diff options
author | Jörg Behrmann <behrmann@physik.fu-berlin.de> | 2022-08-25 18:56:55 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-25 16:56:55 +0000 |
commit | 978666a088aacf467d3d265ff3b7b09c0d19733d (patch) | |
tree | 54fbae755f9c3f5f63cdd056565edb78fc876115 /debian | |
parent | Support `registration_shared_secret` in a file (#13614) (diff) | |
download | synapse-978666a088aacf467d3d265ff3b7b09c0d19733d.tar.xz |
Debian packaging: explicitly allocate a group for the system user (#13593)
Otherwise the files of the synapse user are readable by the nobody user, which is unsafe. Signed-off-by: Jörg Behrmann <behrmann@physik.fu-berlin.de>
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 6 | ||||
-rw-r--r-- | debian/matrix-synapse-py3.postinst | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index c3974261a9..605e660928 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +matrix-synapse-py3 (1.66.0~rc1+nmu1) UNRELEASED; urgency=medium + + * Allocate a group for the system user. + + -- Jörg Behrmann <behrmann@physik.fu-berlin.de> Tue, 23 Aug 2022 17:17:00 +0100 + matrix-synapse-py3 (1.66.0~rc1) stable; urgency=medium * New Synapse release 1.66.0rc1. diff --git a/debian/matrix-synapse-py3.postinst b/debian/matrix-synapse-py3.postinst index 029b9e0243..3c72b69bb7 100644 --- a/debian/matrix-synapse-py3.postinst +++ b/debian/matrix-synapse-py3.postinst @@ -40,12 +40,12 @@ EOF /opt/venvs/matrix-synapse/lib/manage_debconf.pl update if ! getent passwd $USER >/dev/null; then - adduser --quiet --system --no-create-home --home /var/lib/matrix-synapse $USER + adduser --quiet --system --group --no-create-home --home /var/lib/matrix-synapse $USER fi for DIR in /var/lib/matrix-synapse /var/log/matrix-synapse /etc/matrix-synapse; do if ! dpkg-statoverride --list --quiet $DIR >/dev/null; then - dpkg-statoverride --force --quiet --update --add $USER nogroup 0755 $DIR + dpkg-statoverride --force --quiet --update --add $USER "$(id -gn $USER)" 0755 $DIR fi done |