[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#805028: marked as done (autofs-ldap fails to start when /etc/autofs_ldap_auth.conf has wrong permissions)

Your message dated Thu, 14 Mar 2019 19:49:07 +0000
with message-id <E1h4WLj-000Fp8-KM@fasolo.debian.org>
and subject line Bug#805028: fixed in autofs 5.1.5-1
has caused the Debian Bug report #805028,
regarding autofs-ldap fails to start when /etc/autofs_ldap_auth.conf has wrong permissions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
805028: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805028
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: autofs-ldap
Severity: normal
Version: 5.1.1-1
Tags: patch
I just observed a pecularity... the lookup_ldap backup performs a file permission check on 

  /etc/autofs_ldap_auth.conf

The expected file permissions are root:root:0600.
As this diverts from default file permissions (root:root:0644), I recommend providing some dpkg-statoverride magic in autofs-ldap.postinst and autofs-ldap.prerm.
By coincidence the file permissions are correct when autofs-ldap is installed, but to be really sure, I'd highly recommend using dpkg-statoverride here.
I have attached a potential autofs-ldap.postinst and an autofs-ldap.prerm script (untested as of now, please verify that they do what they should). 

Thanks+Greets,
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de

#!/bin/sh
# postinst script for autofs-ldap
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package


case "$1" in
	configure)
		if ! dpkg-statoverride --list /etc/autofs_ldap_auth.conf 1>/dev/null 2>/dev/null; then
			dpkg-statoverride --add --update root root 0600 /etc/autofs_ldap_auth.conf
		fi
		;;

	abort-upgrade|abort-remove|abort-deconfigure)
		;;

	*)
		echo "postinst called with unknown argument \`$1'" >&2
		exit 1
		;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0

#! /bin/sh
# prerm script for autofs-ldap

set -e

# see: dh_installdeb(1)
# summary of how this script can be called:
#        * <prerm> `remove'
#        * <old-prerm> `upgrade' <new-version>
#        * <new-prerm> `failed-upgrade' <old-version>
#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
#        * <deconfigured's-prerm> `deconfigure' `in-favour'
#        <package-being-installed> <version> `removing'
#        <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

case "$1" in
	remove)
		if dpkg-statoverride --list /etc/autofs_ldap_auth.conf 1>/dev/null; then
			dpkg-statoverride --remove /etc/autofs_ldap_auth.conf
		fi
		;;
	deconfigure|upgrade|failed-upgrade)
		:
		;;
	*) echo "$0: didn't understand being called with \`$1'" 1>&2
		exit 1;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0

Attachment: pgpLDjyw2TESu.pgp
Description: Digitale PGP-Signatur


--- End Message ---
--- Begin Message --- 
Source: autofs
Source-Version: 5.1.5-1

