52 lines
1.6 KiB
Diff
52 lines
1.6 KiB
Diff
From f7a16f89f3ed327d3e2f4ce897917c2966fb427d Mon Sep 17 00:00:00 2001
|
|
From: Peter Jones <pjones@redhat.com>
|
|
Date: Fri, 20 Nov 2015 19:21:39 -0500
|
|
Subject: [PATCH 4/5] setfacl the db as well
|
|
|
|
And also get all our "-m [ug]:${name}:$perm" arguments right.
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
---
|
|
src/pesign-authorize-groups | 4 ++++
|
|
src/pesign-authorize-users | 8 ++++++--
|
|
2 files changed, 10 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/pesign-authorize-groups b/src/pesign-authorize-groups
|
|
index 2222809..13aefa6 100644
|
|
--- a/src/pesign-authorize-groups
|
|
+++ b/src/pesign-authorize-groups
|
|
@@ -17,5 +17,9 @@ if [[ -r /etc/pesign/groups ]]; then
|
|
setfacl -m g:${group}:rw /var/run/pesign/socket
|
|
fi
|
|
fi
|
|
+ if [ -d /etc/pki/pesign ]; then
|
|
+ setfacl -m g:${group}:rx /etc/pki/pesign
|
|
+ setfacl -m g:${group}:r /etc/pki/pesign/{cert8,key3,secmod}.db
|
|
+ fi
|
|
done
|
|
fi
|
|
diff --git a/src/pesign-authorize-users b/src/pesign-authorize-users
|
|
index 22bddec..a43ce44 100644
|
|
--- a/src/pesign-authorize-users
|
|
+++ b/src/pesign-authorize-users
|
|
@@ -12,10 +12,14 @@
|
|
if [[ -r /etc/pesign/users ]]; then
|
|
for username in $(cat /etc/pesign/users); do
|
|
if [ -d /var/run/pesign ]; then
|
|
- setfacl -m g:${username}:rx /var/run/pesign
|
|
+ setfacl -m u:${username}:rx /var/run/pesign
|
|
if [ -e /var/run/pesign/socket ]; then
|
|
- setfacl -m g:${username}:rw /var/run/pesign/socket
|
|
+ setfacl -m u:${username}:rw /var/run/pesign/socket
|
|
fi
|
|
fi
|
|
+ if [ -d /etc/pki/pesign ]; then
|
|
+ setfacl -m u:${username}:rx /etc/pki/pesign
|
|
+ setfacl -m u:${username}:r /etc/pki/pesign/{cert8,key3,secmod}.db
|
|
+ fi
|
|
done
|
|
fi
|
|
--
|
|
2.5.0
|
|
|