From 2dcae4b10529b1de26f8b089cac36e657f7b2cb1 Mon Sep 17 00:00:00 2001
From: Martin Stransky <stransky@fedoraproject.org>
Date: Tue, 21 Nov 2006 16:33:52 +0000
Subject: [PATCH] fix for #216185: bind-chroot-admin able to change root mode
 750

---
 bind-chroot-admin.in | 24 ++++++++++++------------
 bind.spec            |  1 +
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/bind-chroot-admin.in b/bind-chroot-admin.in
index bdd4a1d..fc87221 100644
--- a/bind-chroot-admin.in
+++ b/bind-chroot-admin.in
@@ -78,24 +78,24 @@ function check_dirs()
 	/bin/chmod 0640 /etc/sysconfig/named;
     fi
     /bin/mkdir -p ${BIND_DIR}/{slaves,data};
-    /bin/chown root:named ${BIND_DIR};
-    /bin/chown named:named ${BIND_DIR}/{slaves,data};
-    /bin/chmod 750 ${BIND_DIR}
-    /bin/chmod 770 ${BIND_DIR}/{slaves,data};
+    /bin/chown --preserve-root root:named ${BIND_DIR};
+    /bin/chown --preserve-root named:named ${BIND_DIR}/{slaves,data};
+    /bin/chmod --preserve-root 750 ${BIND_DIR}
+    /bin/chmod --preserve-root 770 ${BIND_DIR}/{slaves,data};
         
     mkdir -p ${BIND_CHROOT_PREFIX}/{etc,dev,var/{run/named,named/{slaves,data}}};
-    /bin/chown root:named ${BIND_CHROOT_PREFIX}/{etc,dev,var/{run,named/}};
-    /bin/chown root:named ${BIND_CHROOT_PREFIX}/var;
-    /bin/chmod 750 ${BIND_CHROOT_PREFIX}/{,etc,dev,var,var/{run,named/}};
-    /bin/chown named:named ${BIND_CHROOT_PREFIX}/var/{run/named,named/{data,slaves}};
-    /bin/chmod 770 ${BIND_CHROOT_PREFIX}/var/{run/named,named/{slaves,data}};        
+    /bin/chown --preserve-root root:named ${BIND_CHROOT_PREFIX}/{etc,dev,var/{run,named/}};
+    /bin/chown --preserve-root root:named ${BIND_CHROOT_PREFIX}/var;
+    /bin/chmod --preserve-root 750 ${BIND_CHROOT_PREFIX}/{,etc,dev,var,var/{run,named/}};
+    /bin/chown --preserve-root named:named ${BIND_CHROOT_PREFIX}/var/{run/named,named/{data,slaves}};
+    /bin/chmod --preserve-root 770 ${BIND_CHROOT_PREFIX}/var/{run/named,named/{slaves,data}};        
     
     [ ! -e "${BIND_CHROOT_PREFIX}/dev/random" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/random" c 1 8 
     [ ! -e "${BIND_CHROOT_PREFIX}/dev/zero" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/zero" c 1 5
     [ ! -e "${BIND_CHROOT_PREFIX}/dev/null" ] && /bin/mknod "${BIND_CHROOT_PREFIX}/dev/null" c 1 3
     [ ! -e "${BIND_CHROOT_PREFIX}/etc/localtime" ] &&  [ -e /etc/localtime ] && /bin/cp -fp /etc/localtime "${BIND_CHROOT_PREFIX}/etc/localtime";
-    chown root:named "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero};
-    chmod 660 "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero};
+    /bin/chown --preserve-root root:named "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero};
+    /bin/chmod --preserve-root 660 "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero};
     if selinux_enabled && [ -x /usr/bin/chcon ]; then       
        for dev in random zero null; do
 	   /usr/bin/chcon --reference=/dev/$dev ${BIND_CHROOT_PREFIX}/dev/$dev;
@@ -321,4 +321,4 @@ case $1 in
     *)
 	usage;
 	exit 1;
-esac
\ No newline at end of file
+esac
diff --git a/bind.spec b/bind.spec
index 11eff4b..1a372b0 100644
--- a/bind.spec
+++ b/bind.spec
@@ -779,6 +779,7 @@ rm -rf ${RPM_BUILD_ROOT}
 * Fri Nov 21 2006 Martin Stransky <stransky@redhat.com> - 31:9.3.3-0.1.rc3
 - added back an interval to restart
 - renamed package, it should meet the N-V-R criteria
+- fix for #216185: bind-chroot-admin able to change root mode 750
 
 * Mon Oct 30 2006 Martin Stransky <stransky@redhat.com> - 30:9.3.3-6
 - fix for #200465: named-checkzone and co. cannot be run as non-root user