Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-7575

.deb package postinst prevents serving static content directly

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • other
    • None
    • Debian-based GNU/Linux

      Our Apache server is proxying Hudson, while serving its static content directly.
      As Apache workers are run by user www-data and group www-data, they're not entitled to access /var/run/hudson and /var/lib/hudson since they're only group readable (hudson:adm).
      This comes from the fact the .deb package postinst script performs:

      • chown hudson:adm on /var/run/hudson and /var/lib/hudson. Why "adm"?
      • chmod 750 on /var/run/hudson and /var/lib/hudson. Why not user readable?

      Could you please amend the postinst script so that:

      • either it just set access rights at first installation time, so that my custom changes are not reset at upgrade time.
      • or it uses: chmod 755.
      • or it uses: chown hudson:www-data.
      • or, simpler, it doesn't deal with such things at all.

      Thanks.

          [JENKINS-7575] .deb package postinst prevents serving static content directly

          Not reseting owners and access rights seems to form a consensus.

          Régis Desgroppes added a comment - Not reseting owners and access rights seems to form a consensus.

          /var/lin/jenkins isn't world readable since its data can be sensitive. The current version no longer tries to reset the permissions of the files/directories in it. As such, I consider this issue fixed.

          Kohsuke Kawaguchi added a comment - /var/lin/jenkins isn't world readable since its data can be sensitive. The current version no longer tries to reset the permissions of the files/directories in it. As such, I consider this issue fixed.

            kohsuke Kohsuke Kawaguchi
            rdesgroppes Régis Desgroppes
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: