Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-4047

Debian package sets wrong permissions on /var/lib/hudson/.ssh

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: other
    • Labels:
      None
    • Environment:
      Platform: All, OS: Linux
    • Similar Issues:

      Description

      The hudson debian package (from deb http://hudson.gotdns.com/debian binary/)
      sets the permissions 770 to /var/lib/hudson. This makes any private ssh keys
      unusable because they need permissions like 700 or even less.

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Kohsuke Kawaguchi
            Path:
            debian/debian/jenkins.postinst
            http://jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da
            Log:
            [FIXED JENKINS-4047] not admin, should be adm.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/debian/jenkins.postinst http://jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da Log: [FIXED JENKINS-4047] not admin, should be adm.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Kohsuke Kawaguchi
            Path:
            debian/debian/control
            debian/debian/jenkins.postinst
            http://jenkins-ci.org/commit/core/7219e3af4b8e1f464cb034546cdb16059f1ec4d3
            Log:
            Merge branch 'rc'

            • rc:
              Fix dependency on Java2 runtime for both Debian and Ubuntu
              [FIXED JENKINS-4047] not admin, should be adm.
              [FIXED JENKINS-8159] back to java-runtime
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/debian/control debian/debian/jenkins.postinst http://jenkins-ci.org/commit/core/7219e3af4b8e1f464cb034546cdb16059f1ec4d3 Log: Merge branch 'rc' rc: Fix dependency on Java2 runtime for both Debian and Ubuntu [FIXED JENKINS-4047] not admin, should be adm. [FIXED JENKINS-8159] back to java-runtime
            Hide
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #511
            [FIXED JENKINS-4047] not admin, should be adm.

            Kohsuke Kawaguchi :
            Files :

            • debian/debian/jenkins.postinst
            Show
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #511 [FIXED JENKINS-4047] not admin, should be adm. Kohsuke Kawaguchi : Files : debian/debian/jenkins.postinst
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Kohsuke Kawaguchi
            Path:
            debian/dirs
            debian/jenkins.postinst
            http://jenkins-ci.org/commit/packaging/214311c32a2aff19e83fe54b0b519b1137de0962
            Log:
            [FIXED JENKINS-4047] don't mess with file permissions

            ahochsteger asks 'why do we mess with file permissions anyway?' and he's
            right! I digged the history but couldn't find why we do it.

            I think we should just set the permissions of the top-level directories,
            but leave the other file permissions as-is.

            In addition,

            • I see no point in touching usr/bin usr/sbin.
              perhaps C&P mistake from some samples?
            • Don't touch /var/lib/hudson if .for-jenkins is present,
              so that people using the hudson user can keep upgrading new
              versions of jenkins and run it as hudson
            • /var/run/hudson contains no important information,
              so no need to bring it over to /var/run/jenkins

            Originally-From: jenkins-ci.org/commit/core/22187541978e62e16140cf26f3bfc400941cbee1

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/dirs debian/jenkins.postinst http://jenkins-ci.org/commit/packaging/214311c32a2aff19e83fe54b0b519b1137de0962 Log: [FIXED JENKINS-4047] don't mess with file permissions ahochsteger asks 'why do we mess with file permissions anyway?' and he's right! I digged the history but couldn't find why we do it. I think we should just set the permissions of the top-level directories, but leave the other file permissions as-is. In addition, I see no point in touching usr/bin usr/sbin. perhaps C&P mistake from some samples? Don't touch /var/lib/hudson if .for-jenkins is present, so that people using the hudson user can keep upgrading new versions of jenkins and run it as hudson /var/run/hudson contains no important information, so no need to bring it over to /var/run/jenkins Originally-From: jenkins-ci.org/commit/core/22187541978e62e16140cf26f3bfc400941cbee1
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Kohsuke Kawaguchi
            Path:
            debian/jenkins.postinst
            http://jenkins-ci.org/commit/packaging/179fc47d1cf5a6698f8652161c9e4687f25c4fc0
            Log:
            [FIXED JENKINS-4047] not admin, should be adm.

            Originally-From: jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/jenkins.postinst http://jenkins-ci.org/commit/packaging/179fc47d1cf5a6698f8652161c9e4687f25c4fc0 Log: [FIXED JENKINS-4047] not admin, should be adm. Originally-From: jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              chrisspelberg Chris lutje Spelberg
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: