[JENKINS-4047] Debian package sets wrong permissions on /var/lib/hudson/.ssh - Jenkins Jira

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Critical
Resolution: Fixed
Component/s: other
Labels:
None
Environment:
Platform: All, OS: Linux

Similar Issues:

Show

Description

The hudson debian package (from deb http://hudson.gotdns.com/debian binary/)
sets the permissions 770 to /var/lib/hudson. This makes any private ssh keys
unusable because they need permissions like 700 or even less.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

HUDSON-4047-exclude-jobs-and-ssh-dirs.diff
0.8 kB
2010-01-01 13:26

Issue Links

is duplicated by

JENKINS-5908 Debian upgrade failure with symbolic links in workspace

Resolved

is related to

JENKINS-7575 .deb package postinst prevents serving static content directly

Closed

Activity

Ascending order - Click to sort in descending order

View 17 older comments

SCM/JIRA link daemon added a comment - 2011-02-13 04:05

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
debian/debian/jenkins.postinst
http://jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da
Log:
[FIXED JENKINS-4047] not admin, should be adm.

SCM/JIRA link daemon added a comment - 2011-02-13 04:05 Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/debian/jenkins.postinst http://jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da Log: [FIXED JENKINS-4047] not admin, should be adm.

SCM/JIRA link daemon added a comment - 2011-02-14 18:30

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
debian/debian/control
debian/debian/jenkins.postinst
http://jenkins-ci.org/commit/core/7219e3af4b8e1f464cb034546cdb16059f1ec4d3
Log:
Merge branch 'rc'

rc:
Fix dependency on Java2 runtime for both Debian and Ubuntu
[FIXED JENKINS-4047] not admin, should be adm.
[FIXED JENKINS-8159] back to java-runtime

SCM/JIRA link daemon added a comment - 2011-02-14 18:30 Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/debian/control debian/debian/jenkins.postinst http://jenkins-ci.org/commit/core/7219e3af4b8e1f464cb034546cdb16059f1ec4d3 Log: Merge branch 'rc' rc: Fix dependency on Java2 runtime for both Debian and Ubuntu [FIXED JENKINS-4047] not admin, should be adm. [FIXED JENKINS-8159] back to java-runtime

dogfood added a comment - 2011-02-14 19:46

Integrated in jenkins_main_trunk #511
[FIXED JENKINS-4047] not admin, should be adm.

Kohsuke Kawaguchi :
Files :

debian/debian/jenkins.postinst

dogfood added a comment - 2011-02-14 19:46 Integrated in jenkins_main_trunk #511 [FIXED JENKINS-4047] not admin, should be adm. Kohsuke Kawaguchi : Files : debian/debian/jenkins.postinst

SCM/JIRA link daemon added a comment - 2015-04-03 22:23

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
debian/dirs
debian/jenkins.postinst
http://jenkins-ci.org/commit/packaging/214311c32a2aff19e83fe54b0b519b1137de0962
Log:
[FIXED JENKINS-4047] don't mess with file permissions

ahochsteger asks 'why do we mess with file permissions anyway?' and he's
right! I digged the history but couldn't find why we do it.

I think we should just set the permissions of the top-level directories,
but leave the other file permissions as-is.

In addition,

I see no point in touching usr/bin usr/sbin.
perhaps C&P mistake from some samples?

Don't touch /var/lib/hudson if .for-jenkins is present,
so that people using the hudson user can keep upgrading new
versions of jenkins and run it as hudson

/var/run/hudson contains no important information,
so no need to bring it over to /var/run/jenkins

Originally-From: jenkins-ci.org/commit/core/22187541978e62e16140cf26f3bfc400941cbee1

SCM/JIRA link daemon added a comment - 2015-04-03 22:23 Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/dirs debian/jenkins.postinst http://jenkins-ci.org/commit/packaging/214311c32a2aff19e83fe54b0b519b1137de0962 Log: [FIXED JENKINS-4047] don't mess with file permissions ahochsteger asks 'why do we mess with file permissions anyway?' and he's right! I digged the history but couldn't find why we do it. I think we should just set the permissions of the top-level directories, but leave the other file permissions as-is. In addition, I see no point in touching usr/bin usr/sbin. perhaps C&P mistake from some samples? Don't touch /var/lib/hudson if .for-jenkins is present, so that people using the hudson user can keep upgrading new versions of jenkins and run it as hudson /var/run/hudson contains no important information, so no need to bring it over to /var/run/jenkins Originally-From: jenkins-ci.org/commit/core/22187541978e62e16140cf26f3bfc400941cbee1

SCM/JIRA link daemon added a comment - 2015-04-03 22:23

Code changed in jenkins
User: Kohsuke Kawaguchi
Path:
debian/jenkins.postinst
http://jenkins-ci.org/commit/packaging/179fc47d1cf5a6698f8652161c9e4687f25c4fc0
Log:
[FIXED JENKINS-4047] not admin, should be adm.

Originally-From: jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da

SCM/JIRA link daemon added a comment - 2015-04-03 22:23 Code changed in jenkins User: Kohsuke Kawaguchi Path: debian/jenkins.postinst http://jenkins-ci.org/commit/packaging/179fc47d1cf5a6698f8652161c9e4687f25c4fc0 Log: [FIXED JENKINS-4047] not admin, should be adm. Originally-From: jenkins-ci.org/commit/core/9d250135e85d6662ff7a53d69424fac0c080b1da

Jenkins

Debian package sets wrong permissions on /var/lib/hudson/.ssh

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates