On 2/12/2014 11:58 AM, Farkas Levente wrote: > On 02/12/2014 08:50 PM, Tom Eastep wrote: >> On 2/12/2014 11:14 AM, Farkas Levente wrote: >>> hi, in the rpm packages 4.5.21-6 the file /etc/shorewall/notrack >>> has 600 permission which should have to be 644. regards. >> >> teastep@gateway:~/shorewall/build/4.5.21$ rpm -qlvp >> shorewall-4.5.21-6.noarch.rpm | fgrep notrack warning: >> shorewall-4.5.21-6.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID >> 6c562ac4: NOKEY -rw-r--r-- 1 root root >> 0 Jan 30 15:19 /etc/shorewall/notrack >> teastep@gateway:~/shorewall/build/4.5.21$ >> >> Actually, the notrack file should not be packaged anymore as it has >> been replaced by the conntrack file. If the conntrack file is >> empty, the compiler simply removes it. > > it's really strange! you've got right since > rpm -qlv shorewall|grep notrack > -rw-r--r-- 1 root root 0 May 1 2013 > /etc/shorewall/notrack > > BUT 3 of my system which has the same version and all of the was 600 > permission!? > >
I've done some more checking and now understand what is happening. The shorewall.spec file uses the %ghost directive for files that have been superceded. That way, if the file exists, it will not be removed in the next upgrade. There is a problem, however, that some versions of rpm (notably the version in RHEL5 and derivatives) insist that %ghost files exist! To work around this problem, shorewall.spec's %install section touches superceded files. Apparently, your root default security is 600 which is why you see those files secured the way they are. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
