On 12/21/2011 01:50 PM, John Eckersberg wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=766929
aeolus-conductor.spec.in | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/aeolus-conductor.spec.in b/aeolus-conductor.spec.in index 51a487c..53e1894 100644 --- a/aeolus-conductor.spec.in +++ b/aeolus-conductor.spec.in @@ -287,6 +287,7 @@ fi %{app_root}/config/database.pg %{app_root}/config/database.sqlite %config %{app_root}/config/*.yml +%attr(660, aeolus, aeolus) %{app_root}/config/database.yml %{app_root}/config.ru %{app_root}/db %{app_root}/dbomatic
Since database.yml is a copy of database.pg, we should do the same for the other database configuration files:
%{app_root}/config/database.mysql %{app_root}/config/database.pg %{app_root}/config/database.sqlite
We also have other files that shouldn't be world-readable:
config/oauth.json config/settings.yml config/initializers/secret_token.rb
Perhaps we should just set every file under the config directory to 660, aeolus.