tileradotorg/synapse
1
0
Fork 0
forked from MirrorHub/synapse
Code Pull requests Activity

Debian packaging: explicitly allocate a group for the system user (#13593)

Browse source 
Otherwise the files of the synapse user are readable by the nobody user, which
is unsafe.

Signed-off-by: Jörg Behrmann <behrmann@physik.fu-berlin.de>
This commit is contained in:
Jörg Behrmann 2022-08-25 18:56:55 +02:00 committed by GitHub
parent d092e6f32a
commit 978666a088
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
debian/changelog vendored
View file

@ -1,3 +1,9 @@
matrix-synapse-py3 (1.66.0~rc1+nmu1) UNRELEASED; urgency=medium
* Allocate a group for the system user.
-- Jörg Behrmann <behrmann@physik.fu-berlin.de> Tue, 23 Aug 2022 17:17:00 +0100
matrix-synapse-py3 (1.66.0~rc1) stable; urgency=medium matrix-synapse-py3 (1.66.0~rc1) stable; urgency=medium
* New Synapse release 1.66.0rc1. * New Synapse release 1.66.0rc1.

4
debian/matrix-synapse-py3.postinst vendored
View file

@ -40,12 +40,12 @@ EOF
/opt/venvs/matrix-synapse/lib/manage_debconf.pl update /opt/venvs/matrix-synapse/lib/manage_debconf.pl update
if ! getent passwd $USER >/dev/null; then if ! getent passwd $USER >/dev/null; then
adduser --quiet --system --no-create-home --home /var/lib/matrix-synapse $USER adduser --quiet --system --group --no-create-home --home /var/lib/matrix-synapse $USER
fi fi
for DIR in /var/lib/matrix-synapse /var/log/matrix-synapse /etc/matrix-synapse; do for DIR in /var/lib/matrix-synapse /var/log/matrix-synapse /etc/matrix-synapse; do
if ! dpkg-statoverride --list --quiet $DIR >/dev/null; then if ! dpkg-statoverride --list --quiet $DIR >/dev/null; then
dpkg-statoverride --force --quiet --update --add $USER nogroup 0755 $DIR dpkg-statoverride --force --quiet --update --add $USER "$(id -gn $USER)" 0755 $DIR
fi fi
done done