 +43,8 @@ IF(HAVE_PAM_APPL_H AND HAVE_GETGROUPLIST)
     MYSQL_ADD_EXECUTABLE(auth_pam_tool auth_pam_tool.c DESTINATION ${INSTALL_PLUGINDIR}/auth_pam_tool_dir COMPONENT Server)
     TARGET_LINK_LIBRARIES(auth_pam_tool pam)
     SET(CPACK_RPM_server_USER_FILELIST ${CPACK_RPM_server_USER_FILELIST}
-        "%attr(700,-,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir"
-        "%attr(4755,-,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir/auth_pam_tool")
+        "%attr(700,${MYSQLD_USER},-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir"
+        "%attr(4755,root,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir/auth_pam_tool")
     SET(CPACK_RPM_server_USER_FILELIST ${CPACK_RPM_server_USER_FILELIST} PARENT_SCOPE)
   ENDIF()
   IF(TARGET auth_pam OR TARGET auth_pam_v1)
diff --git a/support-files/rpm/server-postin.sh b/support-files/rpm/server-postin.sh
index 61c417e3e7d..4d49f6f4e35 100644
--- a/support-files/rpm/server-postin.sh
+++ b/support-files/rpm/server-postin.sh
@@ -69,9 +69,6 @@ if [ $1 = 1 ] ; then
   chmod -R og-rw $datadir/mysql
 fi
 
-# Set the correct filesystem ownership for the PAM v2 plugin
-chown %{mysqld_user} /usr/lib*/mysql/plugin/auth_pam_tool_dir
-
 # install SELinux files - but don't override existing ones
 SETARGETDIR=/etc/selinux/targeted/src/policy
 SEDOMPROG=$SETARGETDIR/domains/program