Skip to content

Commit

Permalink
Merge pull request #17 from freedomofpress/rq-perms-reset
Browse files Browse the repository at this point in the history
Ensure rq_config.py permissions are restored on next upgrade
  • Loading branch information
zenmonkeykstop authored Sep 18, 2024
2 parents 71502d5 + b46ee14 commit 5be503e
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion securedrop/debian/securedrop-app-code.postinst
Original file line number Diff line number Diff line change
Expand Up @@ -251,12 +251,16 @@ case "$1" in
chown -R root:root /var/www/securedrop
chmod 755 /var/www/securedrop

# Make sure config.py is owned by root and readable by www-data,
# Make sure config.py and rq_config.py are owned by root and readable by www-data,
# but not world-readable
if [ -f "/var/www/securedrop/config.py" ]; then
chown root:www-data /var/www/securedrop/config.py
chmod 640 /var/www/securedrop/config.py
fi
if [ -f "/var/www/securedrop/rq_config.py" ]; then
chown root:www-data /var/www/securedrop/rq_config.py
chmod 640 /var/www/securedrop/rq_config.py
fi
# And logo needs to be writable by webserver user
# If there's no custom logo yet, copy the default in its place
if [ ! -f "/var/www/securedrop/static/i/custom_logo.png" ]; then
Expand Down

0 comments on commit 5be503e

Please sign in to comment.