From 78e8e0099c36e44a80cc25b5484515fa0d21ad07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Mon, 18 Sep 2023 16:38:48 -1000 Subject: [PATCH] Allow opensearch-dashboard user to read its config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In #3952, the permissions where changed to fix some inconsistencies in the .deb and .rpm packaging. This change restricted access to the configuration files (which where previously readable by all users) but failed to adjust the files permissions so that the service can access these files. Ensure the configuration directory and files belong to the root user and the opensearch-dashboards group Signed-off-by: Romain Tartière --- .../build_templates/opensearch-dashboards/deb/debian/postinst | 1 + .../opensearch-dashboards/rpm/opensearch-dashboards.rpm.spec | 1 + 2 files changed, 2 insertions(+) diff --git a/scripts/pkg/build_templates/opensearch-dashboards/deb/debian/postinst b/scripts/pkg/build_templates/opensearch-dashboards/deb/debian/postinst index 08f0094078..93a566971d 100755 --- a/scripts/pkg/build_templates/opensearch-dashboards/deb/debian/postinst +++ b/scripts/pkg/build_templates/opensearch-dashboards/deb/debian/postinst @@ -37,6 +37,7 @@ echo "### You can start opensearch-dashboards service by executing" echo " sudo systemctl start opensearch-dashboards.service" # Set ownership and permissions +chown -R root.opensearch-dashboards ${config_dir} chmod -R u=rwX,g=rX,o= ${config_dir} chown -R opensearch-dashboards.adm ${log_dir} diff --git a/scripts/pkg/build_templates/opensearch-dashboards/rpm/opensearch-dashboards.rpm.spec b/scripts/pkg/build_templates/opensearch-dashboards/rpm/opensearch-dashboards.rpm.spec index df8e1bd064..53273b9ae0 100644 --- a/scripts/pkg/build_templates/opensearch-dashboards/rpm/opensearch-dashboards.rpm.spec +++ b/scripts/pkg/build_templates/opensearch-dashboards/rpm/opensearch-dashboards.rpm.spec @@ -76,6 +76,7 @@ exit 0 %post set -e +chown -R root.%{name} %{config_dir} # Reload systemctl daemon if command -v systemctl > /dev/null; then systemctl daemon-reload