From: Brett Smith <brett@curoverse.com>
Date: Fri, 26 Feb 2016 23:13:19 +0000 (-0500)
Subject: 8413: Rails postinst doesn't chgrp root /etc/arvados.
X-Git-Url: https://git.arvados.org/arvados-dev.git/commitdiff_plain/8a067f3805be65efd9200a8d772cc4301707dcb0

8413: Rails postinst doesn't chgrp root /etc/arvados.

Non-sensitive Rails configuration files can be 0644 root:root.
Porting those permissions is fine for the individual configuration
file, but not the parent directory tree.  Don't change the group of
the directory tree in this case.
---

diff --git a/jenkins/rails-package-scripts/postinst.sh b/jenkins/rails-package-scripts/postinst.sh
index 5ff2a9b..6fac26b 100644
--- a/jenkins/rails-package-scripts/postinst.sh
+++ b/jenkins/rails-package-scripts/postinst.sh
@@ -94,11 +94,13 @@ setup_conffile() {
         # If there's a config file in /var/www identical to the one in /etc,
         # overwrite it with a symlink after porting its permissions.
         elif cmp --quiet "$release_conffile" "$etc_conffile"; then
-            local ownership="$(stat -c "%U:%G" "$release_conffile")"
+            local ownership="$(stat -c "%u:%g" "$release_conffile")"
+            local owning_group="${ownership#*:}"
+            if [ 0 != "$owning_group" ]; then
+                chgrp "$owning_group" "$CONFIG_PATH" /etc/arvados
+            fi
             chown "$ownership" "$etc_conffile"
             chmod --reference="$release_conffile" "$etc_conffile"
-            chgrp "${ownership#*:}" "$CONFIG_PATH" /etc/arvados
-            chmod g+rx "$CONFIG_PATH" /etc/arvados
             ln --force -s "$etc_conffile" "$release_conffile"
         fi
     fi