From 71fb2d7e690640b391b76b5432f07b4a81351c8b Mon Sep 17 00:00:00 2001
From: Karel Klic <kklic@redhat.com>
Date: Tue, 12 Jan 2010 14:26:08 +0100
Subject: Fixing /var/cache/abrt/ permissions by allowing users to read, but
 not to change their crash data. Adds abrt user, changes abrt-hook-python to
 use suid instead of sgid bit (uid=abrt), sets /var/cache/abrt and every dump
 subdirectory to be owned by abrt user. Read access for users and their own
 crashes is provided by group (/var/cache/abrt/ccpp-xxxx-xx has user's group).

---
 abrt.spec | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'abrt.spec')

diff --git a/abrt.spec b/abrt.spec
index 85038e68..630e54c8 100644
--- a/abrt.spec
+++ b/abrt.spec
@@ -250,6 +250,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %pre
 getent group abrt >/dev/null || groupadd -f --system abrt
+getent passwd abrt >/dev/null || useradd --system -g abrt -d /etc/abrt -s /sbin/nologin abrt
 exit 0
 
 %post
@@ -279,7 +280,7 @@ fi
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/dbus-%{name}.conf
 %{_initrddir}/%{name}d
-%dir %attr(0775, root, abrt) %{_localstatedir}/cache/%{name}
+%dir %attr(0755, abrt, abrt) %{_localstatedir}/cache/%{name}
 %dir /var/run/%{name}
 %dir %{_sysconfdir}/%{name}
 %dir %{_sysconfdir}/%{name}/plugins
@@ -386,7 +387,7 @@ fi
 
 %files addon-python
 %defattr(-,root,root,-)
-%attr(2755, root, abrt) %{_libexecdir}/abrt-hook-python
+%attr(4755, abrt, abrt) %{_libexecdir}/abrt-hook-python
 %{_libdir}/%{name}/libPython.so*
 %{python_site}/*.py*
 
-- 
cgit