Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-7575

.deb package postinst prevents serving static content directly

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • other
    • None
    • Debian-based GNU/Linux

    Description

      Our Apache server is proxying Hudson, while serving its static content directly.
      As Apache workers are run by user www-data and group www-data, they're not entitled to access /var/run/hudson and /var/lib/hudson since they're only group readable (hudson:adm).
      This comes from the fact the .deb package postinst script performs:

      • chown hudson:adm on /var/run/hudson and /var/lib/hudson. Why "adm"?
      • chmod 750 on /var/run/hudson and /var/lib/hudson. Why not user readable?

      Could you please amend the postinst script so that:

      • either it just set access rights at first installation time, so that my custom changes are not reset at upgrade time.
      • or it uses: chmod 755.
      • or it uses: chown hudson:www-data.
      • or, simpler, it doesn't deal with such things at all.

      Thanks.

      Attachments

        Issue Links

          Activity

            rdesgroppes Régis Desgroppes created issue -

            Not reseting owners and access rights seems to form a consensus.

            rdesgroppes Régis Desgroppes added a comment - Not reseting owners and access rights seems to form a consensus.
            rdesgroppes Régis Desgroppes made changes -
            Field Original Value New Value
            Link This issue is related to JENKINS-5969 [ JENKINS-5969 ]
            rdesgroppes Régis Desgroppes made changes -
            Link This issue is related to JENKINS-4047 [ JENKINS-4047 ]
            rdesgroppes Régis Desgroppes made changes -
            Link This issue is related to JENKINS-5771 [ JENKINS-5771 ]

            /var/lin/jenkins isn't world readable since its data can be sensitive. The current version no longer tries to reset the permissions of the files/directories in it. As such, I consider this issue fixed.

            kohsuke Kohsuke Kawaguchi added a comment - /var/lin/jenkins isn't world readable since its data can be sensitive. The current version no longer tries to reset the permissions of the files/directories in it. As such, I consider this issue fixed.
            kohsuke Kohsuke Kawaguchi made changes -
            Assignee ashlux [ ashlux ] Kohsuke Kawaguchi [ kohsuke ]
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Resolved [ 5 ]
            ircbot Jenkins IRC Bot made changes -
            Component/s other [ 15490 ]
            Component/s infrastructure [ 15687 ]
            rdesgroppes Régis Desgroppes made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 137674 ] JNJira + In-Review [ 204568 ]

            People

              kohsuke Kohsuke Kawaguchi
              rdesgroppes Régis Desgroppes
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: