8413: Rails postinst doesn't chgrp root /etc/arvados.

Non-sensitive Rails configuration files can be 0644 root:root.
Porting those permissions is fine for the individual configuration
file, but not the parent directory tree.  Don't change the group of
the directory tree in this case.

diff --git a/jenkins/rails-package-scripts/postinst.sh b/jenkins/rails-package-scripts/postinst.sh
index 5ff2a9b2c9d33941cdcdc89c8030f3103d60a7b3..6fac26be8eb34d56d31ccf73df3885501cdfe005 100644 (file)
--- a/jenkins/rails-package-scripts/postinst.sh
+++ b/jenkins/rails-package-scripts/postinst.sh
@@ -94,11 +94,13 @@ setup_conffile() {
         # If there's a config file in /var/www identical to the one in /etc,
         # overwrite it with a symlink after porting its permissions.
         elif cmp --quiet "$release_conffile" "$etc_conffile"; then
-            local ownership="$(stat -c "%U:%G" "$release_conffile")"
+            local ownership="$(stat -c "%u:%g" "$release_conffile")"
+            local owning_group="${ownership#*:}"
+            if [ 0 != "$owning_group" ]; then
+                chgrp "$owning_group" "$CONFIG_PATH" /etc/arvados
+            fi
             chown "$ownership" "$etc_conffile"
             chmod --reference="$release_conffile" "$etc_conffile"
-            chgrp "${ownership#*:}" "$CONFIG_PATH" /etc/arvados
-            chmod g+rx "$CONFIG_PATH" /etc/arvados
             ln --force -s "$etc_conffile" "$release_conffile"
         fi
     fi