[JENKINS-7575] .deb package postinst prevents serving static content directly - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Component/s: other
Labels:
None
Environment:
Debian-based GNU/Linux

Similar Issues:

Show

Description

Our Apache server is proxying Hudson, while serving its static content directly.
As Apache workers are run by user www-data and group www-data, they're not entitled to access /var/run/hudson and /var/lib/hudson since they're only group readable (hudson:adm).
This comes from the fact the .deb package postinst script performs:

chown hudson:adm on /var/run/hudson and /var/lib/hudson. Why "adm"?
chmod 750 on /var/run/hudson and /var/lib/hudson. Why not user readable?

Could you please amend the postinst script so that:

either it just set access rights at first installation time, so that my custom changes are not reset at upgrade time.
or it uses: chmod 755.
or it uses: chown hudson:www-data.
or, simpler, it doesn't deal with such things at all.

Thanks.

Attachments

Issue Links

is related to

JENKINS-4047 Debian package sets wrong permissions on /var/lib/hudson/.ssh

Resolved

JENKINS-5969 Problematic chown/chmod at Debian package upgrade

Resolved

JENKINS-5771 Debian package upgrade sets wrong user permissions if HUDSON_USER is not hudson (default)

Resolved

Activity

Ascending order - Click to sort in descending order

Régis Desgroppes created issue - 2010-09-27 02:17

Régis Desgroppes added a comment - 2010-09-27 02:23

Not reseting owners and access rights seems to form a consensus.

Régis Desgroppes added a comment - 2010-09-27 02:23 Not reseting owners and access rights seems to form a consensus.

Régis Desgroppes made changes - 2010-09-27 02:23

Field	Original Value	New Value
Link		This issue is related to ~~JENKINS-5969~~ [ ~~JENKINS-5969~~ ]

Régis Desgroppes made changes - 2010-09-27 02:23

Link

This issue is related to ~~JENKINS-4047~~ [ ~~JENKINS-4047~~ ]

Régis Desgroppes made changes - 2010-09-27 02:23

Link

This issue is related to ~~JENKINS-5771~~ [ ~~JENKINS-5771~~ ]

Kohsuke Kawaguchi added a comment - 2011-12-03 08:20

/var/lin/jenkins isn't world readable since its data can be sensitive. The current version no longer tries to reset the permissions of the files/directories in it. As such, I consider this issue fixed.

Kohsuke Kawaguchi added a comment - 2011-12-03 08:20 /var/lin/jenkins isn't world readable since its data can be sensitive. The current version no longer tries to reset the permissions of the files/directories in it. As such, I consider this issue fixed.

Kohsuke Kawaguchi made changes - 2011-12-03 08:20

Assignee	ashlux [ ashlux ]	Kohsuke Kawaguchi [ kohsuke ]
Resolution		Fixed [ 1 ]
Status	Open [ 1 ]	Resolved [ 5 ]

Jenkins IRC Bot made changes - 2014-09-27 17:52

Component/s		other [ 15490 ]
Component/s	infrastructure [ 15687 ]

Régis Desgroppes made changes - 2015-09-21 06:39

Status

Resolved [ 5 ]

Closed [ 6 ]

R. Tyler Croy made changes - 2016-07-25 23:59

Workflow

JNJira [ 137674 ]

JNJira + In-Review [ 204568 ]

People

Assignee:: Kohsuke Kawaguchi

Reporter:: Régis Desgroppes

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2010-09-27 02:17

Updated:: 2015-09-21 06:39

Resolved:: 2011-12-03 08:20