adjust permissions on weewx-owned directories

2026-04-19 00:56:54 -04:00 · 2023-12-03 16:35:56 -05:00
parent 09f98c301d
commit 05c700d38b
5 changed files with 20 additions and 10 deletions
--- a/pkg/debian/postinst
+++ b/pkg/debian/postinst
@@ -251,7 +251,7 @@ set_permissions() {
    if getent passwd | grep -q "^$WEEWX_USER:"; then
        chmod 2775 /etc/weewx
        chmod 2775 /var/lib/weewx
-        chmod 2755 /var/log/weewx
+        chmod 0755 /var/log/weewx
        chmod 2775 /var/www/html/weewx
        chown -R $WEEWX_USER:$WEEWX_GROUP /etc/weewx
        chown -R $WEEWX_USER:$WEEWX_GROUP /var/lib/weewx
--- a/pkg/debian/rules
+++ b/pkg/debian/rules
@@ -41,6 +41,7 @@ install:
 	mkdir -p $(DST)/usr/bin
 	mkdir -p $(DST)/etc/default
 	mkdir -p $(DST)/etc/logrotate.d
+	mkdir -p $(DST)/etc/rsyslog.d
 	mkdir -p $(DST)/lib/systemd/system
 	mkdir -p $(DST)/lib/udev/rules.d
 	mkdir -p $(DST)/var/lib/weewx
@@ -64,7 +65,6 @@ install:
 	cp -r $(SRC)/src/weewx_data/skins $(DST_CFGDIR)
 	cp -r $(SRC)/src/weewx_data/util/import $(DST_CFGDIR)
 	cp -r $(SRC)/src/weewx_data/util/logwatch $(DST_CFGDIR)
-	cp -r $(SRC)/pkg/etc/rsyslog.d $(DST_CFGDIR)

 # create the default configuration
 	cat $(SRC)/src/weewx_data/weewx.conf | sed \
@@ -92,8 +92,9 @@ done
 -e 's%WEEWX_PYTHON=.*%WEEWX_PYTHON=$(PYTHON)%' \
 > $(DST)/etc/default/weewx

-# install logrotate configuration
+# log handling
 	cp $(SRC)/pkg/etc/logrotate.d/weewx $(DST)/etc/logrotate.d
+	cp $(SRC)/pkg/etc/rsyslog.d/weewx.conf $(DST)/etc/rsyslog.d

 # put the udev rules in place
 	cp $(SRC)/pkg/etc/udev/rules.d/weewx.rules $(DST)/lib/udev/rules.d
--- a/pkg/etc/logrotate.d/weewx
+++ b/pkg/etc/logrotate.d/weewx
@@ -6,4 +6,5 @@
  delaycompress
  copytruncate
  notifempty
+  create 644 root weewx
 }
--- a/pkg/rpmlint.el
+++ b/pkg/rpmlint.el
@@ -3,6 +3,9 @@ addFilter("no-manual-page-for-binary weectl")
 addFilter("no-manual-page-for-binary weewxd")
 addFilter("non-standard-gid")
 addFilter("non-standard-uid")
+addFilter("non-standard-dir-perm /etc/weewx.* 2775")
+addFilter("non-standard-dir-perm /var/lib/weewx 2775")
+addFilter("non-standard-dir-perm /var/www/html/weewx 2775")
 addFilter("dangerous-command-in-%pre cp")
 addFilter("dangerous-command-in-%post mv")
 addFilter("percent-in-%post")
--- a/pkg/weewx.spec.in
+++ b/pkg/weewx.spec.in
@@ -104,6 +104,7 @@ mkdir -p %{buildroot}%{dst_user_dir}
 mkdir -p %{buildroot}%{dst_doc_dir}
 mkdir -p %{buildroot}/etc/default
 mkdir -p %{buildroot}/etc/logrotate.d
+mkdir -p %{buildroot}/etc/rsyslog.d
 mkdir -p %{buildroot}/lib/systemd/system
 mkdir -p %{buildroot}/lib/udev/rules.d
 mkdir -p %{buildroot}/var/lib/weewx
@@ -126,7 +127,6 @@ cp -r src/weewx_data/examples %{buildroot}%{dst_cfg_dir}
 cp -r src/weewx_data/skins %{buildroot}%{dst_cfg_dir}
 cp -r src/weewx_data/util/import %{buildroot}%{dst_cfg_dir}
 cp -r src/weewx_data/util/logwatch %{buildroot}%{dst_cfg_dir}
-cp -r pkg/etc/rsyslog.d %{buildroot}%{dst_cfg_dir}

 # create the weewx configuration
 cat src/weewx_data/weewx.conf | sed \
@@ -153,8 +153,9 @@ cat pkg/etc/default/weewx | sed \
 -e 's%WEEWX_PYTHON=.*%WEEWX_PYTHON=%{python}%' \
 > %{buildroot}/etc/default/weewx

-# logrotate script
+# log handling
 cp pkg/etc/logrotate.d/weewx %{buildroot}/etc/logrotate.d
+cp pkg/etc/rsyslog.d/weewx.conf %{buildroot}/etc/rsyslog.d

 # udev rules for known devices
 cp pkg/etc/udev/rules.d/weewx.rules %{buildroot}/lib/udev/rules.d
@@ -173,6 +174,9 @@ fi
 /usr/bin/getent passwd %{weewx_user} || /usr/sbin/useradd -r -g %{weewx_group} -M -s /sbin/nologin %{weewx_user}

 %post
+# restart syslog so that it picks up the weewx logging directives
+# FIXME: what if rsyslog not installed?
+systemctl restart rsyslog
 # pre-compile the python code
 echo Precompile using %{python} in %{dst_code_dir}
 %{python} -m compileall %{dst_code_dir} > /dev/null
@@ -233,12 +237,13 @@ rm -rf %{buildroot}
 /lib/systemd/system/weewx@.service
 /lib/udev/rules.d/weewx.rules
 %{dst_code_dir}/
-%license %{dst_doc_dir}/license
 %doc %{dst_doc_dir}/
 %config(noreplace) %{_sysconfdir}/default/weewx
 %config(noreplace) %{_sysconfdir}/logrotate.d/weewx
-%config(noreplace) %attr(-,%{weewx_user},%{weewx_group}) %{dst_cfg_dir}/
-%ghost %attr(-,%{weewx_user},%{weewx_group}) /var/log/weewx
-%ghost %attr(-,%{weewx_user},%{weewx_group}) /var/lib/weewx
-%ghost %attr(-,%{weewx_user},%{weewx_group}) /var/www/html/weewx
+%config(noreplace) %{_sysconfdir}/rsyslog.d/weewx.conf
+%defattr(664,%{weewx_user},%{weewx_group},2775)
+%config(noreplace) %{dst_cfg_dir}/
+%dir %attr(0755,%{weewx_user},%{weewx_group}) /var/log/weewx
+%dir %attr(2775,%{weewx_user},%{weewx_group}) /var/lib/weewx
+%dir %attr(2775,%{weewx_user},%{weewx_group}) /var/www/html/weewx
 %changelog