SPECS: lighttpd.spec - make logs dir owned by root (to protect aga...

glen glen at pld-linux.org
Thu Dec 21 13:14:19 CET 2006 

Author: glen                         Date: Thu Dec 21 12:14:19 2006 GMT
Module: SPECS                         Tag: HEAD
---- Log message:
- make logs dir owned by root (to protect against malicous cgi-s creating files there)

---- Files affected:
SPECS:
   lighttpd.spec (1.201 -> 1.202) 

---- Diffs:

================================================================
Index: SPECS/lighttpd.spec
diff -u SPECS/lighttpd.spec:1.201 SPECS/lighttpd.spec:1.202
--- SPECS/lighttpd.spec:1.201	Mon Dec 18 18:29:13 2006
+++ SPECS/lighttpd.spec	Thu Dec 21 13:14:13 2006
@@ -39,7 +39,7 @@
 %define		webdav_progs	1
 %endif
 
-%define		_rel 6
+%define		_rel 6.1
 Summary:	Fast and light HTTP server
 Summary(pl):	Szybki i lekki serwer HTTP
 Name:		lighttpd
@@ -859,6 +859,8 @@
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/conf.d/*_mod_deflate.conf
 %endif
 
+touch $RPM_BUILD_ROOT/var/log/%{name}/{access,error}.log
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -869,6 +871,13 @@
 %addusertogroup lighttpd http
 
 %post
+for a in access.log error.log; do
+	if [ ! -f /var/log/%{name}/$a ]; then
+		touch /var/log/%{name}/$a
+		chown lighttpd:lighttpd /var/log/%{name}/$a
+		chmod 644 /var/log/%{name}/$a
+	fi
+done
 /sbin/chkconfig --add %{name}
 
 %preun
@@ -972,7 +981,9 @@
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/%{name}
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/monit/%{name}.monitrc
 %attr(750,root,root) %dir /var/log/archiv/%{name}
-%dir %attr(770,root,lighttpd) /var/log/%{name}
+%dir %attr(751,root,root) /var/log/%{name}
+%ghost %attr(644,lighttpd,lighttpd) /var/log/%{name}/access.log
+%ghost %attr(644,lighttpd,lighttpd) /var/log/%{name}/error.log
 %dir %attr(770,root,lighttpd) /var/run/%{name}
 %attr(754,root,root) /etc/rc.d/init.d/%{name}
 %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/*
@@ -1182,6 +1193,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.202  2006/12/21 12:14:13  glen
+- make logs dir owned by root (to protect against malicous cgi-s creating files there)
+
 Revision 1.201  2006/12/18 17:29:13  glen
 - rel 6
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SPECS/lighttpd.spec?r1=1.201&r2=1.202&f=u

More information about the pld-cvs-commit mailing list