[Freeipa-devel] [PATCH] 118 Fix permissions in installers
Alexander Bokovoy
abokovoy at redhat.com
Tue Sep 6 10:59:25 UTC 2011
On 06.09.2011 13:52, Martin Kosek wrote:
> On Tue, 2011-09-06 at 13:12 +0300, Alexander Bokovoy wrote:
>> On 05.09.2011 17:24, Martin Kosek wrote:
>>> How to test:
>>> 1) on server:
>>> - check that files in /usr/share/ipa/html are world readable
>> why /usr/share/ipa/html/configure.jar has to be executable?
>>
>
> The file is generated with this flag by /usr/bin/signtool. But I
> verified that the browser configuration with configure.jar works without
> the executable bit.
>
> I will change the rights to 0644 instead before pushing (if you ack the
> rest).
When zipfile is created, it uses PR_Open(filename,PR_WRONLY |
PR_CREATE_FILE | PR_TRUNCATE, 0777)
(http://mxr.mozilla.org/mozilla/source/security/nss/cmd/signtool/zip.c#73,
via
http://mxr.mozilla.org/mozilla/source/security/nss/cmd/signtool/sign.c#90)
So I guess it is Mozilla's way to handle files on all platforms. We
definitely don't need resulting executable bit anywhere afterwards.
ACK.
Related question: should we also mark these generated files in
/usr/share/ipa/html/ as %ghost in freeipa.spec.in?
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list