From 0aaf5049253855d05006f968d3ab4a11169ada1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Mon, 11 Sep 2023 09:40:10 -1000 Subject: [PATCH] Fix files ownership and permissions in OpenSearch-Dashboards packages (#3952) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Romain Tartière Signed-off-by: Peter Zhu --- .../opensearch-dashboards/deb/debian/postinst | 12 ++++++++---- .../deb/debmake_opensearch_dashboards_install.sh | 3 ++- .../rpm/opensearch-dashboards.rpm.spec | 11 ++++++----- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/scripts/pkg/build_templates/opensearch-dashboards/deb/debian/postinst b/scripts/pkg/build_templates/opensearch-dashboards/deb/debian/postinst index 30d62c95e7..08f0094078 100755 --- a/scripts/pkg/build_templates/opensearch-dashboards/deb/debian/postinst +++ b/scripts/pkg/build_templates/opensearch-dashboards/deb/debian/postinst @@ -36,11 +36,15 @@ echo " sudo systemctl enable opensearch-dashboards.service" echo "### You can start opensearch-dashboards service by executing" echo " sudo systemctl start opensearch-dashboards.service" -# Set owner -chown -R opensearch-dashboards.opensearch-dashboards ${product_dir} -chown -R opensearch-dashboards.opensearch-dashboards ${config_dir} -chown -R opensearch-dashboards.opensearch-dashboards ${log_dir} +# Set ownership and permissions +chmod -R u=rwX,g=rX,o= ${config_dir} + +chown -R opensearch-dashboards.adm ${log_dir} +chmod 750 ${log_dir} + chown -R opensearch-dashboards.opensearch-dashboards ${data_dir} +chmod 750 ${data_dir} + chown -R opensearch-dashboards.opensearch-dashboards ${pid_dir} exit 0 diff --git a/scripts/pkg/build_templates/opensearch-dashboards/deb/debmake_opensearch_dashboards_install.sh b/scripts/pkg/build_templates/opensearch-dashboards/deb/debmake_opensearch_dashboards_install.sh index 1c4f593a53..e41763e071 100755 --- a/scripts/pkg/build_templates/opensearch-dashboards/deb/debmake_opensearch_dashboards_install.sh +++ b/scripts/pkg/build_templates/opensearch-dashboards/deb/debmake_opensearch_dashboards_install.sh @@ -42,6 +42,7 @@ ln -s ${data_dir} ${buildroot}${product_dir}/data ln -s ${log_dir} ${buildroot}${product_dir}/logs # Change Permissions -chmod -Rf a+rX,u+w,g-w,o-w ${buildroot}/* +chmod -Rf g-s ${buildroot}/* +chmod -Rf u=rwX,g=rX,o=rX ${buildroot}/* exit 0 diff --git a/scripts/pkg/build_templates/opensearch-dashboards/rpm/opensearch-dashboards.rpm.spec b/scripts/pkg/build_templates/opensearch-dashboards/rpm/opensearch-dashboards.rpm.spec index 6ff7c32084..df8e1bd064 100644 --- a/scripts/pkg/build_templates/opensearch-dashboards/rpm/opensearch-dashboards.rpm.spec +++ b/scripts/pkg/build_templates/opensearch-dashboards/rpm/opensearch-dashboards.rpm.spec @@ -56,7 +56,8 @@ chmod 0755 %{buildroot}%{product_dir}/bin/* ln -s %{data_dir} %{buildroot}%{product_dir}/data ln -s %{log_dir} %{buildroot}%{product_dir}/logs # Change Permissions -chmod -Rf a+rX,u+w,g-w,o-w %{buildroot}/* +chmod -Rf g-s %{buildroot}/* +chmod -Rf u=rwX,g=rX,o= %{buildroot}/etc exit 0 %pre @@ -101,7 +102,7 @@ exit 0 %files # Permissions -%defattr(-, %{name}, %{name}) +%defattr(-, root, root) # Root dirs/docs/licenses %dir %{product_dir} @@ -130,9 +131,9 @@ exit 0 %{product_dir}/node_modules %{product_dir}/plugins %{product_dir}/src -%{log_dir} -%{pid_dir} -%dir %{data_dir} +%attr(750, %{name}, %{name}) %{log_dir} +%attr(750, %{name}, %{name}) %{pid_dir} +%dir %attr(750, %{name}, %{name}) %{data_dir} # Symlinks %{product_dir}/data