Bug 258365 - security/logcheck: incorrect permissions on /usr/local/etc/logcheck
Summary: security/logcheck: incorrect permissions on /usr/local/etc/logcheck
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on: 257980
Blocks:
  Show dependency treegraph
 
Reported: 2021-09-08 12:38 UTC by Dan Langille
Modified: 2021-09-19 15:35 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (yasu)


Attachments
set permissions on ETCDIR and subdirectories (952 bytes, patch)
2021-09-08 13:00 UTC, Dan Langille
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Langille freebsd_committer 2021-09-08 12:38:21 UTC
This affects new installs only. It does not affect existing installs which are upgraded.

The problem: missing chgrp on /usr/local/etc/logcheck and several subdirectories

When logcheck runs, the errors are:

ls: /usr/local/etc/logcheck/cracking.d: Permission denied
ls: /usr/local/etc/logcheck/violations.d: Permission denied
ls: /usr/local/etc/logcheck/violations.ignore.d: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.server: Permission denied
ls: /usr/local/etc/logcheck/ignore.d.paranoid: Permission denied

Looking in the directory, we find:

[root@nginx01:/usr/local/etc/logcheck] $ ls -l
total 122
drwxr-x---  2 root  wheel        8 Sep  8 12:24 cracking.d
drwxr-x---  2 root  wheel       17 Sep  8 12:24 ignore.d.paranoid
drwxr-x---  2 root  wheel      141 Sep  8 12:24 ignore.d.server
drwxr-x---  2 root  wheel       38 Sep  8 12:24 ignore.d.workstation
-rw-r-----  1 root  logcheck  1121 Sep  7 21:07 logcheck.conf
-rw-r--r--  1 root  logcheck  3092 Aug 10 04:34 logcheck.conf.sample
-rw-r-----  1 root  logcheck   150 Sep  7 21:07 logcheck.logfiles
-rw-r--r--  1 root  logcheck   133 Aug 10 04:34 logcheck.logfiles.sample
drwxr-x---  2 root  wheel        7 Sep  8 12:24 violations.d
drwxr-x---  2 root  wheel        5 Sep  8 12:24 violations.ignore.d


Also:

[root@nginx01:/usr/local/etc/logcheck] $ ls -ld .
drwxr-xr-x  8 root  wheel  12 Sep  8 12:24 .

Looking at the port, I cannot find the cause yet.
Comment 1 Dan Langille freebsd_committer 2021-09-08 13:00:28 UTC
Created attachment 227760 [details]
set permissions on ETCDIR and subdirectories

I think I understand. This line in pkg-plist affects only items which will between it and the next @group command:

@group %%LOGCHECK_GROUP%%

Therefore, it does not affect the directories in question.

Adding this to the end of pkg-plist fixes those directories

@postexec %%FIND%% %%PREFIX%%/%%ETCDIR%%/* -type d -exec %%CHGRP%% logcheck {} +

This fixes the ETCDIR permissions:

@dir(%%LOGCHECK_USER%%,%%LOGCHECK_GROUP%%,) %%RUNDIR%%
Comment 2 Dan Langille freebsd_committer 2021-09-08 13:08:36 UTC
This will fix broken installs:

* cd /usr/local/etc/logcheck
* chgrp logcheck . cracking.d ignore.d.paranoid ignore.d.server ignore.d.workstation violations.d violations.ignore.d
Comment 3 Yasuhiro Kimura 2021-09-18 07:41:20 UTC
Sorry for breakage. Patch submitted as bug #257980 will fix the problem.
Comment 4 Dan Langille freebsd_committer 2021-09-19 15:35:12 UTC
Solved via above mentioned ticket. Thank you.