Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-4047

Debian package sets wrong permissions on /var/lib/hudson/.ssh

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • other
    • None
    • Platform: All, OS: Linux

      The hudson debian package (from deb http://hudson.gotdns.com/debian binary/)
      sets the permissions 770 to /var/lib/hudson. This makes any private ssh keys
      unusable because they need permissions like 700 or even less.

          [JENKINS-4047] Debian package sets wrong permissions on /var/lib/hudson/.ssh

          andisch added a comment - - edited

          Also see issue JENKINS-5771
          Maybe it's really the best and easiest solution to don't touch permission after upgrade.

          andisch added a comment - - edited Also see issue JENKINS-5771 Maybe it's really the best and easiest solution to don't touch permission after upgrade.

          mehow added a comment -

          Another file that shouldn't be touched is .netrc. From man netrc:

          Note that if this token is present in the .netrc file for any user other than anonymous, ftp will abort the auto-login process if the .netrc is readable by anyone besides the user.

          mehow added a comment - Another file that shouldn't be touched is .netrc . From man netrc : Note that if this token is present in the .netrc file for any user other than anonymous, ftp will abort the auto-login process if the .netrc is readable by anyone besides the user.

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          debian/debian/dirs
          debian/debian/jenkins.postinst
          http://jenkins-ci.org/commit/core/22187541978e62e16140cf26f3bfc400941cbee1
          Log:
          [FIXED JENKINS-4047] don't mess with file permissions

          ahochsteger asks 'why do we mess with file permissions anyway?' and he's
          right! I digged the history but couldn't find why we do it.

          I think we should just set the permissions of the top-level directories,
          but leave the other file permissions as-is.

          In addition,

          • I see no point in touching usr/bin usr/sbin.
            perhaps C&P mistake from some samples?
          • Don't touch /var/lib/hudson if .for-jenkins is present,
            so that people using the hudson user can keep upgrading new
            versions of jenkins and run it as hudson
          • /var/run/hudson contains no important information,
            so no need to bring it over to /var/run/jenkins

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/debian/dirs debian/debian/jenkins.postinst http://jenkins-ci.org/commit/core/22187541978e62e16140cf26f3bfc400941cbee1 Log: [FIXED JENKINS-4047] don't mess with file permissions ahochsteger asks 'why do we mess with file permissions anyway?' and he's right! I digged the history but couldn't find why we do it. I think we should just set the permissions of the top-level directories, but leave the other file permissions as-is. In addition, I see no point in touching usr/bin usr/sbin. perhaps C&P mistake from some samples? Don't touch /var/lib/hudson if .for-jenkins is present, so that people using the hudson user can keep upgrading new versions of jenkins and run it as hudson /var/run/hudson contains no important information, so no need to bring it over to /var/run/jenkins

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          changelog.html
          http://jenkins-ci.org/commit/core/129adcea9568b11447725dd276ca99255e69a179
          Log:
          Recording JENKINS-4047 toward 1.397

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: changelog.html http://jenkins-ci.org/commit/core/129adcea9568b11447725dd276ca99255e69a179 Log: Recording JENKINS-4047 toward 1.397

          Ferenc Kovacs added a comment -

          there is no group with the name admin on debian(should be adm), hence the installation fails.

          Ferenc Kovacs added a comment - there is no group with the name admin on debian(should be adm), hence the installation fails.

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          debian/debian/jenkins.postinst
          http://jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da
          Log:
          [FIXED JENKINS-4047] not admin, should be adm.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/debian/jenkins.postinst http://jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da Log: [FIXED JENKINS-4047] not admin, should be adm.

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          debian/debian/control
          debian/debian/jenkins.postinst
          http://jenkins-ci.org/commit/core/7219e3af4b8e1f464cb034546cdb16059f1ec4d3
          Log:
          Merge branch 'rc'

          • rc:
            Fix dependency on Java2 runtime for both Debian and Ubuntu
            [FIXED JENKINS-4047] not admin, should be adm.
            [FIXED JENKINS-8159] back to java-runtime

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/debian/control debian/debian/jenkins.postinst http://jenkins-ci.org/commit/core/7219e3af4b8e1f464cb034546cdb16059f1ec4d3 Log: Merge branch 'rc' rc: Fix dependency on Java2 runtime for both Debian and Ubuntu [FIXED JENKINS-4047] not admin, should be adm. [FIXED JENKINS-8159] back to java-runtime

          dogfood added a comment -

          Integrated in jenkins_main_trunk #511
          [FIXED JENKINS-4047] not admin, should be adm.

          Kohsuke Kawaguchi :
          Files :

          • debian/debian/jenkins.postinst

          dogfood added a comment - Integrated in jenkins_main_trunk #511 [FIXED JENKINS-4047] not admin, should be adm. Kohsuke Kawaguchi : Files : debian/debian/jenkins.postinst

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          debian/dirs
          debian/jenkins.postinst
          http://jenkins-ci.org/commit/packaging/214311c32a2aff19e83fe54b0b519b1137de0962
          Log:
          [FIXED JENKINS-4047] don't mess with file permissions

          ahochsteger asks 'why do we mess with file permissions anyway?' and he's
          right! I digged the history but couldn't find why we do it.

          I think we should just set the permissions of the top-level directories,
          but leave the other file permissions as-is.

          In addition,

          • I see no point in touching usr/bin usr/sbin.
            perhaps C&P mistake from some samples?
          • Don't touch /var/lib/hudson if .for-jenkins is present,
            so that people using the hudson user can keep upgrading new
            versions of jenkins and run it as hudson
          • /var/run/hudson contains no important information,
            so no need to bring it over to /var/run/jenkins

          Originally-From: jenkins-ci.org/commit/core/22187541978e62e16140cf26f3bfc400941cbee1

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/dirs debian/jenkins.postinst http://jenkins-ci.org/commit/packaging/214311c32a2aff19e83fe54b0b519b1137de0962 Log: [FIXED JENKINS-4047] don't mess with file permissions ahochsteger asks 'why do we mess with file permissions anyway?' and he's right! I digged the history but couldn't find why we do it. I think we should just set the permissions of the top-level directories, but leave the other file permissions as-is. In addition, I see no point in touching usr/bin usr/sbin. perhaps C&P mistake from some samples? Don't touch /var/lib/hudson if .for-jenkins is present, so that people using the hudson user can keep upgrading new versions of jenkins and run it as hudson /var/run/hudson contains no important information, so no need to bring it over to /var/run/jenkins Originally-From: jenkins-ci.org/commit/core/22187541978e62e16140cf26f3bfc400941cbee1

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          debian/jenkins.postinst
          http://jenkins-ci.org/commit/packaging/179fc47d1cf5a6698f8652161c9e4687f25c4fc0
          Log:
          [FIXED JENKINS-4047] not admin, should be adm.

          Originally-From: jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/jenkins.postinst http://jenkins-ci.org/commit/packaging/179fc47d1cf5a6698f8652161c9e4687f25c4fc0 Log: [FIXED JENKINS-4047] not admin, should be adm. Originally-From: jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da

            Unassigned Unassigned
            chrisspelberg Chris lutje Spelberg
            Votes:
            3 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: