diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2009-03-21 13:00:46 +0100 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2009-03-21 13:00:46 +0100 |
| commit | 2de16e9e97ac71821bdc1902f12b9c0c8953053b (patch) | |
| tree | dade2e5595567ceef6c557d6946f2ea769692ab5 | |
| parent | ba9f1ae27424204481262d0d10f37f65e0b94300 (diff) | |
fix permissions of nss-ldapd.conf on creation and upgrade0.6.7.1
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd-0.6.7.1@819 ef36b2f9-881f-0410-afb5-c4e39611909c
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | debian/libnss-ldapd.postinst | 11 |
2 files changed, 18 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 7fb3d90..7848c78 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +nss-ldapd (0.6.7.1) stable-security; urgency=high + + * security upload + * fix the permissions of /etc/nss-ldapd.conf to not be world readable + (file can be used to store LDAP password) (closes: #520476) + + -- Arthur de Jong <adejong@debian.org> Sat, 21 Mar 2009 10:43:17 +0100 + nss-ldapd (0.6.7) unstable; urgency=low * a fix for a problem in debconf configuration that would ignore user input diff --git a/debian/libnss-ldapd.postinst b/debian/libnss-ldapd.postinst index 6c22ae6..823a66d 100644 --- a/debian/libnss-ldapd.postinst +++ b/debian/libnss-ldapd.postinst @@ -158,6 +158,9 @@ base dc=example,dc=net #scope sub EOM + # fix permissions + chmod 640 "$CONFFILE" + chown root:nslcd "$CONFFILE" fi # we're done return 0 @@ -238,7 +241,13 @@ then done # we're done db_stop - # TODO: fix permissions of configfile if passwords are stored + # fix permissions of configfile if upgrading from an old version + if dpkg --compare-versions "$2" lt-nl "0.6.7.1" + then + echo "Fixing permissions of $CONFFILE" + chmod 640 "$CONFFILE" + chown root:nslcd "$CONFFILE" + fi # TODO: create backups of /etc/nsswitch.conf and configfile # (probably store orig in tmpfile and if diff install it # as backup) |