[packages/rabbitmq-server] Make sure server is not started with uid=0
jajcus
jajcus at pld-linux.org
Tue Apr 21 16:18:08 CEST 2015
commit 2c6de34a3cc910271c52d63b963a2d5e2b9e5c8e
Author: Jacek Konieczny <j.konieczny at eggsoft.pl>
Date: Tue Apr 21 16:17:33 2015 +0200
Make sure server is not started with uid=0
rabbitmq-server.spec | 3 +++
rabbitmqctl-no_root.patch | 17 +++++++++++++++++
2 files changed, 20 insertions(+)
---
diff --git a/rabbitmq-server.spec b/rabbitmq-server.spec
index ae8fba2..1adeb79 100644
--- a/rabbitmq-server.spec
+++ b/rabbitmq-server.spec
@@ -12,6 +12,7 @@ Source1: rabbitmq.conf
Source2: %{name}.init
Source3: %{name}.sysconfig
Source4: %{name}.service
+Patch0: rabbitmqctl-no_root.patch
URL: http://www.rabbitmq.com/
BuildRequires: docbook-dtd45-xml
BuildRequires: erlang
@@ -35,6 +36,8 @@ operating systems and developer platforms.
%prep
%setup -q
+%patch0 -p1
+
%build
%{__make}
diff --git a/rabbitmqctl-no_root.patch b/rabbitmqctl-no_root.patch
new file mode 100644
index 0000000..bfd6812
--- /dev/null
+++ b/rabbitmqctl-no_root.patch
@@ -0,0 +1,17 @@
+diff -dur -x '*~' rabbitmq-server-3.5.0.orig/scripts/rabbitmqctl rabbitmq-server-3.5.0/scripts/rabbitmqctl
+--- rabbitmq-server-3.5.0.orig/scripts/rabbitmqctl 2015-03-11 15:04:09.000000000 +0100
++++ rabbitmq-server-3.5.0/scripts/rabbitmqctl 2015-03-26 09:39:32.000000000 +0100
+@@ -15,6 +15,13 @@
+ ## Copyright (c) 2007-2014 GoPivotal, Inc. All rights reserved.
+ ##
+
++# make sure we won't run as root
++# otherwise /var/lib/rabbitmq/.erlang.cookie with wrong permissions might
++# get created.
++if [ $(id -u) -eq 0 ] ; then
++ exec /sbin/setuidgid -s rabbitmq $0 "$@"
++fi
++
+ # Get default settings with user overrides for (RABBITMQ_)<var_name>
+ # Non-empty defaults should be set in rabbitmq-env
+ . `dirname $0`/rabbitmq-env
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/rabbitmq-server.git/commitdiff/de0b3de87834eac855dbb5e31d3cfaefbb9fd148
More information about the pld-cvs-commit
mailing list