https://bugzilla.redhat.com/show_bug.cgi?id=766929
This will mark everything under config to only be accessible by the aeolus user/group. --- aeolus-conductor.spec.in | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/aeolus-conductor.spec.in b/aeolus-conductor.spec.in index aa49a29..ae31f90 100644 --- a/aeolus-conductor.spec.in +++ b/aeolus-conductor.spec.in @@ -278,6 +278,7 @@ fi %files %dir %{app_root} %{app_root}/app +%defattr(660,aeolus,aeolus,770) %dir %{app_root}/config %{app_root}/config/environments %{app_root}/config/initializers @@ -287,6 +288,7 @@ fi %{app_root}/config/database.pg %{app_root}/config/database.sqlite %config %{app_root}/config/*.yml +%defattr(-,root,root,-) %{app_root}/config.ru %{app_root}/db %{app_root}/dbomatic