auth: Ensure pdns.conf is readable by pdns

diff --git a/builder-support/debian/authoritative/debian-buster/pdns-server.postinst b/builder-support/debian/authoritative/debian-buster/pdns-server.postinst
index 1e0027862cd866dec44371e05af043ab6ed651a9..87be37333790e55578ec5bdf5f0274d44bc9b785 100644 (file)
--- a/builder-support/debian/authoritative/debian-buster/pdns-server.postinst
+++ b/builder-support/debian/authoritative/debian-buster/pdns-server.postinst
@@ -20,6 +20,7 @@ case "$1" in
       echo -n "Creating user and group pdns..."
       adduser --quiet --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns
       echo "done"
+      chown pdns:root /etc/powerdns/pdns.conf
     fi
     chown pdns:pdns /var/lib/powerdns || :
   ;;

diff --git a/builder-support/debian/authoritative/debian-buster/rules b/builder-support/debian/authoritative/debian-buster/rules
index 4862534e8b6a9392c236234d9e22c8648d537f68..ecfb730cbf597cf785e296868af5b315ca601ecb 100755 (executable)
--- a/builder-support/debian/authoritative/debian-buster/rules
+++ b/builder-support/debian/authoritative/debian-buster/rules
@@ -76,8 +76,8 @@ endif
 
 override_dh_fixperms:
        dh_fixperms
-       # these files often contain passwords.
-       chmod 0600 debian/pdns-server/etc/powerdns/pdns.conf
+       # these files often contain passwords. 660 as it is chowned to root:pdns
+       chmod 0660 debian/pdns-server/etc/powerdns/pdns.conf
 
 # restore moved files
 override_dh_clean:

diff --git a/builder-support/debian/authoritative/debian-jessie/pdns-server.postinst b/builder-support/debian/authoritative/debian-jessie/pdns-server.postinst
index 1e0027862cd866dec44371e05af043ab6ed651a9..87be37333790e55578ec5bdf5f0274d44bc9b785 100644 (file)
--- a/builder-support/debian/authoritative/debian-jessie/pdns-server.postinst
+++ b/builder-support/debian/authoritative/debian-jessie/pdns-server.postinst
@@ -20,6 +20,7 @@ case "$1" in
       echo -n "Creating user and group pdns..."
       adduser --quiet --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns
       echo "done"
+      chown pdns:root /etc/powerdns/pdns.conf
     fi
     chown pdns:pdns /var/lib/powerdns || :
   ;;

diff --git a/builder-support/debian/authoritative/debian-jessie/rules b/builder-support/debian/authoritative/debian-jessie/rules
index 70566746150e87eced8d80627fa0d172f4e54162..54ab7f0590139cbc6846c7f3c3a81a3163473d4f 100755 (executable)
--- a/builder-support/debian/authoritative/debian-jessie/rules
+++ b/builder-support/debian/authoritative/debian-jessie/rules
@@ -75,8 +75,8 @@ override_dh_auto_build-arch:
 
 override_dh_fixperms:
        dh_fixperms
-       # these files often contain passwords.
-       chmod 0600 debian/pdns-server/etc/powerdns/pdns.conf
+       # these files often contain passwords. 660 as it is chowned to root:pdns
+       chmod 0660 debian/pdns-server/etc/powerdns/pdns.conf
 
 # restore moved files
 override_dh_clean:

diff --git a/builder-support/debian/authoritative/debian-stretch/pdns-server.postinst b/builder-support/debian/authoritative/debian-stretch/pdns-server.postinst
index 1e0027862cd866dec44371e05af043ab6ed651a9..87be37333790e55578ec5bdf5f0274d44bc9b785 100644 (file)
--- a/builder-support/debian/authoritative/debian-stretch/pdns-server.postinst
+++ b/builder-support/debian/authoritative/debian-stretch/pdns-server.postinst
@@ -20,6 +20,7 @@ case "$1" in
       echo -n "Creating user and group pdns..."
       adduser --quiet --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns
       echo "done"
+      chown pdns:root /etc/powerdns/pdns.conf
     fi
     chown pdns:pdns /var/lib/powerdns || :
   ;;

diff --git a/builder-support/debian/authoritative/debian-stretch/rules b/builder-support/debian/authoritative/debian-stretch/rules
index 90b41e30a6ff84b561649c40b19719f49e1b540d..fca9b485862d1fd79de739abb1c0717f1a2267ca 100755 (executable)
--- a/builder-support/debian/authoritative/debian-stretch/rules
+++ b/builder-support/debian/authoritative/debian-stretch/rules
@@ -70,8 +70,8 @@ override_dh_auto_test:
 
 override_dh_fixperms:
        dh_fixperms
-       # these files often contain passwords.
-       chmod 0600 debian/pdns-server/etc/powerdns/pdns.conf
+       # these files often contain passwords. 660 as it is chowned to root:pdns
+       chmod 0660 debian/pdns-server/etc/powerdns/pdns.conf
 
 # restore moved files
 override_dh_clean: