Merge pull request #17 from freedomofpress/rq-perms-reset

Ensure rq_config.py permissions are restored on next upgrade
freedomofpress · Sep 18, 2024 · 5be503e · 5be503e
2 parents 71502d5 + b46ee14
commit 5be503e
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/securedrop/debian/securedrop-app-code.postinst b/securedrop/debian/securedrop-app-code.postinst
@@ -251,12 +251,16 @@ case "$1" in
     chown -R root:root /var/www/securedrop
     chmod 755 /var/www/securedrop
 
-    # Make sure config.py is owned by root and readable by www-data,
+    # Make sure config.py and rq_config.py are owned by root and readable by www-data,
     # but not world-readable
     if [ -f "/var/www/securedrop/config.py" ]; then
         chown root:www-data /var/www/securedrop/config.py
         chmod 640 /var/www/securedrop/config.py
     fi
+    if [ -f "/var/www/securedrop/rq_config.py" ]; then
+        chown root:www-data /var/www/securedrop/rq_config.py
+        chmod 640 /var/www/securedrop/rq_config.py
+    fi
     # And logo needs to be writable by webserver user
     # If there's no custom logo yet, copy the default in its place
     if [ ! -f "/var/www/securedrop/static/i/custom_logo.png" ]; then