diff options
| author | Jan Rybar <jrybar@redhat.com> | 2023-04-03 16:53:51 +0200 |
|---|---|---|
| committer | Jan Rybar <jrybar@redhat.com> | 2023-04-03 16:53:51 +0200 |
| commit | b6169f3113b3ce5ed822e66adcc962850c24660a (patch) | |
| tree | ad9a07c307da02ae93f6cabae74a8455eaab6879 | |
| parent | b7c9c0ce8df8f042a59b06aa81025d2dc0c0f8f7 (diff) | |
| download | polkit-b6169f3113b3ce5ed822e66adcc962850c24660a.tar.gz | |
Ownership of custom rules changed to increase security
| -rw-r--r-- | meson_post_install.py | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/meson_post_install.py b/meson_post_install.py index 6188cbb..efb75a1 100644 --- a/meson_post_install.py +++ b/meson_post_install.py @@ -22,9 +22,9 @@ pkgsysconfdir = destdir_path(sys.argv[3]) polkitd_user = sys.argv[4] try: - polkitd_uid = pwd.getpwnam(polkitd_user).pw_uid + polkitd_gid = pwd.getpwnam(polkitd_user).pw_gid except KeyError: - polkitd_uid = None + polkitd_gid = None dst = os.path.join(bindir, 'pkexec') @@ -42,12 +42,12 @@ else: dst = os.path.join(pkgsysconfdir, 'rules.d') if not os.path.exists(dst): - os.makedirs(dst, mode=0o700) - if os.geteuid() == 0 and polkitd_uid is not None: - os.chown(dst, polkitd_uid, -1) + os.makedirs(dst, mode=0o750) + if os.geteuid() == 0 and polkitd_gid is not None: + os.chown(dst, 0, polkitd_gid) else: print( - 'Owner of {} needs to be set to {} after installation'.format( + 'Owner of {} needs to be set to root and group to {} after installation'.format( dst, polkitd_user, ) ) |