rpms/freeradius/devel freeradius.spec,1.42,1.43

Thomas Woerner (twoerner) fedora-extras-commits at redhat.com
Fri Jun 15 15:36:43 UTC 2007 

Author: twoerner

Update of /cvs/pkgs/rpms/freeradius/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16737

Modified Files:
	freeradius.spec 
Log Message:
[tw]
- radiusd expects /etc/raddb to not be world readable or writable
  /etc/raddb now belongs to radiusd, post script sets permissions




Index: freeradius.spec
===================================================================
RCS file: /cvs/pkgs/rpms/freeradius/devel/freeradius.spec,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- freeradius.spec	15 Jun 2007 08:23:01 -0000	1.42
+++ freeradius.spec	15 Jun 2007 15:36:08 -0000	1.43
@@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 1.1.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPL
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
@@ -159,6 +159,7 @@
 
 
 %post
+/bin/chown -R radiusd.radiusd %{_sysconfdir}/raddb
 /sbin/ldconfig
 if [ $1 = 1 ]; then
   /sbin/chkconfig --add radiusd
@@ -174,6 +175,7 @@
   /sbin/chkconfig --del radiusd
 fi
 
+
 %postun
 if [ $1 -ge 1 ]; then
   /sbin/service radiusd condrestart >/dev/null 2>&1 || :
@@ -187,28 +189,29 @@
 %config (noreplace) %{_sysconfdir}/pam.d/radiusd
 %config (noreplace) %{_sysconfdir}/logrotate.d/radiusd
 %config (noreplace) %{_initrddir}/radiusd
-%dir %{_sysconfdir}/raddb
-%config (noreplace) %{_sysconfdir}/raddb/acct_users
-%config (noreplace) %{_sysconfdir}/raddb/attrs
-%config (noreplace) %{_sysconfdir}/raddb/certs
-%config (noreplace) %{_sysconfdir}/raddb/clients
-%config (noreplace) %{_sysconfdir}/raddb/clients.conf
-%config (noreplace) %{_sysconfdir}/raddb/dictionary
-%config (noreplace) %{_sysconfdir}/raddb/eap.conf
-%config (noreplace) %{_sysconfdir}/raddb/example.pl
-%config (noreplace) %{_sysconfdir}/raddb/hints
-%config (noreplace) %{_sysconfdir}/raddb/huntgroups
-%config (noreplace) %{_sysconfdir}/raddb/ldap.attrmap
-%config (noreplace) %{_sysconfdir}/raddb/naslist
-%config (noreplace) %{_sysconfdir}/raddb/naspasswd
-%config (noreplace) %{_sysconfdir}/raddb/otp.conf
-%config (noreplace) %{_sysconfdir}/raddb/preproxy_users
-%config (noreplace) %{_sysconfdir}/raddb/proxy.conf
-%config (noreplace) %{_sysconfdir}/raddb/radiusd.conf
-%config (noreplace) %{_sysconfdir}/raddb/realms
-%config (noreplace) %{_sysconfdir}/raddb/snmp.conf
-%config (noreplace) %{_sysconfdir}/raddb/sqlippool.conf
-%config (noreplace) %{_sysconfdir}/raddb/users
+%dir %attr(0700,radiusd,radiusd) %{_sysconfdir}/raddb
+%dir %attr(0700,radiusd,radiusd) %{_sysconfdir}/raddb/certs
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/acct_users
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/attrs
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/certs/*
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/clients
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/clients.conf
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/dictionary
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/eap.conf
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/example.pl
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/hints
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/huntgroups
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/ldap.attrmap
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/naslist
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/naspasswd
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/otp.conf
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/preproxy_users
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/proxy.conf
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/radiusd.conf
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/realms
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/snmp.conf
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/sqlippool.conf
+%config %attr(0600,radiusd,radiusd) (noreplace) %{_sysconfdir}/raddb/users
 %{_bindir}/*
 %{_libdir}/libeap*.so
 %{_libdir}/libradius*.so
@@ -268,21 +271,25 @@
 
 %files mysql
 %defattr(-,root,root,-)
-%{_sysconfdir}/raddb/sql.conf
+%attr(0600,radiusd,radiusd) %{_sysconfdir}/raddb/sql.conf
 %{_libdir}/*_mysql*.so
 
 %files postgresql
 %defattr(-,root,root,-)
-%{_sysconfdir}/raddb/postgresql.conf
+%attr(0600,radiusd,radiusd) %{_sysconfdir}/raddb/postgresql.conf
 %{_libdir}/*_postgresql*.so
 
 %files unixODBC
 %defattr(-,root,root,-)
-%{_sysconfdir}/raddb/mssql.conf
+%attr(0600,radiusd,radiusd) %{_sysconfdir}/raddb/mssql.conf
 %{_libdir}/*_unixodbc*.so
 
 
 %changelog
+* Fri Jun 15 2007 Thomas Woerner <twoerner at redhat.com> 1.1.6-2
+- radiusd expects /etc/raddb to not be world readable or writable
+  /etc/raddb now belongs to radiusd, post script sets permissions
+
 * Fri Jun 15 2007 Thomas Woerner <twoerner at redhat.com> 1.1.6-1
 - new version 1.1.6

More information about the fedora-extras-commits mailing list