packages that set wrong permissions of /var/tmp
There are a few packages that change the permission of /var/tmp
:
nginx
roundcubemail-openrc
nextcloud-initscript
Permission should be world writable (1777), but the above packages changes it to 0755.
We have 3 options to fix this:
-
forbid packages to create anything under
/var/tmp
-
make abuild error if package set wrong permission under
/var/tmp
(the above packages will need to manually set the permissions of the intermediate /var/tmp directory) -
find some way to exclude intermediate directories from apk so permissions are not modified.
(from redmine: issue id 9364, created on 2018-08-30)
- Relations:
- relates #9246 (closed)
- relates #2966
- relates #10258 (closed)
- Changesets:
- Revision 7a6d5953 by Natanael Copa on 2018-09-03T13:23:22Z:
main/nginx: fix permissions of /var/tmp
Permissions of /var/tmp should be 1777. Due to limitation in apk/abuild
we need to explicitly set the permissions of intermediate directories
that should not have default.
ref #9364
- Revision 822016ff by Natanael Copa on 2018-09-10T07:25:31Z:
main/nginx: fix permissions of /var/tmp
Permissions of /var/tmp should be 1777. Due to limitation in apk/abuild
we need to explicitly set the permissions of intermediate directories
that should not have default.
ref #9364
(cherry picked from commit 7a6d59536dfe5ea1fbc343993d894d119c701ab1)
- Revision 8ded1028 by Natanael Copa on 2019-06-21T10:20:45Z:
Revert "main/nginx: move /var/lib/nginx/tmp to /var/tmp/nginx"
FHS-3.0 says that /var/tmp should survive reboots, but for it is common
practice to ignore FHS for security reasons and wipe dirs that are world
writable.
There is no good reason to store nginx data under a world writable
directory, so move it back to /var/lib/nginx/tmp. Other distros does
something similar.
fixes #9246
fixes #10258
ref #9364
This reverts commit d6d624a149ca62af8679baf9cc99ce1354c190f0.