We believe that the bug you reported is fixed in the latest version of
autofs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 805028@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated autofs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 14 Mar 2019 19:42:50 +0100
Source: autofs
Binary: autofs autofs-ldap autofs-hesiod
Architecture: source
Version: 5.1.5-1
Distribution: experimental
Urgency: medium
Maintainer: Mike Gabriel <sunweaver@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description:
 autofs     - kernel-based automounter for Linux
 autofs-hesiod - Hesiod map support for autofs
 autofs-ldap - LDAP map support for autofs
Closes: 709366 737679 757038 784301 787202 805028 842199 849148 864857 892374 901554 902565 910367
Changes:
 autofs (5.1.5-1) experimental; urgency=medium
 .
   [ Mike Gabriel ]
   * New upstream release.
     - Make browsable_dirs option functional. Configurable in autofs.conf.
       (Closes: #784301).
     - Fix FTBFS with clang. (Closes: #757038).
     - Fix specification of nfsvers=4.1 (with minor version numbers) in
       auto.master. (Closes: #892374).
   * debian/patches:
     + Rebase some patches.
     + Drop do-not-check-for-modprobe-procfs-or-load-module.patch,
       fix-autofs-manpage-whatis.patch, fix-autofsconf-manpage-section.patch.
       Fixes shipped by upstream.
     + Add mount-hidden-samba-shares.patch. Fix regression between 5.0.8 and
       5.1.1 regarding the mounting of hidden samba shares. (Closes: #787202,
       #910367).
     + Add spelling-error-fixes.patch, fixing tons of spelling fixes. Thanks
       lintian.
   * debian/rules:
     + Add get-orig-source target.
     + Evoke install_samples upstream Makefile target explicitly during
       dh_auto_install.
     + Enable all hardening flags.
   * debian/control:
     + Bump to Standards-Version: 4.3.0. No changes needed.
     + Adopt autofs package. Thanks to Dmitry Smirnov and other contributors
       for all the previous work. (Closes: #849148).
     + Explicit B-D on pkg-config.
     + Update Vcs-*: fields. Packaging has moved to salsa.debian.org.
       (Closes: #902565).
     + Add B-D on dpkg-dev (>= 1.16.1.1~) for full hardening flag support.
     + Use secure URL in Homepage: field.
   * debian/source/options:
     + Drop custom compression for debian/ folder's tarball.
   * debian/autofs-ldap.<scripts>:
     + Ensure file permissions of /etc/autofs_ldap_auth.conf are set to
       root:root:0600 via dpkg-statoverride. (Closes: #805028).
   * debian/autofs.service:
     + Add nfs-client.target to Wants= key. Hopefully, this is sufficient to
       fix #842199, if not, please reopen the bug. (Closes: #842199).
     + PID file is in /run, not /var/run (which is a symlink to /run).
     + Add Documentation= key.
   * debian/copyright:
     + Drop outdated information from main header. Use https:// in URLs.
 .
   [ Stefan Potyra ]
   * debian/control:
     + Add libtirpc-dev to build-depends.
   * debian/rules:
     + Add option --with-libtirpc to configure. (Closes: #737679, #709366).
 .
   [ Andreas Hasenack ]
   * debian/tests:
     + Add nfs-mount and smb-mount tests. (Closes: #901554).
 .
   [ Vincent McIntyre ]
   * debian/patches:
     + Add hardening-flags.patch. Assure that automount is built with
       DAEMON_CFLAGS. (Closes: #864857).
Checksums-Sha1:
 1c0372579c5bf072a6c2abb26b97bac04ccc74df 2349 autofs_5.1.5-1.dsc
 f60ce7b1e4e3c380fbca8347b395f7fc07a141ec 313476 autofs_5.1.5.orig.tar.xz
 bba483059dcfa387b797352e09ad69efd9c8d193 21324 autofs_5.1.5-1.debian.tar.xz
 6c690b31b9eb2eb60d51e718be25c103c8dfe88d 8601 autofs_5.1.5-1_source.buildinfo
Checksums-Sha256:
 2e531ec8b2e0a6146bde04714d692c937dcb84a4c5b074ffbdfe0f026096303c 2349 autofs_5.1.5-1.dsc
 23afdad9e2fd6d41b1900be8cfecfd5aae0ad174c7708ff685ec27e280f9c0da 313476 autofs_5.1.5.orig.tar.xz
 fc99ac22684462967aa0784e11015b12c4a55feea9fe78595092c2056d946cd5 21324 autofs_5.1.5-1.debian.tar.xz
 07e7bd1746acbf23df19514179b6f5bc61aa3162873212f74790f784bbe97878 8601 autofs_5.1.5-1_source.buildinfo
Files:
 cbf70c28342819c075fab59139a887c2 2349 utils optional autofs_5.1.5-1.dsc
 61d2cfbf51159c9c82b57e1ea9c34376 313476 utils optional autofs_5.1.5.orig.tar.xz
 a2fd3fcc0b2a4f06184d11f00ec0699e 21324 utils optional autofs_5.1.5-1.debian.tar.xz
 d45c04bb0fa89ecf956b2fa3b8dc5d1e 8601 utils optional autofs_5.1.5-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlyKrEQVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx3lMP/ijb2YSEdTnH54qa383pwUUffbPT
WwDm8bkRT5rOiTyTkvFniAjDnx8EH6CK71dtn2NxwIsiZTxqvE1G9iSd56Nt4Vd9
pLhbbiKfSGeq95GzhHgAUDOB/DxkWfxJiS8ORXKH8GaTZELBppZymAqkcQpSPJp+
juorlk9obp3wpJPPk4XqDkXBCK+Yd5zbNs+D2YNcx6qFIQfRP1yLbXi1DjknwwgE
JK+vnz8zLjHvAUbK+5sT//EZQ2Xv8xgK03Dnts4A7ut3RPjsc/CMZh211WJWN1In
VIupwX9352vsqZVtgHU3akOvfJlN+GVjTLU4Y81u9dJPK+crhJbEQdnQ4k/pXhF9
AboROIMeryCAyeY9Zsj6ZskHzK4YePBKzP1mCtprN3SEWg9NDxDrKOMdOwd4RKBJ
F3mbyv5qhFwNPhoV6Y05SfgccCPGh2EI+oSP+Mb/kZuAPjQ904yR3Oxl5OpiQwst
OGgawIJw+WSbrfTDqcO5XfyRFr5eVWOqjxDwOMgsCads4moS3+6zG2qBqXJY1Py9
MrXOa4eXjZJwsep9HODqi0pGuB7uoybnPmZCtkRYe4xgCxNDyZ+JDRBRlGJEDBIq
rd/vcCLXGIzAdDzjJkXWnlJnRzPzumY+svgbhcxBdYMHa5dBckERuIw6nXBi0eBO
YId5eYO8RlguQzAz
=X1to
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: