Skip to content

M
MariaDB
Commit d980a637 authored by Hartmut Holzgraefe's avatar Hartmut Holzgraefe
Browse files
Options

MDEV-30904 "rpm --setugids" breaks PAM authentication 

Set auto_pam_tool_dir and auth_pam_tool ownership in RPM specs,
not in POSTINST hook script, so that they are properly restored
when running "rpm --setugids" instead of wrongly changing
auth_pam_tool_dir ownershipt from "mysql" to "root"
parent 15e18913
Show whitespace changes
Inline Side-by-side
Showing with 2 additions and 5 deletions
plugin/auth_pam/CMakeLists.txt
View file @ d980a637
......@@ -43,8 +43,8 @@ IF(HAVE_PAM_APPL_H AND HAVE_GETGROUPLIST)
MYSQL_ADD_EXECUTABLE(auth_pam_tool auth_pam_tool.c DESTINATION ${INSTALL_PLUGINDIR}/auth_pam_tool_dir COMPONENT Server)
TARGET_LINK_LIBRARIES(auth_pam_tool pam)
SET(CPACK_RPM_server_USER_FILELIST ${CPACK_RPM_server_USER_FILELIST}
"%attr(700,-,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir"
"%attr(4755,-,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir/auth_pam_tool")
"%attr(700,${MYSQLD_USER},-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir"
"%attr(4755,root,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir/auth_pam_tool")
SET(CPACK_RPM_server_USER_FILELIST ${CPACK_RPM_server_USER_FILELIST} PARENT_SCOPE)
ENDIF()
IF(TARGET auth_pam OR TARGET auth_pam_v1)
......
support-files/rpm/server-postin.sh
View file @ d980a637
......@@ -69,9 +69,6 @@ if [ $1 = 1 ] ; then
chmod -R og-rw $datadir/mysql
fi
# Set the correct filesystem ownership for the PAM v2 plugin
chown %{mysqld_user} /usr/lib*/mysql/plugin/auth_pam_tool_dir
# install SELinux files - but don't override existing ones
SETARGETDIR=/etc/selinux/targeted/src/policy
SEDOMPROG=$SETARGETDIR/domains/program
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7