debian: Ensure that /etc/authd has mode 700

In versions 0.3.7 and earlier, /etc/authd was created mode 0777 - umask (so 0755 by default). Since 1d8254a, we tell systemd that it should create the directory with mode 0700, which results in the following warning in the journal: authd.service: ConfigurationDirectory 'authd' already exists but the mode is different. (File system: 755 ConfigurationDirectoryMode: 700) To avoid that, this commit ensures that the mode is changed to 0700 when we upgrade from version 0.3.7 or earlier.
ubuntu · Jan 23, 2025 · db218af · db218af
1 parent 2fe5f2d
commit db218af
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/debian/postinst b/debian/postinst
@@ -29,8 +29,17 @@ insert_nss_entry() {
 }
 
 action="$1"
+previous_version="$2"
 
 if [ configure = "$action" ]; then
     pam-auth-update --package
     insert_nss_entry
+
+    # We installed /etc/authd with permissions 777 - umask in version 0.3.7 and earlier
+    if dpkg --compare-versions "$previous_version" le 0.3.7; then
+        # Ensure that the /etc/authd directory has mode 700
+        if [ -d /etc/authd ] && [ "$(stat -c %a /etc/authd)" != "700" ]; then
+            chmod 700 /etc/authd
+        fi
+    fi
 fi