From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] suricata: Fix ownership and file permissions of files inside
 /var/lib/suricata.
Date: Sat, 16 Mar 2019 13:04:18 +0100
Message-ID: <20190316120418.5765-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0566553057173375095=="
List-Id: <development.lists.ipfire.org>

--===============0566553057173375095==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

These files needs to have nobody.nobody as owner but requires read-acces from=
 everyone
to allow the suricata user reading-in this files during startup.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 lfs/suricata | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lfs/suricata b/lfs/suricata
index 0a561ef8b..d7b5b71d6 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -101,8 +101,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# to the rules directory.
 	mv /etc/suricata/*.config /var/lib/suricata
=20
-	# Set correct ownership for /var/lib/suricata
-	chown nobody:nobody /var/lib/suricata
+	# Set correct permissions for the files.
+	chmod 644 /var/lib/suricata/*.config
+
+	# Set correct ownership for /var/lib/suricata and the
+	# contained files
+	chown -R nobody:nobody /var/lib/suricata
=20
 	# Create logging directory.
 	-mkdir -p /var/log/suricata
--=20
2.20.1


--===============0566553057173375095==--