From 74d56e72a05a21bcb1ef6d7e33516e8ee4414fee Mon Sep 17 00:00:00 2001 From: Joao Victor Portal Date: Mon, 26 Sep 2022 11:00:57 -0300 Subject: [PATCH] Restrict fmClientCli binary permissions The fmClientCli binary can create and delete alarms freely on the system, so the access to this binary should be restricted to Linux admin users. Test Plan: PASS: Deploy an AIO-SX using a Debian image containing this change and check that the permissions for file "/usr/local/bin/fmClientCli" is "-rwxr-x---" and the owner:group is root:root. PASS: Repeat the test above using a CentOS image. Closes-Bug: 1991118 Signed-off-by: Joao Victor Portal Change-Id: I0375ddc68ae1b5967447a326780272f77695793a --- fm-common/debian/deb_folder/rules | 3 +++ fm-common/sources/Makefile | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/fm-common/debian/deb_folder/rules b/fm-common/debian/deb_folder/rules index 2979b6c0..85417b81 100755 --- a/fm-common/debian/deb_folder/rules +++ b/fm-common/debian/deb_folder/rules @@ -17,5 +17,8 @@ override_dh_auto_install: CGCS_DOC_DEPLOY=/opt/deploy/cgcs_doc install python3 setup.py install --install-layout=deb --root $(ROOT) +override_dh_fixperms: + dh_fixperms -XfmClientCli + override_dh_usrlocal: # do nothing diff --git a/fm-common/sources/Makefile b/fm-common/sources/Makefile index c5bda0e9..5f12de36 100755 --- a/fm-common/sources/Makefile +++ b/fm-common/sources/Makefile @@ -54,7 +54,7 @@ install: install -m 755 -d $(DESTDIR)$(LIBDIR) install -m 755 -d $(DESTDIR)$(INCDIR) install -m 755 -d $(DESTDIR)$(CGCS_DOC_DEPLOY) - install -m 755 fmClientCli $(DESTDIR)$(BINDIR) + install -m 750 fmClientCli $(DESTDIR)$(BINDIR) install -m 755 fm_db_sync_event_suppression.py $(DESTDIR)$(BINDIR) install -m 755 fm_log.py $(DESTDIR)$(BINDIR) install -m 644 fmDbAPI.h $(DESTDIR)$(INCDIR)