database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-17 06:42:17 +03:00
Code Activity

rpm/deb and auth_pam_tool_dir/auth_pam_tool

Browse Source 
don't let mysql_install_db set SUID bit for auth_pam_tool in rpm/deb
packages - instead package files with correct permissions and
only fix the ownership of auth_pam_tool_dir (which can only be done
after mysql user is created, so in post-install).

keep old mysql_install_db behavior for bintars
This commit is contained in:
Sergei Golubchik
2020-01-15 18:08:02 +01:00
parent 7e378a8d31
commit 9d18b62467
4 changed files with 18 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
debian/mariadb-server-10.4.postinst vendored
View File

@@ -94,6 +94,9 @@ EOF
chmod 2750 $mysql_logdir chmod 2750 $mysql_logdir
set -e set -e
# Set the correct filesystem ownership for the PAM v2 plugin
chown mysql /usr/lib/mysql/plugin/auth_pam_tool_dir
# This is important to avoid dataloss when there is a removed # This is important to avoid dataloss when there is a removed
# mysql-server version from Woody lying around which used the same # mysql-server version from Woody lying around which used the same
# data directory and then somewhen gets purged by the admin. # data directory and then somewhen gets purged by the admin.

4
debian/rules vendored
View File

@@ -146,6 +146,10 @@ endif
ln -s libmariadb.so.3 $(TMP)/usr/lib/$(DEB_HOST_MULTIARCH)/libmysqlclient.so.19 ln -s libmariadb.so.3 $(TMP)/usr/lib/$(DEB_HOST_MULTIARCH)/libmysqlclient.so.19
ln -s libmariadb.so.3 $(TMP)/usr/lib/$(DEB_HOST_MULTIARCH)/libmysqlclient.so.20 ln -s libmariadb.so.3 $(TMP)/usr/lib/$(DEB_HOST_MULTIARCH)/libmysqlclient.so.20
override_dh_fixperms:
dh_fixperms
chmod 04755 debian/mariadb-server-10.4/usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
chmod 0700 debian/mariadb-server-10.4/usr/lib/mysql/plugin/auth_pam_tool_dir
override_dh_installlogrotate-arch: override_dh_installlogrotate-arch:
dh_installlogrotate --name mysql-server dh_installlogrotate --name mysql-server

18
scripts/mysql_install_db.sh
View File

@@ -478,16 +478,8 @@ do
fi fi
done done
if test -n "$user" if test -n "$user" -a "$in_rpm" -eq 0
then then
chown $user "$pamtooldir/auth_pam_tool_dir" && \
chmod 0700 "$pamtooldir/auth_pam_tool_dir"
if test $? -ne 0
then
echo "Cannot change ownership of the '$pamtooldir/auth_pam_tool_dir' directory"
echo " to the '$user' user. Check that you have the necessary permissions and try again."
exit 1
fi
if test -z "$srcdir" if test -z "$srcdir"
then then
chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \ chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
@@ -499,6 +491,14 @@ then
echo echo
fi fi
fi fi
chown $user "$pamtooldir/auth_pam_tool_dir" && \
chmod 0700 "$pamtooldir/auth_pam_tool_dir"
if test $? -ne 0
then
echo "Cannot change ownership of the '$pamtooldir/auth_pam_tool_dir' directory"
echo " to the '$user' user. Check that you have the necessary permissions and try again."
exit 1
fi
args="$args --user=$user" args="$args --user=$user"
fi fi

7
support-files/rpm/server-postin.sh
View File

@@ -69,11 +69,8 @@ if [ $1 = 1 ] ; then
chmod -R og-rw $datadir/mysql chmod -R og-rw $datadir/mysql
fi fi
# Set correct filesystem ownership/permissions for the PAM v2 plugin # Set the correct filesystem ownership for the PAM v2 plugin
chown %{mysqld_group} /usr/lib*/mysql/plugin/auth_pam_tool_dir chown %{mysqld_user} /usr/lib*/mysql/plugin/auth_pam_tool_dir
chmod 0700 /usr/lib*/mysql/plugin/auth_pam_tool_dir
chown 0 /usr/lib*/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
chmod 04755 /usr/lib*/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
# install SELinux files - but don't override existing ones # install SELinux files - but don't override existing ones
SETARGETDIR=/etc/selinux/targeted/src/policy SETARGETDIR=/etc/selinux/targeted/src/policy