Christian wrote:
Am 2010-07-21 13:55, schrieb Ludwig Nussel:
Well, if it wasn't the build would abort with an error :-) Having directories with setgid bits is rather unusual though. Are you sure it's required? Yes, it is required. Now I made a permissions file, which need to be reviewed for acceptance.
https://build.opensuse.org/package/show?package=otrs&project=network%3Aotrs%3ATest Thank you.
Well, if you want entries in the permissions files in Factory please file a bug for security-team so the request is documented properly. However, looking at the permissions file you include it's not acceptable anyways. You must not package sub-directories in service owned directories. rpm cannot handle that in a safe way. Having a 'bin' directory rw by a service user looks immediately suspicious. Looks like the init script even starts scripts from there and the init script runs as root! cu Ludwig PS: hostname -f is evil, even more so in a sysconfig file. -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org