From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Mon, 30 Sep 2019 15:40:15 +0000 (+0200)
Subject: chmod/own recursor.conf for the systemd case
X-Git-Tag: dnsdist-1.4.0-rc4~55^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ddf55a097d5de302d08a443c66c407e148bff5c5;p=pdns

chmod/own recursor.conf for the systemd case
---

diff --git a/builder-support/debian/recursor/debian-buster/pdns-recursor.postinst b/builder-support/debian/recursor/debian-buster/pdns-recursor.postinst
index 1c32de285..c4a755daa 100644
--- a/builder-support/debian/recursor/debian-buster/pdns-recursor.postinst
+++ b/builder-support/debian/recursor/debian-buster/pdns-recursor.postinst
@@ -5,6 +5,11 @@ case "$1" in
   configure)
     addgroup --system pdns
     adduser --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns
+    if [ "`stat -c '%U:%G' /etc/powerdns/recursor.conf`" = "root:root" ]; then
+      chown root:pdns /etc/powerdns/recursor.conf
+      # Make sure that pdns can read it; the default used to be 0600
+      chmod g+r /etc/powerdns/recursor.conf
+    fi
   ;;
 
   *)
diff --git a/builder-support/debian/recursor/debian-buster/rules b/builder-support/debian/recursor/debian-buster/rules
index c8a82683b..e91959c3d 100755
--- a/builder-support/debian/recursor/debian-buster/rules
+++ b/builder-support/debian/recursor/debian-buster/rules
@@ -57,3 +57,8 @@ override_dh_installinit:
 
 override_dh_gencontrol:
 	dh_gencontrol -- $(SUBSTVARS)
+
+override_dh_fixperms:
+	dh_fixperms
+        # these files often contain passwords. 640 as it is chowned to root:pdns
+	chmod 0640 debian/pdns-server/etc/powerdns/recursor.conf
diff --git a/builder-support/debian/recursor/debian-jessie/pdns-recursor.postinst b/builder-support/debian/recursor/debian-jessie/pdns-recursor.postinst
index 1c32de285..c4a755daa 100644
--- a/builder-support/debian/recursor/debian-jessie/pdns-recursor.postinst
+++ b/builder-support/debian/recursor/debian-jessie/pdns-recursor.postinst
@@ -5,6 +5,11 @@ case "$1" in
   configure)
     addgroup --system pdns
     adduser --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns
+    if [ "`stat -c '%U:%G' /etc/powerdns/recursor.conf`" = "root:root" ]; then
+      chown root:pdns /etc/powerdns/recursor.conf
+      # Make sure that pdns can read it; the default used to be 0600
+      chmod g+r /etc/powerdns/recursor.conf
+    fi
   ;;
 
   *)
diff --git a/builder-support/debian/recursor/debian-jessie/rules b/builder-support/debian/recursor/debian-jessie/rules
index 20d715d51..a70e92acb 100755
--- a/builder-support/debian/recursor/debian-jessie/rules
+++ b/builder-support/debian/recursor/debian-jessie/rules
@@ -57,3 +57,8 @@ override_dh_installinit:
 
 override_dh_gencontrol:
 	dh_gencontrol -- $(SUBSTVARS)
+
+override_dh_fixperms:
+	dh_fixperms
+        # these files often contain passwords. 640 as it is chowned to root:pdns
+	chmod 0640 debian/pdns-server/etc/powerdns/recursor.conf
diff --git a/builder-support/debian/recursor/debian-stretch/pdns-recursor.postinst b/builder-support/debian/recursor/debian-stretch/pdns-recursor.postinst
index 1c32de285..c4a755daa 100644
--- a/builder-support/debian/recursor/debian-stretch/pdns-recursor.postinst
+++ b/builder-support/debian/recursor/debian-stretch/pdns-recursor.postinst
@@ -5,6 +5,11 @@ case "$1" in
   configure)
     addgroup --system pdns
     adduser --system --home /var/spool/powerdns --shell /bin/false --ingroup pdns --disabled-password --disabled-login --gecos "PowerDNS" pdns
+    if [ "`stat -c '%U:%G' /etc/powerdns/recursor.conf`" = "root:root" ]; then
+      chown root:pdns /etc/powerdns/recursor.conf
+      # Make sure that pdns can read it; the default used to be 0600
+      chmod g+r /etc/powerdns/recursor.conf
+    fi
   ;;
 
   *)
diff --git a/builder-support/debian/recursor/debian-stretch/rules b/builder-support/debian/recursor/debian-stretch/rules
index c8a82683b..e91959c3d 100755
--- a/builder-support/debian/recursor/debian-stretch/rules
+++ b/builder-support/debian/recursor/debian-stretch/rules
@@ -57,3 +57,8 @@ override_dh_installinit:
 
 override_dh_gencontrol:
 	dh_gencontrol -- $(SUBSTVARS)
+
+override_dh_fixperms:
+	dh_fixperms
+        # these files often contain passwords. 640 as it is chowned to root:pdns
+	chmod 0640 debian/pdns-server/etc/powerdns/recursor.conf