diff options
| author |   Marek Szuba <marecki@gentoo.org> | 2023-03-22 23:02:00 +0000 |
|---|---|---|
| committer | Marek Szuba <marecki@gentoo.org> | 2023-03-22 23:43:34 +0000 |
| commit | 8532e51714ce99ea6db20cfedde4d976291e70d3 (patch) | |
| tree | fed2407417b15e911b109193a03ae6559d030254 /net-analyzer | |
| parent | app-crypt/yubikey-manager: drop 4.0.8-r2, 5.0.0 (diff) | |
| download | gentoo-8532e51714ce99ea6db20cfedde4d976291e70d3.tar.gz gentoo-8532e51714ce99ea6db20cfedde4d976291e70d3.tar.bz2 gentoo-8532e51714ce99ea6db20cfedde4d976291e70d3.zip | |
net-analyzer/suricata: make rule-file and update dirs setuid suricata
So that it is possible to run suricata-update as root (which according
to upstream documentation is still very much allowed) but have suricata
itself drop its privileges, without having to manually change the
ownership of downloaded files. In the long run it would be nice for
suricata-update to drop privileges as well - but that's something
for upstream to take care of, and setuid suricata on the relevant
directories appears to work fine.
Closes: https://bugs.gentoo.org/900627
Signed-off-by: Marek Szuba <marecki@gentoo.org>
Diffstat (limited to 'net-analyzer')
| -rw-r--r-- | net-analyzer/suricata/suricata-6.0.10.ebuild | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net-analyzer/suricata/suricata-6.0.10.ebuild b/net-analyzer/suricata/suricata-6.0.10.ebuild index 697b19988894..bcc930edadc3 100644 --- a/net-analyzer/suricata/suricata-6.0.10.ebuild +++ b/net-analyzer/suricata/suricata-6.0.10.ebuild @@ -146,7 +146,7 @@ src_install() { fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - fperms 2750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update" + fperms 6750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update" newinitd "${FILESDIR}/${PN}.initd" ${PN} newconfd "${FILESDIR}/${PN}.confd" ${PN} |