4b1fe8a0ab
Together with the patches backported from upstream, we're changing the deskprofilepath permissions from 755 to 751, reflecting the upstream spec file changes. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
From f0cbe890adf696d8318373203580d709f3d38d8c Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
|
|
Date: Mon, 5 Feb 2018 07:56:53 +0100
|
|
Subject: [PATCH 88/88] DESKPROFILE: Set the profile permissions to read-only
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Sumit suggested to have the profile permissions with the least possible
|
|
permissions and it does make sense.
|
|
|
|
So, let's change it from read-write to read-only.
|
|
|
|
Related:
|
|
https://pagure.io/SSSD/sssd/issue/362
|
|
|
|
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
---
|
|
src/providers/ipa/ipa_deskprofile_rules_util.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c
|
|
index 2102713d6..e52587378 100644
|
|
--- a/src/providers/ipa/ipa_deskprofile_rules_util.c
|
|
+++ b/src/providers/ipa/ipa_deskprofile_rules_util.c
|
|
@@ -900,7 +900,7 @@ ipa_deskprofile_rules_save_rule_to_disk(
|
|
goto done;
|
|
}
|
|
|
|
- fd = open(filename_path, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
|
+ fd = open(filename_path, O_WRONLY | O_CREAT | O_TRUNC, 0400);
|
|
if (fd == -1) {
|
|
ret = errno;
|
|
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
--
|
|
2.14.3
|
|
|