[cloud-init] Fix sudoers file permissions
gholms
gholms at fedoraproject.org
Sun Sep 23 02:54:07 UTC 2012
commit cd4f6f47aaa50eb20e935d0b03dcc51b50e01e3b
Author: Garrett Holmstrom <gholms at fedoraproject.org>
Date: Sat Sep 22 19:39:41 2012 -0700
Fix sudoers file permissions
cloud-init-0.7.0-sudoers-perms.patch | 13 +++++++++++++
cloud-init.spec | 5 +++++
2 files changed, 18 insertions(+), 0 deletions(-)
---
diff --git a/cloud-init-0.7.0-sudoers-perms.patch b/cloud-init-0.7.0-sudoers-perms.patch
new file mode 100644
index 0000000..ba1989a
--- /dev/null
+++ b/cloud-init-0.7.0-sudoers-perms.patch
@@ -0,0 +1,13 @@
+Index: trunk/cloudinit/distros/__init__.py
+===================================================================
+--- trunk.orig/cloudinit/distros/__init__.py
++++ trunk/cloudinit/distros/__init__.py
+@@ -395,7 +395,7 @@ class Distro(object):
+ content += "\n"
+
+ if not os.path.exists(sudo_file):
+- util.write_file(sudo_file, content, 0644)
++ util.write_file(sudo_file, content, 0440)
+
+ else:
+ try:
diff --git a/cloud-init.spec b/cloud-init.spec
index 02ec336..fbfc2bc 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -19,6 +19,9 @@ Patch1: cloud-init-0.7.0-hostname-refactor.patch
# Fix fingerprint printing caused by recent user code refactoring
# https://code.launchpad.net/~harlowja/cloud-init/patch-ssh-key-users/+merge/125606
Patch2: cloud-init-0.7.0-ssh-key-users.patch
+# Give sudoers 0440 permissions, not 0644
+# https://code.launchpad.net/~gholms/cloud-init/sudoers-perms/+merge/125873
+Patch3: cloud-init-0.7.0-sudoers-perms.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -56,6 +59,7 @@ ssh keys and to let the user run various scripts.
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
cp -p %{SOURCE2} README.fedora
@@ -137,6 +141,7 @@ fi
- Rebased against upstream rev 659
- Fixed hostname persistence
- Fixed ssh key printing
+- Fixed sudoers file permissions
* Mon Sep 17 2012 Garrett Holmstrom <gholms at fedoraproject.org> - 0.7.0-0.1.bzr650
- Rebased against upstream rev 650
More information about the scm-commits
mailing list